Cryptocurrencies have been a hot topic in the past few years, making it hard to miss all the hype around Blockchain technology and its pioneer Bitcoin. Although all of these are nothing new to cybercriminals, cryptojacking opens up various ways for attackers to monetize on compromised websites without even distributing malware.
For the uninitiated, cryptocurrencies are either mined or exchanged. Cryptocoin mining is the process by which transactions are accumulated into “blocks.” These are then verified and added to the public ledger called blockchain.
Blockchain is the decentralized register of all the inflow and outflow of transactions so that everything tallies at the end. The mining process involves complicated mathematical problems that keep processors at 100% usage and only a number of miners who solved the puzzle get to share the rewards. The tasks become fewer and much harder to crack, preventing the devaluation of the currency.
It’s nothing new for cybercriminals to collect cryptocurrency en masse using malware. However, the speed and capabilities of modern browsers have empowered attackers to merely plant scripts that mine cryptocoins on as many websites as possible and earn the rewards of user’s CPU cycles. They are essentially stealing the processing power of the computer for mining.
Hackers do not even need to carry out sophisticated attacks since cryptojacking turns even the most trivial cross-site scripting (XSS) weaknesses into an effective revenue hub, especially on sites with high traffic.
Furthermore, attackers are shrewd enough to mine Monero rather than Bitcoin or other cryptocurrencies. This is because unlike other cryptocoins, Monero is memory-bound instead of CPU-bound. It allows them to obtain good results on regular hardware, in lieu of the specialized hardware that is typically required for mining.
Sign up for Protect Your Business Online security alert bulletins to stay up to date on the latest security topics.