Cybersecurity is full of surprises.
Just when you think you’ve got a handle on most of the Bad Stuff out there, along comes a whole new whack of scary, annoying things popping out of dark corners that you could’ve sworn were perfectly fine the last time you checked.
There were a few surprises in Austin McBride’s presentation at this year’s SecTOR conference. McBride, threat data scientist at Cisco Umbrella (Cisco’s cloud-based cybersecurity platform formerly known as OpenDNS), presented his research on malicious traffic during the first nine months of 2019.
The real shocker from his findings? The perps behind the Internet’s fastest growing threat aren’t who we thought they were.
The crypto kids
According to McBride, these new hackers aren’t career criminals coding from some remote corner of Russia. Nope, they’re clean-cut students in dorm rooms at America’s top universities.
Compared to my generation of post-secondary students, these Ivy League IT hackers are an ambitious lot.
In 1994, I spent my final year of university pulling all-nighters on a giant PC that weighed as much as a Toyota. In 2004, Mark Zuckerberg spent his days at Harvard launching a little website that became Facebook while dodging lawsuits from the Winklevoss twins.
Today, some enterprising students aren’t waiting until graduation to earn money with their degrees. Instead, they’re tapping into on-campus computers, networks and power grids to make some coin (bitcoin, actually) through cryptomining. In a blog post, McBride explained how it works, as follows.
McBride said college campuses have become the second most common targets of cryptojacking after energy and utility providers. Besides using a university’s electricity, cryptomining also exposes the school’s IT network to future risk. As Cisco warned in another report, cryptomining is “simply a starting point. Attackers can leverage their presence in your network to execute further attacks.”
How much of a problem is campus cryptojacking? Stanford University issued a warning last year about a “sharp increase” in such incidents, pointedly reminding students that under campus rules, “Stanford resources must not be used for personal financial gain.”
In the online landscape overall, “no other threat has witnessed such massive growth,” McBride said. Cisco’s figures show cryptomining activity online increased 19-fold during the past nine months of 2018, surging from 660,000 DNS queries in March 2018 to 11.3 million in December 2018.
Cryptomining now encompasses 56 per cent of all malicious traffic, ranking it third behind malware (88 per cent) and Trojans (59 per cent). It even tops phishing, which ranks fourth and accounts for 46 per cent of all malicious traffic.
Surprise No. 2
Another unexpected finding from McBride’s data: finance is not the most targeted industry vertical. When he looked at sectors targeted by all types of malicious traffic (not just cryptomining), financial services ranked second, attracting 20 per cent of all dangerous traffic. Higher education took the top spot overall, targeted by 28 per cent of malicious online activity.
This means post-secondary schools are an even bigger collective target than the retail and healthcare sectors. Clearly, the growth of cryptomining has pushed the higher education sector to the top of this unfortunate heap.
Surprise No. 3
Here’s another assumption proven wrong by McBride’s latest numbers: hackers are starting to ignore the largest enterprises because they have beefier security than smaller organizations.
False! Cisco’s research indicates large enterprises were the top targets in the first three quarters of 2019, attracting 59 per cent of all malicious traffic. Small businesses got hit with 29 per cent and mid-size orgs were targeted by just 12 per cent. This suggests hackers are shifting their sights from small businesses, which were hit by 58 per cent of all cyber attacks a year ago, to larger enterprises.
Why are medium-sized businesses attracting so little dangerous traffic? In McBride’s estimation, it’s because they’ve started hiring their own infosec pros, something that’s always been more of an enterprise move in the past.
One detail from McBride’s research didn’t surprise anyone. As measured by DNS queries, malicious traffic on the Internet skyrocketed 45-fold during the first nine months of this year.
Sadly, hackers gonna hack.