China
Africa
Explore chapters and articles related to this topic
Optimizing and Monitoring Your Web Site to Increase Traffic
Published in Tom Hutchison, Paul Allen, Web Marketing for the Music Business, 2013
Building an attractive, enticing web site is very important. Adding these other elements will draw traffic to the site and encourage visitors to engage in word-of-mouth marketing. Search engine placement is an important aspect of helping people find your site. And once there, the elements of giveaways, contests, blogs, visitor registration, and fan-generated content encourage the visitor to return and tell others about your web site. Monitoring traffic to the site can be important for evaluating the effectiveness of the site and for guiding the webmaster when making changes and upgrades.
Crypto Mining Attacks in Information Systems: An Emerging Threat to Cyber Security
Published in Journal of Computer Information Systems, 2020
Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga, Nickson Herbert Odongo
There are three main components in a browser-based crypto mining attack: the attacker, the malware host (web server), and the victim who is usually part of a botnet. The crypto mining botnet is tailored to fulfill the requirement for the proof-of-work. In most cases, the proof-of-work cannot be accomplished by an individual victim,14, therefore, victims are pooled together to form a crypto mining botnet that works toward accomplishing a certain task. In stage 1, the attacker identifies a web server of interests and performs a reconnaissance attack to ascertain the exploitable vulnerabilities. The attacker gains access to the server after exploitation and transitions to stage two. Depending on the acquired profile, the attacker might require privilege escalation to activate the necessary JavaScript mining module. The JavaScript in most instances in planted into an ad or a self-loading resource,15 which is automatically loaded once a visitor accesses the infected page as depicted in stage 3. The victim unknowingly starts mining cryptocurrency and is inadvertently added to the crypto mining botnet pool as per stage 4. Upon completion of the task, it is the attacker who gets the rewards in the form of cryptocurrency while the victim’s CPU has just been exploited as depicted in stage 5. Most web-based crypto mining attacks use a modified Coinhive mining script,16 whereas those running executables leverage a modified version of XMRig. Coinhive, an in-browser mining script that utilizes the CPU power of the web user to mine Monero cryptocurrency.17 In its original form, it asks a web visitor whether to be subjected to web ads or browse ad-free but allow the crypto mining script to run in their browser. In the original conception, Coinhive would get 30% of the crypto mining rewards while the website owner retains the rest. However, attackers have hijacked the script to implant code the end result of which is a redirection of the crypto mining rewards to the attacker. It worth noting that an attacker can implant the mining script into the web server without the knowledge of the webmaster. And since the script would not execute on the web server, it can go unnoticed and the end result would be large-scale crypto mining for the visitors without ad-blockers who access the affected website. In light of the above, crypto mining attacks are more attractive when dealing with a site with a lot of web traffic.