Cryptomining impacts 69 percent of organizations

In a new report into DNS security, Cisco Umbrella, which processes 620 billion DNS requests daily, finds that from January to December 2020 cryptomining generated the most DNS traffic out of any individual threat category with 69 percent of organizations discovering cryptomining connections.

In addition nearly 90 percent of organizations had at least one user attempt to connect to a phishing site, peaking drastically in the second half of the year.

"It's not surprising that cryptomining generated the most DNS traffic out of any individual category. While cryptomining is often favored by bad actors for low-key revenue generation, it’s relatively noisy on the DNS side, as it regularly pings mining servers for more work," says threat intelligence analyst Ben Nahorney writing on the Cisco blog.

Nahorney also notes the, "…little difference there is between 'legitimate' and illicit cryptomining traffic. Some of the activity in the chart could be blocks based on policy violations, where end users attempted to mine digital currencies using company resources. In cases like this, administrators would have good reason for blocking such DNS activity."

Among other findings, more than half of organizations encountered ransomware-related activity. This was dominated by two threats, Sodinokibi which tends to hit a large number of endpoints, demanding a small ransom, and Ryuk which compromises far fewer systems but demands a significantly larger payment. Researchers noted a nearly 500 percent increase in Ryuk activity in November and December.

Also 70 percent of organizations had users that were served malicious browser ads and 48 percent found information-stealing malware.

You can read more on the Cisco blog.

Image credit: FabreGov / Shutterstock