CIRA cybersecurity

Weekly web security warning: Bitcoin mining remains top threat to IT resources

For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world—Bitcoin—is influencing our top DNS malware blocks.

For the third week in a row, the rising (and sometimes falling) star of the cryptocurrency world—Bitcoin—is influencing our top DNS malware blocks. Bitcoin Mining malware continues to be a problem for IT administrators across Canada.  But threats of other types remain persistant as illustrated by the recent hack at the Progressive Conservative Party of Ontario, it is clear that ransomware is becoming a major problem in Canada and mitigating it with proper patching, backup, protective layers and user endpoint protection is important.  

The top five blocked domains this week are random character domains under the .bid TLD. The number one malicious domain, “Vcfs6ip5h6.bid” actually had more queries than all the rest of the top 10 combined suggesting that it is part of a successful vector used by the perpetrator. Its presence on the list does not necessarily guarantee that it is a covert attempt to hijack someone’s CPU, but for IT administrators who don’t want their systems used for drive-by mining it is still a concern.

Once again, universities and school boards are the primary victims suggesting it is something that is more typical in the browsing behaviour of students than those in the other sectors. This is not to say that other sectors were impacted, just to a lesser degree. 

The other thing we will highlight this week is the first time we have seen a WPAD proxy hijack make this list using wpad.domain.name.

Top DNS blocks week of January 29

For those who are weekly readers of this feature, we thought we would show you the top 15 this week…just to break up the fact that bitcoins have been a feature for a while.

Blog navigation