Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Cryptomining software is easy to install; only a small amount of code and a cryptocurrency wallet address are needed to convert stolen resources into profit. Attackers commonly install cryptomining software on a large number of machines to aggregate more resources into a mining pool and collect more cryptocurrency. Cryptomining does not typically involve destroying or stealing data. However, the continuous high CPU, GPU, or ASIC usage on victim computers can cause performance degradation. Unauthorized software on a workstation can also introduce vulnerabilities, backdoors, or hidden malware into the network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Cryptomining is the process of converting computing resources into cryptocurrency. Cryptomining is costly in terms of electricity, time, and processing power. A mining pool allows users to aggregate computing resources and then share cryptocurrency awards based on the contribution of each user to the pool. To offset costs and maximize profits, a malicious cryptominer might steal resources to increase their contribution. For example, an employee can hijack company resources by performing cryptomining from their workstation. Or an attacker can hijack resources from unsuspecting victims by installing cryptomining software on several victim machines.
Add firewall rules to prevent traffic over known cryptomining software ports
Block domain names for known mining pools
Implement controls that prevent unauthorized applications from running on devices
Implement strong IT policies to prevent unauthorized devices from running cryptomining software
