Attackers Increasingly Turning to Personal WordPress Sites to Mine Crypto

We’ve heard the many stories about hackers looking to mine cryptos making their way into large businesses computer networks to do their deeds. However, average people with WordPress sites are just as vulnerable, and they are increasingly being targeted.

A WordPress research firm just released a report detailing the growing problem, and it includes ways to detect hackers, as well as ways to keep them out in the first place.

Here, we’ll go over their findings.

WordPress site owners beware

The thought of a company hacking large companies to mine digital currencies took many by surprise. The most striking was Showtime, whose hit was discovered in September. We recently told you about Politifact, which was hit this month.

These grabbed headlines, but individuals with WordPress that may be used just for their personal blogs are just as vulnerable, according to research site Wordfence.

It found that these mainstream sites are increasingly being targeted. Consider that an estimated 25% of websites worldwide are powered by WordPress, and you can see why the popularity of these mining attacks would likely rise too, notes Wordfence.

It says it’s been monitoring the crypto mining malware situation closely over the course of October and is starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected.

The attacks we have analyzed are all trying to exploit well-known security vulnerabilities that have been around for a long time; for example, the Gravity Forms exploit from mid-2016, or the Joomla com_jce exploit from early 2014. We have also seen quite a few attempts to insert mining code using compromised WordPress administrator accounts, as well as some attacks using compromised FTP accounts.

Money driver

The research firm Checkpoint analyzed the profit potential for an attacker planting this malware, and found successful hackers who can attack an average of 1,000 users at the same time across all infected sites would generate $2,398 a month.

Due to the lucrativeness of these schemes, they will continue to grow. It was noted that although that attacks that attempt to embed cryptomining malware are currently unsophisticated, these attackers are thought to likely increase their skills just because of the money they stand to make.

Also expected is for attacks on higher-traffic websites to increase because there’s more money to be made with them.

Protect yourself

The tool of choice to protect your computer from crypto mining attacks is CoinHive.

Checkpoint notes the risks of not protecting yourself from this very real threat:

Aside from damaging their machines, users put themselves at risk for DOS attacks and additional injected code. It will become ever more necessary to ensure that users are protected from such attempts.

While popular, we told you how CoinHive still may not keep these devious, bad actors out. Such was the case of Politifact, in which CoinHive could not have done anything to prevent that particular incident.

The lesson to be learned is that you should be on guard if you have a WordPress site, as attackers are increasingly seeing these popular sites as prey.