Most vendors are able to identify crypto-mining malware from the network level. It’s honestly risky to spot crypto mining at the tail end of an attack. This is because at that point it could already be on an organization’s servers, desktops, laptops and even mobile devices and IoT devices. These attacks can be intentional or unintentional and there’s a broad spectrum of them out there.