Three in 10 (30%) large UK businesses have admitted to being hit by cryptomining attacks within the previous month[i], according to new figures released today.
A recent study found that 50 per cent of large UK businesses are stockpiling cryptocurrencies – often to provide a quick means of payment should they be subjected to a ransomware attack. Yet such measures are seemingly painting a target on those businesses for ‘crypto-miners’.
This new poll found 59 per cent of respondents had detected cryptomining attacks on their systems at some point, with four in five (80%) of those occurring in the last six months. Just 38% of respondents believe they’ve never been subjected to a cryptomining attack.
For those that have fallen victim to this kind of attack, over a third (38%) discovered it though their network monitoring solutions, while one in three (34%) were alerted by employees and nearly one in five (16%) discovered it through a spike in slower device performance. Anti-malware software alerted IT leaders in just 7 per cent of scenarios.
The figures indicate that attacks typically affect up to 50 devices, with three in five (60%) businesses reporting this to be the case. Just over one in 10 (11%) of respondents reported over 100 devices being affected following their most recent cryptomining attack.
Only two thirds (67%) of organisations have a formal policy in place should they be subjected to a cryptomining attack. Those without policies are mostly relying on network monitoring solutions (44%), anti-malware solutions (41%) and ‘blocking’ mining websites (24%) to mitigate an attack. One in five (21%) businesses have no contingency measures in place, should an attack occur.
Chris Mayers, chief security architect, Citrix, said:
“The threat of a ransomware attack is still very real for large businesses. Many organisations have therefore invested in cryptocurrencies as a means of payment to restore their data as quickly and efficiently as possible. However, in an somewhat unfortunate vicious circle, this stockpiling of potentially valuable currency has now made them a target – and businesses appear slow to react to this threat, with many yet to put formal plans in place should they fall victim to an attack.
“Centralising data storage and management should form a key part of such plans, ensuring organisations keep their customer data and critical IP far from devices and end-points with possible vulnerabilities. This gives cyber-attackers fewer opportunities to gain leverage and demand ransoms – saving businesses from costly expenses, as well as supporting with long-term compliance for regulations such as the GDPR.”
[i] The study was conducted between 3rd May to 14th May 2018, so this will refer to the time period of up-to 30 days prior to this.