Today, SIEM solution provider Exabeam released the results of an enterprise research report: “The Anatomy of Shadow Mining.” Their results, including an in-depth survey, prove shocking; 57% of respondents remain unfamiliar with cryptojacking, an increasingly prevalent form of malware.
Additionally, the Exabeam survey exposes enterprises’ lack of familiarity with shadow mining; 65% of respondents did not know the term.
Shadow Mining vs. Cryptojacking
Just what is the difference between shadow mining and cryptojacking?
Cryptojacking allows externals threat actors illicitly “mine” cryptocurrencies on victim networks. Mining cryptocurrency places a heavy toll on processing power and electrical usage—exactly why threat actors use malware to put the burden on enterprises instead.
On the other hand, shadow mining involves an insider threat subverting their enterprise’s resources for illicit cryptocurrency mining. While cryptojacking falls under the malware umbrella, Exabeam classifies shadow mining as Shadow IT. Shadow IT refers to any insider threat which subverts IT infrastructures.
Other Findings from Exabeam
For this report, Exabeam surveyed 150 cybersecurity professionals at the Cloud and Cybersecurity Expo 2019. As a result, they reveal:
- 47% don’t feel confident about detecting or preventing cryptojacking or shadow mining with their current cybersecurity policies or tools.
- Only 22% consider shadow mining a significant threat.
- Respondents mentioned ransomware and BYOD threats as the most common IT security challenges, neglecting mining malware.
Additionally, Barry Shteiman—Vice President of Research and Innovation at Exabeam—summarized the survey’s results. “It is eye-opening to learn that so many professionals still see their biggest IT threats coming from outside of their organizations. Given the rise of cryptocurrencies, IT teams need to realize that shadow mining is a significant threat and should be given more consideration.”
Latest posts by Ben Canner (see all)
- Why Behavioral Analytics Matter to Enterprise Cybersecurity - August 22, 2019
- How to Improve Your Enterprise’s SOC Efficiency - August 20, 2019
- Why Due Diligence Matters to Determining Third-Party Risk - August 15, 2019