The year 2017 was definitely “the year of bitcoin” as its value skyrocketed from $900 up to $20,000 during this year. This amazing increase in the value of bitcoin turned speculators and hobbyists into millionaires. The cryptocurrency “gold rush” enticed a large number of people globally to invest not only in bitcoin, but also in hundreds of other cryptocurrencies whose value surged significantly during 2017.
Cryptocurrency can also be generated via confirmation or validation of transactions, a process known as cryptocurrency mining. Miners utilize their computational resources to solve complex mathematical operations in order to confirm transactions and earn a cryptocurrency reward in return. The high profitability of mining has attracted the attention of hackers and cybercriminals who leverage their skills and resources to hijack the computational power of victims and use it to mine cryptocurrencies for their own gains. This unauthorized and malicious form of cryptocurrency mining is known as “cryptojacking”. A recently published paper analyzes the security risks and economic impact of cryptojacking.
Cryptojacking has been potentially possible ever since cryptocurrencies were innovated and has been reported as early as 2011. Before 2017, cryptojacking had not been profitable, namely due to the difficulty associated with bitcoin mining when compared to its price. The massive rise in the value of most cryptocurrencies has fueled a significant surge in cryptojacking activities, since the risk vs. reward balance of this malicious activity significantly shifted towards rewards. According to the 2017 Symantec Internet Threat Report, detection of malicious cryptocurrency mining software increased by around 8,500%. This significant surge in cryptojacking activities in 2017 was associated with a sharp increase in reported cryptojacking incidents across the security community. This period witnessed new daily reports of novel means of cryptojacking that had been exploited by cybercriminals and malicious websites. This urged the US Federal Trade Commission to monitor the problem, via requesting the public to report various incidents of cryptojacking.
Cryptojacking and botnets:
Cybercriminals and hackers mostly conduct cryptojacking via means of botnets. Cybercriminals use botnets for various purposes including distributing spam emails, launching attacks, distributing malware, and targeting other systems. Governments consider botnets a tremendous threat to online security, communications’ basic infrastructures, and federal security. As such, botnets are currently of special interest to international law enforcement agencies specializing in combating cybercrimes. The US FBI estimates that more than 500,000 digital systems are compromised by botnets, which means that an average of 18 systems are infected by botnets every second. A large percentage of cybercriminals have massive experience in building enormous botnets, which can be exploited in cryptojacking. The computational resources of the botnet’s victim machines can be exploited to mine cryptocurrencies that are sent directly to the wallets of the cybercriminals controlling the botnet.
Cryptojacking website scripts:
Cryptojacking is not only used by cybercriminals. This form of illicit mining of crypto offers additional means for monetization of website visits for webmasters who are struggling to find advertisers for their websites. Instead of showing the visitor ads, a cryptojacking script secretly exploits their computational power to mine crypto, while they are visiting the website. Browser based malicious cryptojacking surged in popularity during 2017, with the release of Coinhive, a cryptocurrency mining software. Following its release, Coinhive could be identified on hundreds of websites, exploiting the computational power of visitors in cryptocurrency mining without their consent or knowledge. This was not only associated with malicious websites. Coinhive was associated with around 220 websites on the top 1 million websites by visitor traffic. Interestingly enough, Coinhive was identified on legitimate, highly popular websites including Showtime, UFC, and even some websites that offer paid services. Browser based forms of cryptojacking have been estimated to compromise more than 500 million users worldwide, with most of them unaware of its occurrence.
Cryptojacking target coins:
Cryptojacking scripts do not mine bitcoin any more due to the massive rise in the network’s difficulty, so an average personal computer can mine no more than what is worth a few cents in a week or so. Accordingly, cryptojacking software are programmed to mine other cryptocurrencies such as Monero (XMR), Bytecoin (BCN), Ethereum (ETH), Ethereum Classic (ETC), DigitalNote (XDN), and other coins of the CryptoNote family. An average personal computer can mine what is worth up to $0.5 of cryptocurrencies from the CryptoNote family.
Cryptojacking has been increasingly reported during the past few years to impact millions of victims around the world. The direct economic impact of cryptojacking is mostly related to consumed hardware and electricity costs, in addition to the cost of consumed computational resources in cases of cloud computing. The total profits generated via cryptojacking botnets should be estimated to assess the impact of this problem across compromised victim systems.