Cryptominers exploit miners vulnerabilities

Miners are under a new attack as Cryptominers exploit miners vulnerabilities. Programs that hijack computer resources to mine cryptocurrencies without permission are indeed a new threat in the list.

In summary, the “old list” for miners reportedly encompassed for example:

• Ransomware, which holds a company’s data hostage until a ransom is paid.
• data leaks.
• worms that could break down equipement “a la” stuxnet focussing on the SCADA system.

However, the real-life general list is way longer, as witnessed by a number of our own experience-based blog-posts bearing on:

• cyber risks in mining and oil and gas
• the american cyber-crime epidemic
• the introduction of web based gadgets

Having developed a major study for a European Country’s Armed Forces, visible in a Riskope’s blogpost, back in 2015 we published a paper entitled Holistic Physical Risk and Crises Prioritization Approaches to Solve Cyber Defense Conundrums.

Mitigation strategy planning

How does one develop a tactical and strategic planning for mitigation (roadmap)? How does one know which corporate sub-systems to fix and to what degree?

Quantitative convergent, scalable and updatable Risk assessments provide all the guidance needed, and is loaded with benefits. Indeed, as every risk, vulnerability cannot be mitigated/fixed at once it is paramount to be able to discern among risks and vulnerabilities to perform operational, tactical and strategic planning.

A paper we published in 2016 (Military Grade Risk Application for Mining Defense, Resilience, and Optimization) and a presentation we gave at the Management & Economics Society of CIM, McGill University, Montréal in 2018 illustrate this point.Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability

Is cyber insurance a viable solution?

Although insurance is the first idea which comes to mind, viability of risk transfer is likely not the best in the cyber world. We have discussed this in terms of “misleading actuarial data” and the complexities and speed at which cyber-threats evolve

How not to over spend over Cryptominers exploit miners vulnerabilities?

Many, including major insurers have stated that cyber costs may soon exceed the benefits. This is in stark contrast with the IoT and digitalization trend of the mining and other industries that seems to “forget the risks” in the excitement of new technological developments. We hardly see anyone going back to typewriters and carrier pigeons. However, we know that some very serious organizations are indeed going back to typewriters for highly classified documents.

In many cases information security guidelines can significantly improve the stance of a client, especially if there is a strong effort to create awareness on social engineering attacks.

The obvious next step is to develop quantitative convergent scalable, drillable and updatable risk assessments. We discussed this idea in the prior sections of this blogpost advising to deploy ORE at corporate level.

Tagged with: Cryptominers, exploit miners, vulnerabilities

Category: Consequences, Optimum Risk Estimates, Risk analysis, Risk management