Blended Threats: Mining Takes a Toll!

A new report from  the Cyber Threat Alliance (CTA) highlights one type of blended threat that organizations should be aware of. In this case, CTA demonstrates a cyber threat that can have crossover impacts and harm physical equipment.

On 10 Sep, CTA released a new Joint Analysis product titled, “The Illicit Cryptocurrency Threat.” Mining has become an increasing threat this year, often assessed as having overtaken ransomware as the biggest cyber threat to businesses right now.

“If 2017 was the year of ransomware, then 2018 is the year of malicious cryptocurrency mining attacks…” – Danny Palmer, @dannyjpalmer, writing in ZDNet, 28 Jun

“This year, however, we came across a huge obstacle in continuing this tradition. We have found that ransomware is rapidly vanishing, and that cryptocurrency mining is starting to take its place.” – SecureList, by Kasperskey Labs, 27 Jun

In their summary of the threat, CTA wrote, “CTA members are seeing an enormous increase in illicit mining activity targeting their customers. Activity has gone from a virtually non-exist issue to one that almost universally shows up at the top of our members’ threat lists. Combined data from several CTA members shows a 459 percent increase in illicit cryptocurrency mining malware detections since 2017. Recent quarterly trend reports from CTA members show that this rapid growth shows no signs of slowing down. If 2017 was defined by the threat of ransomware, 2018 has been dominated by illicit cryptocurrency mining.”

Okay, well, so what does this cyber threat have to do with blended threats? Among the key findings, CTA observes:

Physical damage and stress to infected devices: Illicit cryptocurrency mining can also lead to reduced computer performance and an increased likelihood of mechanical failure of heat-sensitive parts or elements of the cooling system. The more machines at a specific location or facility running cryptocurrency mining software, the more pronounced the power consumption and heat production, which in turn raises the propensity for mechanical failures. Enterprise environments are particularly lucrative targets for illicit mining operations because of the access to a large number of machines, high-powered servers, and public cloud systems.

This is just one among many continued examples of how security is security and the silos of physical security, cybersecurity, emergency management and other disciplines cannot effectively function within silos given the current, blended threat, environment.

“The more machines at a specific location or facility running cryptocurrency mining software, the more pronounced the power consumption and heat production, which in turn raises the propensity for mechanical failures.”

“Verizon’s 140 West Street immediately after Hurricane Sandy,” photo from Real Estate Weekly, 12 Sep 2018,

And don’t fool yourself into thinking such threats only manifest as cyberattacks impacting physical infrastructure. Having some of our team just come back from an exercise in North Carolina where we shifted from our scenario for a bit and had a fantastic discussion on Florence’s impacts, blended threats exist across all domains…

Understand the Threats. Assess the Risks. Take Action.

What are blended threats? A blended threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

For more background, see some of our previous posts including “Blended Threats (update 1.1): Understanding an Evolving Threat Environment” and “Blended Threats: The Oracle Has Spoken!

Maintain security and threat awareness via Gate 15’s free daily paper, the Gate 15 SUN and learn more about Hostile Events Preparedness and our HEPS Program here. Gate 15 provides intelligence and threat information to inform routine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resourcesWe provide clients with routine cyber and physical security products tailored to the individual client’s interests.  Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics. 

Related Posts