Cryptocurrency online mining practice has become very popular
According to cyber security organization specialists, one in every 500 of the one million most visited websites according to Alexa contains cryptocurrency mining software based on the network that begins a mining process as soon as the website is opened in the browser; yet, despite having become a common practice, network-based cryptojacking is not a very lucrative business.
“Based on the configuration of common desktop computers and web site visits statistics, we estimate that revenues generated by individual miners oscillate in a range between a few cents up to $340 USD a day under the current price of the respective cryptocurrencies”, the expert said.
The rise of the cryptojacking
Memory-bound cryptocurrencies such as Monero, Bytecoin, and Electroneum do not require dedicated mining platforms, as they can be easily and cost-effectively extracted in common computer systems. But the cryptojackers do not want to use their own computers and pay for infrastructure and electric energy, and since the advent of CoinHive and similar web-based mining scripts, they no longer have to use their own devices or infrastructure.
Such cryptominers work in all major browsers and the mining script can even be injected into web pages on the load through compromised routers.
Is it worth it as a business?
The revenues of a cryptojacking campaign depend on how aggressive the miner’s use is on the intervened CPU. But if the process becomes too aggressive, users should notice that their computer is being used to mine cryptocurrency, and, if they do so, they could interrupt the process (by simply leaving the website, for example).
Taking as reference the 10 most profitable sites that have cryptomining code, cyber security organization experts estimated that attackers are capable of generating between 0.53 and 1.51 Monero units per day, that is, between $119 USD and $340 USD, according to the current value.
While it is not too much, since revenues are obtained at no cost to the miner, this remains a remarkable gain. “However, we come to the conclusion that the current cryptojacking is not as profitable as one might expect and the general revenues of a whole campaign are moderate” the investigators said.
How to stop this practice?
Cyber security organization researchers from the International Institute of Cyber Security have concluded that currently the websites most attacked by this practice lack the necessary security measures to avoid the injection of mining codes. Besides, it is difficult to know when a computer processor is being used for such purposes, as the only reliable indicator of active mining is the prolonged and excessive use of the CPU, its advice to browser developers is to implement CPU assignments, because in this way, the processing unit can take measures such as regulation of tabbed scripts or notifications to the user.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.