Threat Brief: Unauthorized Coin Mining – A New Threat Facing Shoppers and Retailers This Holiday Season

Christopher Budd


Category: Threat Brief

Overview

As shoppers and retailers gear up for the 2017 holiday season, they need to be aware of a new kind of cybersecurity threat they may face this year: unauthorized coin mining.

Unauthorized coin mining is a new threat that can affect retailers and shoppers in a way that could impact or even halt their online shopping experience. A recent Unit 42 threat intelligence posting on the topic showed how 63 percent of the unauthorized coin mining sites we found came online in October 2017.

unauthroized coin 1

This surge in unauthorized coin mining is driven, in large part, by the recent skyrocketing in the value of digital currencies like bitcoin. As that trend shows no sign of slowing down anytime soon, we can expect this to remain a very lucrative avenue for attackers.

Unlike other cybersecurity threats we’re used to bracing for around the holiday season, unauthorized coin mining attacks can affect shoppers who are up-to-date with security patches and even some running some security protections. And unlike spam or phishing, these attacks also don’t require any lapse in vigilance by the user: they can happen simply by going to websites users know and trust.

The good news for retailers is that these attacks are wholly preventable. And for shoppers, the impact of a successful attack is minimal: there are no lasting effects or impact, making it an annoyance at worst.

But because of the potential impact on holiday shopping and the ease of attacks, unauthorized coin mining is an attack that retailers need to be aware of and take active steps for prevention this holiday season.


What Is Unauthorized Coin Mining?

The best way to understand the threat of unauthorized coin mining is to first understand its impact. Unauthorized coin mining is an attack that can cause a user’s system to suddenly and unexpectedly slow down, sometimes significantly, when visiting a website. In a worst case, the slow-down can be so severe that it can make a website basically unusable.

Obviously, this impact is potentially dire for shoppers and retailers as it directly impacts and harms the online shopping experience. What causes this impact is when the website the user visits is running “coin miner” code.

“Coin miner” code is code used to “mine” for digital currency like bitcoin. Mining provides the computing necessary to power the digital currency’s infrastructure. Mining is also a computationally intensive process, meaning it takes a lot of system resources. Because of this, people can earn digital currency credit in exchange for the use of their computing resources to power that digital currency’s infrastructure.

There are many kinds of coin mining software. In this case, we are concerned about coin mining code that’s used on websites. When the user visits the website, the code runs on their system and “mines” on behalf of others – either the website or someone else.

When this is done with the visitor’s full knowledge and consent, it’s a fair and reasonable exchange. For instance, there are some websites that now use coin mining as an alternative to digital advertising to generate revenue. In these cases, the coin mining is authorized; the website informs the user that, while on the site, his or her computing resources will be used to “mine” digital currency, and the site will receive the credits. While the user will experience a slow-down as the coin mining software is run, it is (or should be) expected, because of the notification, and so done with the site visitor’s consent.

Where this becomes a problem is when coin mining is done without the user’s knowledge and consent. In this case the coin mining is unauthorized: in essence, it’s an attack against the user’s resources.


How Do Unauthorized Coin Mining Attacks Happen?

Unauthorized coin mining attacks happen very simply: the website the user is visiting has special code on it that performs coin mining operations on the visitor’s computer while they’re on the website. And, as noted before, this happens without the user’s knowledge or consent.

Because these attacks happen due to code on the website, that code is either there with the site owner’s knowledge and permission or not.

When unauthorized coin mining happens with the site owner’s knowledge and permission, it’s basically a malicious site. That site’s owner is the attacker. When we’re talking about online shopping, clearly there’s no threat here to the retailer: they’re the ones doing the attacking. And for the shopper, it means you’re on an untrustworthy site and so open to all manner of risks beyond just unauthorized coin mining.

The real, significant situation shoppers and retailers need to think about this season is when unauthorized coin mining code is on a site without that site owner’s knowledge and permission. Here the site itself has been attacked, and the site owners are also victims. This is an attack against not just shoppers but the retailers operating online shopping sites.

 

How You Can Prevent Unauthorized Coin Mining Attacks

If you’re a shopper, there are three things you can do to protect yourself against unauthorized coin mining attacks this holiday season:

  1. Ensure you’re only shopping online at websites you know and trust.
  2. Run security on your systems that includes protection against malicious websites and scripts.
  3. If you think you’re experiencing an unauthorized coin mining attack, close your web browser. That’s all you need to do to end the attack; once you do, the attack is over and there’s no lasting impact.

If you’re a retailer, preventing unauthorized coin mining attacks comes down to focusing on two tasks, both of which you should be doing anyway:

  1. Make sure your website is properly secured to prevent unauthorized uploads and changes to the site code.
  2. Ensure that, as part of your overall site, you use only trusted third-party sites that themselves provide adequate security to prevent unauthorized uploads and changes to their site code. This includes third-party sites like advertisers and payment processors.

Finally, if you’re a legitimate website that has chosen to implement coin mining to raise funds from your visitors, you can ensure that your visitors don’t think you’re engaged in unauthorized coin mining by doing three things:

  1. Provide prominent notice to visitors that your site uses coin mining.
  2. Provide an explanation to help visitors understand clearly what coin mining is, what they can expect the impact to be on them, and what they can do if they don’t want their system to perform coin mining for you.
  3. Configure your coin mining code to utilize visitors’ resources sparingly and respectfully. If they don’t notice a significant impact they will be less likely to view the activity as malicious and so more likely to help you out.


Conclusion

Working to prevent cybercrime threats during the holiday season has become a standard part of what shoppers and retailers do every year. This year, for the first time in many years, shoppers and retailers are facing a new threat, unauthorized coin mining, driven by the surge in digital currency prices.

While this threat can have a clear, negative impact on retailers and shoppers, the good news is that this threat is easily preventable and poses no lasting harm to consumers.

This is a case where forewarned is forearmed, and that forearming can result in effective prevention.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS