Last week, news broke that several major websites, including television network Showtime, had been harnessing web visitor computing power for the purposes of mining for digital currencies. While the process is murky from a legal perspective, it is nonetheless something that most (if not all) customers were unaware was happening when they visited the website.
According to the MIT Review “an observant Twitter user” first realized that the Showtime Anytime website contained an add-in that was using visitors’ computing power to mine for Monero, a prominent digital currency. Showtime removed the CPU-harnessing tool quickly, but there are lingering concerns.
“Security experts have seen a spike in cyberattacks this year that are aimed at stealing computer power for mining operations,” according to the Technology Review.Security intelligence group RedLock has exposed hackers who were using Amazon Web Services (AWS) computing resources to mine bitcoin.In a report from the intelligence company it found that at least two companies were targeted: Aviva and Gemalto, both multinational corporations.RedLock were alerted to the situation after realizing that a number of administration consoles on AWS, Microsoft Azure, and Google Cloud platforms were not password protected. As a result, these presented opportunities for hackers to gain easy access.
Cryptocurrencies have become one of the hottest investment trends in recent financial memory. The entire industry is valued at about $140 billion as of this writing, and cryptocurrency mining is the driver of the entire space.
In order to mine for digital tokens, miners must set up powerful computing rigs which dedicate massive amounts of CPU power and electricity toward solving complex algorithms. The reward for completing the problems is a small portion of the digital currency in question.
The same mining tool which showed up on Showtime’s website has also been found elsewhere. It comes from a company called Coinhive, and it is designed as a way for website owners to generate additional revenue without having to display ads. Unfortunately, it seems that hackers have quickly moved to capitalize on the tool, with researchers discovering the software embedded in Chrome extensions, WordPress blogs, and many other places.
1.6 Milion Computers Affectes
Kaspersky Lab, a cybersecurity firm, recently reported that it found cryptocurrency mining tools of this type on 1.65 million client computers so far in 2017 which marks a significant uptick from last year.
BKnown as botnets, cyberattackers often run mining software in the background with no indication from the computer owner that they are aware their computer is infected.
Beyond that, there are a number of large botnets which are designed to profit from this illicit mining. Hackers seem to also be expanding their focus from individual computers to large server networks owned by organizations. IBM’s X-Force security team reports that mining attacks on these networks have climbed by six times between January and August 2017.
What can Internet users do to protect themselves? Security firm Darktrace suggests antivirus software can be helpful in detecting whether these tools have infiltrated a system. Still, insiders may be able to set up illegal operations with a higher degree of secrecy, and these could be more difficult to track. It seems that digital security companies will have to work quickly to adapt