Enterprise Networks Hit by Cryptominers; 2.5 Billion Attacks Blocked in Six Months

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Cryptomining transactions, seen as a terrific money-making scheme separate from the traditional online advertising, are growing faster than ever, concluded security researchers after 2.5 billion attacks were blocked in enterprise networks in the past six months.

The investigation between October 2017 and March 2018 revealed cryptomining services such as CoinHive, CryptoLoot, CryptoNoter, Minr and newly introduced Project-Poi, Coin-blind, Coin-nebula, Coin-Have and Coin-Imp were embedded in JavaScript on “the top 100,000 sites globally according to ranking by Alexa.” 

Even legitimate websites may turn to coin mining, leaving plenty of room for hackers to exploit it. For example, CoinHive keeps 30 percent of the cryptocurrency mined on a website -- in its case Monero -- while the site owner gets the rest and offers users an ad-free website.

Even though cryptomining is growing in popularity worldwide, the US is the global leader by number of users and hosting servers linked to mining activity.

“All the users in Europe combined still amount to fewer users than those in the US, and the number of servers in the US are more than twice that of the number in Russia,” the researchers found.

These numbers are not a surprise. Cryptomining code injected within a browser runs quietly in the background and site visitors are oblivious to how their systems are manipulated. Warning signs that a machine is used for cryptomining include slower-than-normal operations, and fans actively trying to cool it down because the CPU is at full sail, eating up resources. Eventually, the system will deteriorate from overuse, giving enterprises major headaches.

“Enterprise networks are being impacted in various ways,” the report reads. “Unwanted and unidentified mining activity inside networks causes increased wear and tear on corporate hardware, as the mining increases CPU cycles. Mining activity also hogs corporate network bandwidth and causes performance issues.”

Cryptomining on enterprise networks raises ethical questions if done with the company’s permission. The business may also face compliance violations for suspicious activity on their systems and possibly lawsuits from visitors whose hardware will be affected by cryptominers but who may also be exposed to malware.

Coinhive’s release of the in-browser cryptocurrency miner for Monero Blockchain in 2017 affected thousands of websites, including ads running on YouTube, Wi-Fi hotspots and even government pages on which the plugin manipulated users’ computers to mine for digital currency.

According to the report, cryptominers were most often detected on websites containing adult content (163) and streaming media (96), followed by corporate websites (73), shareware downloads (27), internet services and email hosts (27), copyright infringement (25), hobbies and leisure (12), peer to peer sites (11), image hosts (7), blogs (6) and job employment searches (4). The amount of time spent on a website is linked to the cryptomining activity: more time spent, more money for the cryptominers.

Because no regulation currently covers cryptomining, everyone is a target and the activity will become more common. Enterprises will have to come up with a strategy to prevent their servers being hijacked or hardware failure from excessive CPU activity.