Cryptocurrencies have taken the world by storm in the past few years, making it hard to miss all the buzz around Bitcoin and Blockchain technology. While the cryptocurrencies are far from new to cybercriminals, cryptojacking opens up new ways attackers can easily monetize compromised websites without the need to distribute malware.
For the uninitiated, cryptocurrencies are obtained either exchanged or mined. Mining cryptocurrency is the process by which transactions are verified and added to the public ledger called a blockchain. Since the mining process involves computationally intensive operations, the miner who solves the puzzle first reaps a reward.
Of course, it’s nothing new for malware to mine cryptocurrency en-masse (of course, benefitting the cybercriminals, not the malware victims). However, the capabilities and speed of modern browsers have enabled attackers to simply place scripts that mine cryptocurrencies on as many websites as possible, and reap the rewards of the compromised websites’ visitors’ CPU cycles.
Cybercriminals do not even need to pull-off advanced attacks since cryptojacking turns even the most trivial cross-site scripting (XSS) vulnerabilities (especially stored XSS), into a very effective monetization opportunity for cyber criminals, especially on high-traffic sites. Moreover, cybercriminals are smart to mine the Monero cryptocurrency instead of Bitcoin or other cryptocurrencies — this is because Monero, unlike most other cryptocurrencies, is memory-bound rather than CPU-bound. This means that in contrast to other cryptocurrency mining which typically requires specialized hardware to obtain good results, Monero mining can produce relatively good results on regular hardware.
While cryptojacking is not likely to make cybercriminals rich when attacking a handful of websites, wide-spread vulnerabilities in WordPress, Drupal and Joomla! plugins, cryptojacking certainly gives cybercriminals reason to try cryptocurrency mining at scale using nothing but a victim’s browser.