cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

CTA Updates - Cryptocurrency Miner Detection

488
Views
1
Helpful
0
Comments
Cisco Employee

This blog extends information from Cognitive Threat Analytics (CTA) Release Notes.

 

January 2018 Update

 

CTA Engine now detects new types of incidents:

  • repetitive and persistent cryptomining activities on the endpoint
  • in-browser cryptomining by websites

 

Cryptomining infections may not necessarily constitute a threat, but they do cause non-negligible financial harm by excessive consumption of computing resources. Detected incidents can signify either cryptomining infection or voluntary misuse of company resources.

 

crypto.png

Example: In this incident CTA alerts about repetitive communication with cryptomining pools. The endpoint exhibits persistent communication with nicehash.com, what adds to the conviction that cryptomining activity takes place on the endpoint.