{"id":42165,"date":"2018-01-29T05:00:00","date_gmt":"2018-01-29T10:00:00","guid":{"rendered":"https:\/\/www.cira.ca\/blog\/weekly-web-security-warning-bitcoin-mining-remains-top-threat-it-resources-2\/"},"modified":"2023-03-10T10:57:12","modified_gmt":"2023-03-10T15:57:12","slug":"weekly-web-security-warning-bitcoin-mining-remains-top-threat-it-resources-2","status":"publish","type":"cira_news","link":"https:\/\/stg-saas.cira.ca\/fr\/ressources\/nouvelles\/cybersecurity-fr\/weekly-web-security-warning-bitcoin-mining-remains-top-threat-it-resources-2\/","title":{"rendered":"Weekly web security warning: Bitcoin mining remains top threat to IT resources"},"content":{"rendered":"<p>For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world&#8211;Bitcoin&#8211;is influencing our top DNS malware blocks. Bitcoin Mining malware continues to be a problem for IT administrators across Canada, and while we don&#8217;t know for sure what caused the <a href=\"https:\/\/www.itworldcanada.com\/article\/ontario-pc-party-adds-ransomware-to-list-of-troubles\/401187\" target=\"_blank\" rel=\"noopener\">recent hack at the\u00a0Progressive Conservative Party of Ontario<\/a>, it is clear that\u00a0ransomware is becoming a major problem in Canada.<\/p>\n<p><!--more--><\/p>\n<p>For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world\u2014Bitcoin\u2014is influencing our top DNS malware blocks. Bitcoin Mining malware continues to be a problem for IT administrators across Canada.&nbsp; But threats of other types remain persistant&nbsp;as illustrated by the <a href=\"https:\/\/www.itworldcanada.com\/article\/ontario-pc-party-adds-ransomware-to-list-of-troubles\/401187\" target=\"_blank\" rel=\"noopener\">recent hack at the&nbsp;Progressive Conservative Party of Ontario<\/a>, it is clear that&nbsp;ransomware is becoming a major problem in Canada and mitigating it&nbsp;with proper patching, backup, protective layers and user endpoint protection is important.&nbsp;&nbsp;<\/p>\n<p>The top five blocked domains this week are random character domains under the .bid TLD. The number one malicious domain, \u201cVcfs6ip5h6.bid\u201d actually had more queries than all the rest of the top 10 combined suggesting that it is part of a successful vector used by the perpetrator.&nbsp;Its presence on the list does not necessarily guarantee that it is a covert attempt to hijack someone&#8217;s CPU, but for IT administrators who don&#8217;t want their systems used for drive-by mining it is still a concern.<\/p>\n<p>Once again, universities and school boards are the primary victims suggesting it is something that is more typical in the browsing behaviour of students than those in the other sectors. This is not to say that other sectors were impacted, just to a lesser degree.&nbsp;<\/p>\n<p>The other thing we will highlight this week is the first time we have seen a <a href=\"https:\/\/auth0.com\/blog\/heads-up-https-is-not-enough-when-using-wpad\/\">WPAD proxy hijack<\/a> make this list using wpad.domain.name.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"media media-element-container media-default\">\n<img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-2554\" src=\"https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0129-2.png\" alt=\"\" title=\"\" width=\"856\" height=\"637\" srcset=\"https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0129-2.png 856w, https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0129-2-300x223.png 300w, https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0129-2-768x572.png 768w\" sizes=\"auto, (max-width: 856px) 100vw, 856px\" \/>\n<\/div>\n<p>For those who are weekly readers of this feature, we thought we would show you the top 15 this week\u2026just to break up the fact that bitcoins have been a feature for a while.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world&#8211;Bitcoin&#8211;is influencing our top DNS malware blocks. Bitcoin Mining malware continues to be a problem for IT administrators across Canada, and while we don&#8217;t know for sure what caused the recent hack at the\u00a0Progressive Conservative Party of Ontario, it [&hellip;]<\/p>\n","protected":false},"featured_media":1949,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"Weekly web security warning: Bitcoin mining remains top threat to IT resources - CIRA","description":"For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world--Bitcoin--is influencing our top DNS malware blocks. Bitcoin Mi"},"footnotes":""},"topic":[1066],"class_list":["post-42165","cira_news","type-cira_news","status-publish","has-post-thumbnail","hentry","cira_news_type-cira-news-type-blogue","cira_topic-cira-topic-cybersecurity-fr","cira_author-robwilliamson-fr"],"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news\/42165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news"}],"about":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/types\/cira_news"}],"version-history":[{"count":0,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news\/42165\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/media\/1949"}],"wp:attachment":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/media?parent=42165"}],"wp:term":[{"taxonomy":"cira_topic","embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/topic?post=42165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}