What Is Shadow Mining? Most Cybersecurity Professionals Don’t Know
Most organizations are unfamiliar with shadow mining and cryptojacking, according to a survey of 150 cybersecurity professionals conducted by security information and event management (SIEM) platform provider Exabeam.
Key findings from Exabeam’s “The Anatomy of Shadow Mining” report included:
- 65 percent of cybersecurity professionals said they were unfamiliar with shadow mining.
- 57 percent said they were unfamiliar with cryptojacking.
- 47 percent are not confident they have security policies and tools in place to detect and prevent illicit cryptocurrency mining activity on their organization’s network infrastructure.
- 42 percent believe the biggest IT threats come from outside their organization.
Cybersecurity professionals also cited ransomware (40 percent) and bring-your-own-device (BYOD) threats (28 percent) as the two most common IT security challenges facing organizations, the Exabeam report showed. Comparatively, shadow mining (10 percent) and cryptojacking (9 percent) ranked among the least common IT security challenges.
Shadow Mining and Cryptojacking: What Cybersecurity Professionals Need to Know
Shadow mining refers to a combination of shadow IT and illicit cryptocurrency mining, Exabeam noted. It enables cybercriminals to obtain unauthorized use of an organization’s computing resources to mine cryptocurrencies by a privileged user.
How to Address Shadow Mining and Cryptojacking
Shadow mining and cryptojacking are simple and effective cyberattack techniques. As such, the number of shadow mining and cryptojacking attacks could increase in the years to come.
Meanwhile, network-based cyber threat detection solutions could help organizations address shadow mining and cryptojacking. These solutions help organizations quickly identify shadow mining and cryptojacking attacks before they escalate.
MSSPs also can help organizations combat shadow mining, cryptojacking and other cyberattacks. They can deliver threat detection services, as well as help organizations develop and deploy effective cybersecurity strategies.