{"id":42181,"date":"2018-01-12T05:00:00","date_gmt":"2018-01-12T10:00:00","guid":{"rendered":"https:\/\/www.cira.ca\/blog\/weekly-web-security-warning-115-times-increase-bitcoin-miners-2\/"},"modified":"2023-03-10T10:57:14","modified_gmt":"2023-03-10T15:57:14","slug":"weekly-web-security-warning-115-times-increase-bitcoin-miners-2","status":"publish","type":"cira_news","link":"https:\/\/stg-saas.cira.ca\/fr\/ressources\/nouvelles\/cybersecurity-fr\/weekly-web-security-warning-115-times-increase-bitcoin-miners-2\/","title":{"rendered":"Weekly web security warning: 115 times increase in Bitcoin miners"},"content":{"rendered":"<p><em>Editorial note: Every week, we are going to examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA&#8217;s D-Zone DNS Firewall.<\/em><\/p>\n<p>In our last weekly update, we noted that five of the top 10 domains we blocked in Canada were related to attempts to distribute bitcoin mining malware. Specifically, items 6-10 on the list were bitcoin miners using .bid domains.<\/p>\n<p><!--more--><\/p>\n<p><em>Editorial note: Every week, we are going to examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA&#8217;s D-Zone DNS Firewall.<\/em><\/p>\n<p>In our last weekly update, we noted that five of the top 10 domains we blocked in Canada were related to attempts to distribute bitcoin mining malware. Specifically, items 6-10 on the list were bitcoin miners using .bid domains.<\/p>\n<p>This week&#8217;s list flips that on its head where the top six blocked domains were bitcoin miners with five of the six being .bid sites and one being a .me site &#8211; but that isn&#8217;t even the interesting part. There was a 115x increase in attempted clicks (queries) out to Bitcoin miners. When something goes up to that quickly it warrants attention and awareness.<\/p>\n<p>&nbsp;<\/p>\n<div class=\"media media-element-container media-default\">\n<img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-2582\" src=\"https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0115-2.png\" alt=\"\" title=\"\" width=\"825\" height=\"452\" srcset=\"https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0115-2.png 825w, https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0115-2-300x164.png 300w, https:\/\/stg-saas.cira.ca\/uploads\/2018\/01\/topblocks0115-2-768x421.png 768w\" sizes=\"auto, (max-width: 825px) 100vw, 825px\" \/>\n<\/div>\n<p>What constitutes a query? There are plenty of reasons for a user to attempt to access a site that distributes bitcoin miners (or any malware really). In this case, typical vectors could range from clickbait emails, ads that accompany a click on a torrent site or even sites that attempt to mine coins in the background, so-called \u201cdrive-by mining\u201d. The latter reason represents a perhaps educated user who would ignore a pop-up, but at this scale IT departments in Canada need to be aware of the increased threat to their resources being used inadvertently by miners.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Editorial note: Every week, we are going to examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA&#8217;s D-Zone DNS Firewall. In our last weekly update, we noted that five of the top 10 domains we blocked in Canada were related to attempts to distribute bitcoin mining malware. [&hellip;]<\/p>\n","protected":false},"featured_media":2569,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"Weekly web security warning: 115 times increase in Bitcoin miners - CIRA","description":"Editorial note: Every week, we are going to examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA's D-Zone DNS Fi"},"footnotes":""},"topic":[1066],"class_list":["post-42181","cira_news","type-cira_news","status-publish","has-post-thumbnail","hentry","cira_news_type-cira-news-type-blogue","cira_topic-cira-topic-cybersecurity-fr","cira_author-robwilliamson-fr"],"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news\/42181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news"}],"about":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/types\/cira_news"}],"version-history":[{"count":0,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/news\/42181\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/media\/2569"}],"wp:attachment":[{"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/wp\/v2\/media?parent=42181"}],"wp:term":[{"taxonomy":"cira_topic","embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/fr\/wp-json\/cira\/v1\/topic?post=42181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}