Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1182
Views
1
Helpful
0
Comments

CTA Updates - Cryptocurrency Miner Detection

psomol
Cisco Employee
Cisco Employee
‎01-31-2018 06:58 AM

This blog extends information from Cognitive Threat Analytics (CTA) Release Notes.

 

January 2018 Update

 

CTA Engine now detects new types of incidents:

  • repetitive and persistent cryptomining activities on the endpoint
  • in-browser cryptomining by websites

 

Cryptomining infections may not necessarily constitute a threat, but they do cause non-negligible financial harm by excessive consumption of computing resources. Detected incidents can signify either cryptomining infection or voluntary misuse of company resources.

 

crypto.png

Example: In this incident CTA alerts about repetitive communication with cryptomining pools. The endpoint exhibits persistent communication with nicehash.com, what adds to the conviction that cryptomining activity takes place on the endpoint.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents