SAN FRANCISCO, June 28, 2018 (GLOBE NEWSWIRE) — RiskIQ, the global leader in digital threat management, today released an infographic mapping and profiling the global cryptocurrency mining landscape, which has swelled in size due to the rush by companies and threat actors alike to capitalize on cryptocurrency’s skyrocketing valuation.
The infographic is based on data collected by RiskIQ’s web crawling infrastructure, which downloads and analyzes website content to identify the individual technical components that load when rendered to detect cryptocurrency miners across the Internet. The research highlights the influx of revenue-generating miners in domains in the Alexa top-10,000 and analyzes their attributes, such as prevalence, longevity and associated infrastructure.
Since these miners require an expensive amount of computing power—Fundstrat reported that the cost of mining a single Bitcoin reached about $8,038 and the costs of mining other coins are not far behind — actors often source it from unwitting users. To do so, they take advantage of the fact that security teams lack visibility into all the ways that they can be attacked externally and struggle to understand what belongs to their organization, how it’s connected to the rest of their asset inventory and what potential vulnerabilities are exposed to compromise.
While some brands capitalize by running cryptocurrency mining scripts in the background of their sites to leverage the computers of their visitors legally, threat actors exploit this blind spot to hack vulnerable sites or spin up fake, illegitimate websites to siphon money, often with typosquatting domains and fraudulent branding. RiskIQ reported back in February that an upwards of 50,000 total websites have been observed using Coinhive in the past year–many of them likely without the original owner’s knowledge.
“In the case of cryptocurrency mining scripts, organizations must be able to inventory all the third-party code running on their web assets and be able to detect instances of threat actors leveraging their brand on illegitimate sites around the Internet,” said Adam Hunt, chief data scientist at RiskIQ. “Threat actors realize the lack of visibility these organizations have and are targeting it accordingly.”
The report found that threat actors leveraging domains or subdomains that belong, or appear to belong, to major brands, trick people into visiting their sites running cryptocurrency mining scripts to monetize their content.
Report highlights include:
- The average amount of time a cryptocurrency mining script is active
- Most popular cryptocurrency mining scripts
- Number of hosts running cryptocurrency miners in the Alexa top-10,000
- Top-level domains utilized by cryptocurrency miners
- Top-5 geolocations of cryptocurrency miners
To view the rest of these stats, download the infographic here: https://www.riskiq.com/infographic/cryptocurrency-miner-landscape
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.
Visit https://www.riskiq.com or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/
© 2018 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.
Montner Tech PR
Note: RiskIQ, Inc. did not issue this press release through our service. We are simply sharing it on our website since it was distributed by a top-tier newswire service and relates to crypto.