Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

RiskIQ maps and analyses the swelling cryptocurrency miner landscape

New research finds hundreds of hosts running cryptocurrency miners in the Alexa Top-10,000

 –RiskIQ, the global leader in digital threat management, today released an infographic mapping and profiling the global cryptocurrency mining landscape, which has swelled in size due to the rush by companies and threat actors alike to capitalise on cryptocurrency’s skyrocketing valuation.

The infographic is based on data collected by RiskIQ’s web crawling infrastructure, which downloads and analyses website content to identify the individual technical components that load when rendered to detect cryptocurrency miners across the Internet. The research highlights the influx of revenue-generating miners in domains in the Alexa top-10,000 and analyses their attributes, such as prevalence, longevity and associated infrastructure.

Since these miners require an expensive amount of computing power — Fundstrat reported that the cost of mining a single Bitcoin reached about $8,038 and the costs of mining other coins are not far behind — actors often source it from unwitting users. To do so, they take advantage of the fact that security teams lack visibility into all the ways that they can be attacked externally and struggle to understand what belongs to their organisation, how it’s connected to the rest of their asset inventory and what potential vulnerabilities are exposed to compromise.

While some brands capitalise by running cryptocurrency mining scripts in the background of their sites to leverage the computers of their visitors legally, threat actors exploit this blind spot to hack vulnerable sites or spin up fake, illegitimate websites to siphon money, often with typosquatting domains and fraudulent branding. RiskIQ reported back in February that an upwards of 50,000 total websites have been observed using Coinhive in the past year–many of them likely without the original owner’s knowledge.

“In the case of cryptocurrency mining scripts, organisations must be able to inventory all the third-party code running on their web assets and be able to detect instances of threat actors leveraging their brand on illegitimate sites around the Internet,” said Adam Hunt, chief data scientist at RiskIQ. “Threat actors realise the lack of visibility these organisations have and are targeting it accordingly.”

The report found that threat actors leveraging domains or subdomains that belong, or appear to belong, to major brands, trick people into visiting their sites running cryptocurrency mining scripts to monetize their content.

Report highlights include:

  •      The amount of cryptocurrency miners RiskIQ observed over a 23-week period
  •      The average amount of time a cryptocurrency mining script is active
  •      Most popular cryptocurrency mining scripts
  •      Number of hosts running cryptocurrency miners in the Alexa top-10,000
  •      Top-level domains utilized by cryptocurrency miners
  •      Top-5 geolocations of cryptocurrency miners