Cryptojacking malware on websites soars in second quarter 2018

Criminals seem increasingly keen to cause damage without alerting the website owner to any malicious activity

Bitcoin cryptocurrency mining

Sitelock has revealed that the number of sites attacked using cryptojacking has doubled in the second quarter of 2018 compared to the first quarter.

The company explained that criminals are choosing to attack websites using this method because it goes almost completely undetected by the site owner, but can surreptitiously generate income for the hackers. 

Another shocking realisation discussed in the report is that JavaScript files are also being used by criminals more frequently to attack sites. In the second quarter, malicious JavaScript files were used to deploy cryptomining attacks in 16% more cases.

Sitelock examined six million sites to compile its Q2 report and discovered that websites are attacked an average of 58 times a day on average, which was up 16% compared to the previous quarter.

The report also found that in some cases up to 61% of traffic website owners believe are genuine users are actually bots, which can cause quite some confusion and may well be a reason why businesses are struggling to convert people coming to their site into customers and revenue streams.

However, Sitelock said search engines are making the fight against malware-infected websites harder, only blocking around 17% of websites that are affected from showing up in search results.

"Website owners that continue relying on outwardly facing symptoms or search engine warnings may be missing malware that is attacking their website visitors," Jessica Ortega, site security analyst at Sitelock said.

"This is especially concerning when you consider that 9%, or as many as 1.7 million websites, have a major security vulnerability that could allow attackers to deploy malware on them."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021