We've spoken at length about the dramatic pivot by threat actors toward the lucrative cryptocurrency landscape. With many of those with the means of mining cryptocoins striking it rich, the internet has become something of a modern boomtown, with everyone—both legitimate brands and threat actors alike—trying to stake their claim.
However, the primary challenge facing cryptocurrency prospectors is that mining requires an extreme level of computing power, which can be prohibitively expensive—Fundstrat reported that the cost of mining a single Bitcoin reached about $8,038, and the cost of mining other coins are not far behind. To get around it, actors will siphon CPUs from unwitting users across the internet. While some brands do capitalize by running cryptocurrency mining scripts in the background of their sites to leverage the computers of their visitors legally, threat actors hack vulnerable sites and insert miners that run surreptitiously or spin up fake, illegitimate websites to siphon money with typosquatting domains and fraudulent branding.
To leverage domains or subdomains that belong, or appear to belong, to major brands with the goal of tricking people into visiting their sites running cryptocurrency mining scripts, these threat actors take advantage of the fact that security teams lack visibility into all the ways that they can be attacked externally. These teams also struggle to understand what belongs to their organization, how it’s connected to the rest of their asset inventory, and what potential vulnerabilities are exposed to compromise. In fact, RiskIQ reported back in February that an upwards of 50,000 total websites have been observed using Coinhive, the most popular cryptocoin, in the past year–many of them likely without the original owner’s knowledge.
To map this wild new cryptocurrency landscape, we deployed our crawling infrastructure, which downloads and analyzes website content to identify the individual technical components that load when pages render to detect cryptocurrency miners across the internet. Download the infographic to find out how large this influx of revenue-generating miners in websites in the Alexa top-10,000 is, and get an analysis of their attributes, such as prevalence, longevity, and associated infrastructure.
Organizations must be able to inventory all the third-party code running on their web assets and be able to detect instances of threat actors leveraging their brand on their illegitimate sites around the Internet. Threat actors realize the lack of visibility these organizations have and are targeting it accordingly. Contact RiskIQ to find out how not to get the shaft during the age of cryptomania.