RiskIQ Maps and Analyzes the Swelling Cryptocurrency Miner Landscape
June 28, 2018
New Research finds hundreds of hosts running cryptocurrency miners in the Alexa Top-10,000
SAN FRANCISCO – June 28, 2018 – RiskIQ, the global leader in digital threat management, today released an infographic mapping and profiling the global cryptocurrency mining landscape, which has swelled in size due to the rush by companies and threat actors alike to capitalize on cryptocurrency's skyrocketing valuation.
The infographic is based on data collected by RiskIQ's web crawling infrastructure, which downloads and analyzes website content to identify the individual technical components that load when rendered to detect cryptocurrency miners across the Internet. The research highlights the influx of revenue-generating miners in domains in the Alexa top-10,000 and analyzes their attributes, such as prevalence, longevity and associated infrastructure.
Since these miners require an expensive amount of computing power — Fundstrat reported that the cost of mining a single Bitcoin reached about $8,038 and the costs of mining other coins are not far behind — actors often source it from unwitting users. To do so, they take advantage of the fact that security teams lack visibility into all the ways that they can be attacked externally and struggle to understand what belongs to their organization, how it’s connected to the rest of their asset inventory and what potential vulnerabilities are exposed to compromise.
While some brands capitalize by running cryptocurrency mining scripts in the background of their sites to leverage the computers of their visitors legally, threat actors exploit this blind spot to hack vulnerable sites or spin up fake, illegitimate websites to siphon money, often with typosquatting domains and fraudulent branding. RiskIQ reported back in February that an upwards of 50,000 total websites have been observed using Coinhive in the past year–many of them likely without the original owner’s knowledge.
“In the case of cryptocurrency mining scripts, organizations must be able to inventory all the third-party code running on their web assets and be able to detect instances of threat actors leveraging their brand on illegitimate sites around the Internet,” said Adam Hunt, chief data scientist at RiskIQ. “Threat actors realize the lack of visibility these organizations have and are targeting it accordingly.”
The report found that threat actors leveraging domains or subdomains that belong, or appear to belong, to major brands, trick people into visiting their sites running cryptocurrency mining scripts to monetize their content.
Report highlights include:
- The amount of cryptocurrency miners RiskIQ observed over a 23-week period
- The average amount of time a cryptocurrency mining script is active
- Most popular cryptocurrency mining scripts
- Number of hosts running cryptocurrency miners in the Alexa top-10,000
- Top-level domains utilized by cryptocurrency miners
- Top-5 geolocations of cryptocurrency miners
To view the rest of these stats, download the infographic here: https://www.riskiq.com/infographic/cryptomining-landscape
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.
© 2018 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.
Montner Tech PR