The volume of crypto-mining transactions has grown, spiking almost 500% on corporate networks.
Cybersecurity firm Zscaler has blocked more than 2.5 billion crypto-mining attempts in the last six months. The spike, the firm said, is likely tied to the sharp increase in value of cryptocurrency (Bitcoin hit highs above $19,000 in December) and the fact that legitimate sites are adopting crypto-mining as a source of revenue instead of online advertisements.
Cybercriminals are of course also taking advantage of the trend by injecting JavaScript (JS) code into compromised legitimate sites to conduct crypto-mining activities unbeknownst to site owners and visitors. In some cases, malicious advertisements are being leveraged for browser-based crypto-mining activities.
The web-based mining kit known as Coinhive dominates the crypto-miner market, with the fastest growth and with the vast majority of crypto-miners in the enterprise traffic seen on the Zscaler cloud. The embedding of Coinhive in websites has evolved over time, the firm said, with numerous compromised sites now using JavaScript obfuscation and final code masquerading as Google analytics JS code to viewers.
The category of domains that were used most for browser-based mining activity include nudity/pornography and streaming media. The average browsing time for users on video-streaming sites tends to be higher, allowing miners to maximize their activity as users stay on these sites to view movies or play games. The professional services and marketing category sites ranked high as well, demonstrating the prevalence of mining activity on corporate networks.
“Enterprise networks are being impacted in various ways,” Zscaler said. “Unwanted and unidentified mining activity inside networks causes increased wear and tear on corporate hardware, as the mining increases CPU cycles. Mining activity also hogs corporate network bandwidth and causes performance issues.”