Cryptojacking has become a growing concern. Cybercriminals aren’t satisfied with the available supply of vulnerable servers and PCs to hijack in order to mine their favorite cryptocurrency. So, they have added another rich source of computational horsepower to their arsenal: IoT devices. Media devices are especially attractive targets due to their use of powerful GPUs combined with lax home security. And because they tend to always be powered on, there is a lot of downtime that can be exploited without detection.
The real challenge, however, is the risk that these compromised devices pose to business. Protecting today’s threat landscape has been complicated by the anywhere, anytime nature of work. Employees working remotely or on the go introduce additional threats to the network because their work devices often run on the same networks as their compromised IoT devices, with many of the apps running on their home entertainment systems linked to the same apps on their laptops, tablets and smartphones.
Data from the latest “Fortinet Global Threat Landscape Report” reveals that 23.3% of surveyed organizations saw cryptojacking malware like ZeroAccess (one of the top botnets for Q2 2018) in their networks. Many of these botnets spread to business networks via devices that were often originally infected in a compromised home network. This growing trend has serious implications for security strategies. To combat this latest attack vector, organizations need to quickly and effectively extend corporate security to employee devices when they are not in the office.