Crypto-Mining Gold Rush A Top Priority for Cybercriminals in 2018

Malwarebytes Report Reveals The Rapid Rise of Crypto-Mining in Australia

Malwarebytes has announced the key findings of a report which reveals the negative impact that browser-based drive-by mining is having on IT security networks.

Unlike drive-by downloads that push malware, drive-by mining (https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/) focuses on utilising the processing power of visitors’ computers to mine cryptocurrency. While both are automatic and silent processes, the early implementation of the Coinhive API has allowed for abuse by running the code full throttle, therefore maxing out a users’ CPU.

Indeed, drive-by mining makes use of other people’s machines and the more web traffic a user generates, the more chances you have of solving crypto challenges and receiving a payout. In order to be profitable, the mining activity must cost less than the power consumption it generates. According to SpiderLabs (https://www.trustwave.com/Resources/SpiderLabs-Blog/%E2%80%9CDon-t-Mine-Me%E2%80%9D-%E2%80%93-Coinhive/), mining would add between about US $2.90 to US $5 per month to a US resident’s electricity bill.

The Malwarebytes report titled “A Look Into The Global ‘Drive-by Cryptocurrency Mining’ Phenomenon” reveals several key insights into the current state of crypto-mining and why it is in a lead position as a battle ground security issue in 2018:

  • During October 2017 alone, Malwarebytes reports an average of eight million blocks per day, and approximately 248 million blocks for the entire month preventing unauthorised drive-by mining onto their users.
  • World view of blocked drive-by mining activity based on user geolocation.  The highest drive-by mining activity was found in the US, France, Germany and Italy.
  • Top 10 countries exposed to drive-by mining.  The US and Spain topped the list of countries most impacted by drive by mining in October.   In the Asia Pacific region, Australia had 12,210,465 drive-by mining events in October compared to 6,405,679 in the Philippines, 5,194,079 in Thailand, 4,657, 299 in Indonesia, 3,331,250 in New Zealand, 2,960,174 in India, 1,807,028 in Singapore and 852,414 in Hong Kong.

“Today, there is so much interest around cryptocurrencies that heists are common place. In fact, the first major incident to target Coinhive (https://coinhive.com/blog/dns-breach) has already happened. Attackers took control of Coinhive’s DNS records and pointed them to a third-party server, thereby making all the profit from mining transactions.

“However, it’s worth noting that Coinhive took responsibility and ensured lost revenue would be reimbursed. At the same time, any site that continues to silently force crypto miners may earn a negative mark and get itself blacklisted, ultimately resulting in a drop in web traffic,” says Jim Cook, ANZ Regional Director, Malwarebytes.

Ethical and Legal Impact
The recent Pirate Bay incident, which turned visitors to its site into cryptocurrency miners without their knowledge or consent, was a starting point for many discussions about the ethical and even legal aspects of unsolicited cryptomining. Some people argued that running unwanted code on people’s machines may have legal implications, while others claimed that this was perfectly normal for websites to do so.

Perhaps the most contentious point was the lack of user awareness and the fact that too many sites were simply not enforcing any sort of throttling, resulting in excessive amounts of CPU being consumed for a degraded overall web experience.

Many security companies as well as various ad blockers (https://blog.adguard.com/en/crypto-mining-fever/), have now started to block Coinhive and other cryptomining domains as a result. Browser makers are also weighing in their options (https://bugs.chromium.org/p/chromium/issues/detail?id=766068) following complaints of unwanted and high CPU usage.

“Browser-based cryptomining has a lot in its favour considering that the online ad industry as one example has been dealt many blows over the past few years, in large part due to the increased usage of ad blockers. In the end, the future success of web-based mining as a business model will be based on honest communication with users and the almost mandatory opt-in, which is the main characteristic that differentiates it from drive-by mining. The problem can be summarised by a fundamental question asked many a times: “Are you running a coin miner on your site or have you been hacked?” Clearly, trust will only be gained with transparency in the year ahead,” says Cook.

The report can be downloaded here:  https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf.

About Malwarebytes
Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. The company’s flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia and a global team of threat researchers and security experts. For more information, please visit us at http://www.malwarebytes.com

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.

Follow us on Facebook: https://www.facebook.com/Malwarebytes
Follow us on Twitter: @malwarebytes https://twitter.com/malwarebytes
Follow us on LinkedIn: https://www.linkedin.com/company/malwarebytes
See us on YouTube: http://www.youtube.com/malwarebytes
Read our latest Malwarebytes Labs blog: https://blog.malwarebytes.com