Cryptocurrency mining rampant in higher education

Higher education institutions are the biggest target for illicit cryptocurrency mining, data shows

Illicit cryptocurrency mining, or cryptojacking, is gaining popularity among cyber criminals, and 60% of this activity is being carried out at higher education institutions, a study has revealed.

Universities are a top target of illicit cryptocurency mining because they have high bandwidth capacity networks, according to the Attacker behaviour industry report by automated threat management firm Vectra.

The report is based on analysis of cyber attack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform to detect hidden attacker behaviours and identify business risks.

Higher education institutions are also a prime target because they typically host a lot of students on their networks who are not protected.

This means students who are using the bandwidth for activities such as watching movies online could be giving cyber criminals access to computing resources in the background by using websites that host cryptojacking malware.

There is also the possibility that some students are tapping into the computing resources to carry out some illicit cryptocurrency mining of their own.

The report confirms that cryptojacking is a growing problem, and although higher education is where most of this activity is taking place, other industries are also being targeted.

The entertainment and leisure sector (6%), financial services (3%), technology (3%) and healthcare (2%) are being targeted in this way, which increases power consumption and reduces hardware lifespans.

The report also found that cyber criminals are targeting the computing resources of higher education institutions to carry out cyber crime campaign command and control operations.

Higher education institutions can only respond to students they detect cryptomining with a notice that the activity is occurring, said Chris Morales, head of security analytics at Vectra.

“They can provide assistance in cleaning machines or, in the case of the student being responsible, they can issue a cease and desist order,” he said.

“Corporate enterprises enforce strict security controls to prevent cryptocurrency mining behaviours. However, universities do not have the same luxury with students. They can, at best, advise students on how to protect themselves and the university by installing operating system patches and creating awareness of phishing emails, suspicious websites and web ads.”

The report concludes that as sophisticated cyber attackers automate and increase the efficiencies of their own technology, there is an urgent need to automate information security detection and response tools to stop threats more quickly.

“At the same time, there remains a global shortage of highly skilled cyber security professionals to handle detection and response at a reasonable speed,” the report said. “As a result, the use of AI is essential to augment existing cyber security teams, so they can detect and respond to threats faster and stay well ahead of attackers.”

Read more about AI and security

Jon Oltsik, senior principal analyst at the Enterprise Strategy Group (ESG) research firm, said: “Security operations and analytics platform architecture [SOAPA] is helping to accelerate technology innovation, ease integration and enhance the value of existing security technologies.

“According to recent ESG research, 12% of enterprise organisations have already deployed artificial intelligence [AI]-based security analytics extensively, and 27% have deployed AI-based security analytics on a limited basis.

“This latest report from Vectra provides important visibility into attacker behaviours within organisations that have bypassed perimeter security controls and observations of attack progression after an initial compromise.” 

Vectra’s Cognito platform is designed to automate the hunt for hidden cyber threats by analysing network traffic logs and cloud events to detect attacker behaviours inside the network.

According to Vectra, Cognito uses AI to combine data science, machine learning and behavioural analytics to reveal attacker behaviours without signatures or reputation lists.

“Combining security analytics with human understanding gives us compelling new insights into attacker behaviours on a global scale across cloud, datacentre and enterprise environments,” said Morales. “Ultimately, this insight enables Vectra customers to make better-informed decisions that strengthen security posture and reduce business risk.”

Read more on IT risk management