Domains Hosting Cryptocurrency Mining Scripts Jump 725 Percent

March 5, 2018 @ 1:15 PM
| |
2 min read

According to new research, the number of domains hosting cryptocurrency mining scripts jumped 725 percent over a four-month period at the end of 2017. This drain on computing resources may go hand in hand with malware threats.

Mining Scripts Multiplying in 2018

Internet security firm Cyren analyzed data based on a scan of 500,000 websites, some of which may have been running cryptocurrency mining scripts without their owners’ knowledge. In fact, the number of sites supporting the mining of cryptocurrencies such as Monero doubled month over month in December 2017 and again in January 2018, which could indicate that such activities are ramping up significantly, according to the report.

There’s more at stake here than just degraded CPU performance. As Dark Reading pointed out, cybercriminals could embed a malicious executable file to be activated at a later date using the same code. CoinHive is among the miners that are easiest to obtain, but the propensity for misuse is making it a target for tools that normally scan machines for traditional malware and other threats.

Cryptocurrency Mining: A Lucrative Threat

Almost anything is at risk for attack when it comes to harnessing power for cryptocurrency mining. Around the time that Cyren published its research, NewsBTC reported, Avast showed how cryptocurrency mining scripts could be injected into smartphones and connected home devices at Mobile World Congress. The firm demonstrated that cybercriminals could earn as much as $1,000 in four days by taking over 15,000 Internet of Things (IoT) devices.

Another option is to look for a big-name target with lots of computing power at its disposal. That is likely what prompted fraudsters to hijack an Amazon Web Services account owned by car manufacturer Tesla, as reported by Fortune.

As the market for cryptocurrency heats up, organizations are likely to see more incidents like these with even more dire consequences.

Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.