Hackers Target Computer Rigs To Illegally Mine Cryptocurrencies
Last week, news broke that several major websites, including television network Showtime, had been harnessing web visitor computing power for the purposes of mining for digital currencies. (See more: Showtime Websites Used Visitors' Computer Power for Crypto Mining.) While the process is murky from a legal perspective, it is nonetheless something that most (if not all) customers were unaware was happening when they visited the website.
According to the MIT Technology Review, "an observant Twitter user" first realized that the Showtime Anytime website contained an add-in that was using visitors' computing power to mine for Monero, a prominent digital currency. Showtime removed the CPU-harnessing tool quickly, but there are lingering concerns.
"Security experts have seen a spike in cyberattacks this year that are aimed at stealing computer power for mining operations," according to the Technology Review.
Cryptocurrencies have become one of the hottest investment trends in recent financial memory. The entire industry is valued at about $140 billion as of this writing, and cryptocurrency mining is the driver of the entire space.
In order to mine for digital tokens, miners must set up powerful computing rigs which dedicate massive amounts of CPU power and electricity toward solving complex algorithms. The reward for completing the problems is a small portion of the digital currency in question.
The same mining tool which showed up on Showtime's website has also been found elsewhere. It comes from a company called Coinhive, and it is designed as a way for website owners to generate additional revenue without having to display ads. Unfortunately, it seems that hackers have quickly moved to capitalize on the tool, with researchers discovering the software embedded in Chrome extensions, Wordpress blogs, and many other places.
1.65 Million Computers?
Kaspersky Lab, a cybersecurity firm, recently reported that it found cryptocurrency mining tools of this type on 1.65 million client computers so far in 2017. (See more: Cryptocurrency Mining Malware Attacks Are a Threat.) This marks a significant uptick from last year.
Beyond that, there are a number of large botnets which are designed to profit from this illicit mining. Hackers seem to also be expanding their focus from individual computers to large server networks owned by organizations. IBM's X-Force security team reports that mining attacks on these networks have climbed by six times between January and August 2017.
What can Internet users do to protect themselves? Security firm Darktrace suggests antivirus software can be helpful in detecting whether these tools have infiltrated a system. Still, insiders may be able to set up illegal operations with a higher degree of secrecy, and these could be more difficult to track. It seems that digital security companies will have to work quickly to adapt.