Content, Content

What Is Shadow Mining? Most Cybersecurity Professionals Don’t Know

Most organizations are unfamiliar with shadow mining and cryptojacking, according to a survey of 150 cybersecurity professionals conducted by security information and event management (SIEM) platform provider Exabeam.

Key findings from Exabeam's "The Anatomy of Shadow Mining" report included:

  • 65 percent of cybersecurity professionals said they were unfamiliar with shadow mining.
  • 57 percent said they were unfamiliar with cryptojacking.
  • 47 percent are not confident they have security policies and tools in place to detect and prevent illicit cryptocurrency mining activity on their organization's network infrastructure.
  • 42 percent believe the biggest IT threats come from outside their organization.

Cybersecurity professionals also cited ransomware (40 percent) and bring-your-own-device (BYOD) threats (28 percent) as the two most common IT security challenges facing organizations, the Exabeam report showed. Comparatively, shadow mining (10 percent) and cryptojacking (9 percent) ranked among the least common IT security challenges.

Shadow Mining and Cryptojacking: What Cybersecurity Professionals Need to Know

Shadow mining refers to a combination of shadow IT and illicit cryptocurrency mining, Exabeam noted. It enables cybercriminals to obtain unauthorized use of an organization's computing resources to mine cryptocurrencies by a privileged user.

Cryptojacking involves the unauthorized use of a person's computer to mine cryptocurrency. It often occurs if a victim clicks on a malicious link in an email that loads cryptomining code onto his or her computer. Or, cryptojacking sometimes takes place if a victim opens a website or online ad that contains malicious JavaScript code.

How to Address Shadow Mining and Cryptojacking

Shadow mining and cryptojacking are simple and effective cyberattack techniques. As such, the number of shadow mining and cryptojacking attacks could increase in the years to come.

Meanwhile, network-based cyber threat detection solutions could help organizations address shadow mining and cryptojacking. These solutions help organizations quickly identify shadow mining and cryptojacking attacks before they escalate.

MSSPs also can help organizations combat shadow mining, cryptojacking and other cyberattacks. They can deliver threat detection services, as well as help organizations develop and deploy effective cybersecurity strategies.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.