{"id":51879,"date":"2017-12-06T10:00:52","date_gmt":"2017-12-06T18:00:52","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=51879"},"modified":"2026-06-11T15:27:51","modified_gmt":"2026-06-11T22:27:51","slug":"threat-brief-unauthorized-coin-mining-new-threat-facing-shoppers-retailers-holiday-season","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2017\/12\/threat-brief-unauthorized-coin-mining-new-threat-facing-shoppers-retailers-holiday-season\/","title":{"rendered":"Threat Brief: Unauthorized Coin Mining \u2013 A New Threat Facing Shoppers and Retailers This Holiday Season"},"content":{"rendered":"<p><span style=\"font-size: 18pt;\">Overview<\/span><\/p>\n<p>As shoppers and retailers gear up for the 2017 holiday season, they need to be aware of a new kind of cybersecurity threat they may face this year: unauthorized coin mining.<\/p>\n<p>Unauthorized coin mining is a new threat that can affect retailers and shoppers in a way that could impact or even halt their online shopping experience. A <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2017\/10\/unit42-unauthorized-coin-mining-browser\/\">recent Unit 42 threat intelligence<\/a> posting on the topic showed how 63 percent of the unauthorized coin mining sites we found came online in October 2017.<\/p>\n<p><div style=\"max-width:100%\" data-width=\"600\"><span class=\"ar-custom\" style=\"padding-bottom:36.33%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter wp-image-51882 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/12\/unauthroized-coin-1.png\" alt=\"unauthroized coin 1\" width=\"600\" height=\"218\" \/><\/span><\/div><\/p>\n<p>This surge in unauthorized coin mining is driven, in large part, by the recent skyrocketing in the value of digital currencies like bitcoin. As that trend shows no sign of slowing down anytime soon, we can expect this to remain a very lucrative avenue for attackers.<\/p>\n<p>Unlike other cybersecurity threats we\u2019re used to bracing for around the holiday season, unauthorized coin mining attacks can affect shoppers who are up-to-date with security patches and even some running some security protections. And unlike spam or phishing, these attacks also don\u2019t require any lapse in vigilance by the user: they can happen simply by going to websites users know and trust.<\/p>\n<p>The good news for retailers is that these attacks are wholly preventable. And for shoppers, the impact of a successful attack is minimal: there are no lasting effects or impact, making it an annoyance at worst.<\/p>\n<p>But because of the potential impact on holiday shopping and the ease of attacks, unauthorized coin mining is an attack that retailers need to be aware of and take active steps for prevention this holiday season.<\/p>\n<p><span style=\"font-size: 18pt;\"><br \/>\nWhat Is Unauthorized Coin Mining?<\/span><\/p>\n<p>The best way to understand the threat of unauthorized coin mining is to first understand its impact. Unauthorized coin mining is an attack that can cause a user\u2019s system to suddenly and unexpectedly slow down, sometimes significantly, when visiting a website. In a worst case, the slow-down can be so severe that it can make a website basically unusable.<\/p>\n<p>Obviously, this impact is potentially dire for shoppers and retailers as it directly impacts and harms the online shopping experience. What causes this impact is when the website the user visits is running \u201ccoin miner\u201d code.<\/p>\n<p>\u201cCoin miner\u201d code is code used to \u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Bitcoin#Mining\" rel=\"nofollow,noopener\" >mine<\/a>\u201d for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Digital_currency\" rel=\"nofollow,noopener\" >digital currency<\/a> like <a href=\"https:\/\/en.wikipedia.org\/wiki\/Bitcoin\" rel=\"nofollow,noopener\" >bitcoin<\/a>. Mining provides the computing necessary to power the digital currency\u2019s infrastructure. Mining is also a computationally intensive process, meaning it takes a lot of system resources. Because of this, people can earn digital currency credit in exchange for the use of their computing resources to power that digital currency\u2019s infrastructure.<\/p>\n<p>There are many kinds of coin mining software. In this case, we are concerned about coin mining code that\u2019s used on websites. When the user visits the website, the code runs on their system and \u201cmines\u201d on behalf of others \u2013 either the website or someone else.<\/p>\n<p>When this is done with the visitor\u2019s full knowledge and consent, it\u2019s a fair and reasonable exchange. For instance, there are some websites that now use coin mining as an alternative to digital advertising to generate revenue. In these cases, the coin mining is authorized; the website informs the user that, while on the site, his or her computing resources will be used to \u201cmine\u201d digital currency, and the site will receive the credits. While the user will experience a slow-down as the coin mining software is run, it is (or should be) expected, because of the notification, and so done with the site visitor\u2019s consent.<\/p>\n<p>Where this becomes a problem is when coin mining is done without the user\u2019s knowledge and consent. In this case the coin mining is unauthorized: in essence, it\u2019s an attack against the user\u2019s resources.<\/p>\n<p><span style=\"font-size: 18pt;\"><br \/>\nHow Do Unauthorized Coin Mining Attacks Happen?<\/span><\/p>\n<p>Unauthorized coin mining attacks happen very simply: the website the user is visiting has special code on it that performs coin mining operations on the visitor\u2019s computer while they\u2019re on the website. And, as noted before, this happens without the user\u2019s knowledge or consent.<\/p>\n<p>Because these attacks happen due to code on the website, that code is either there with the site owner\u2019s knowledge and permission or not.<\/p>\n<p>When unauthorized coin mining happens with the site owner\u2019s knowledge and permission, it\u2019s basically a malicious site. That site\u2019s owner is the attacker. When we\u2019re talking about online shopping, clearly there\u2019s no threat here to the retailer: they\u2019re the ones doing the attacking. And for the shopper, it means you\u2019re on an untrustworthy site and so open to all manner of risks beyond just unauthorized coin mining.<\/p>\n<p>The real, significant situation shoppers and retailers need to think about this season is when unauthorized coin mining code is on a site without that site owner\u2019s knowledge and permission. Here the site itself has been attacked, and the site owners are also victims. This is an attack against not just shoppers but the retailers operating online shopping sites.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 18pt;\">How You Can Prevent Unauthorized Coin Mining Attacks<\/span><\/p>\n<p>If you\u2019re a shopper, there are three things you can do to protect yourself against unauthorized coin mining attacks this holiday season:<\/p>\n<ol>\n<li>Ensure you\u2019re only shopping online at websites you know and trust.<\/li>\n<li>Run security on your systems that includes protection against malicious websites and scripts.<\/li>\n<li>If you think you\u2019re experiencing an unauthorized coin mining attack, close your web browser. That\u2019s all you need to do to end the attack; once you do, the attack is over and there\u2019s no lasting impact.<\/li>\n<\/ol>\n<p>If you\u2019re a retailer, preventing unauthorized coin mining attacks comes down to focusing on two tasks, both of which you should be doing anyway:<\/p>\n<ol>\n<li>Make sure your website is properly secured to prevent unauthorized uploads and changes to the site code.<\/li>\n<li>Ensure that, as part of your overall site, you use only trusted third-party sites that themselves provide adequate security to prevent unauthorized uploads and changes to their site code. This includes third-party sites like advertisers and payment processors.<\/li>\n<\/ol>\n<p>Finally, if you\u2019re a legitimate website that has chosen to implement coin mining to raise funds from your visitors, you can ensure that your visitors don\u2019t think you\u2019re engaged in unauthorized coin mining by doing three things:<\/p>\n<ol>\n<li>Provide prominent notice to visitors that your site uses coin mining.<\/li>\n<li>Provide an explanation to help visitors understand clearly what coin mining is, what they can expect the impact to be on them, and what they can do if they don\u2019t want their system to perform coin mining for you.<\/li>\n<li>Configure your coin mining code to utilize visitors\u2019 resources sparingly and respectfully. If they don\u2019t notice a significant impact they will be less likely to view the activity as malicious and so more likely to help you out.<\/li>\n<\/ol>\n<p><span style=\"font-size: 18pt;\"><br \/>\nConclusion<\/span><\/p>\n<p>Working to prevent cybercrime threats during the holiday season has become a standard part of what shoppers and retailers do every year. This year, for the first time in many years, shoppers and retailers are facing a new threat, unauthorized coin mining, driven by the surge in digital currency prices.<\/p>\n<p>While this threat can have a clear, negative impact on retailers and shoppers, the good news is that this threat is easily preventable and poses no lasting harm to consumers.<\/p>\n<p>This is a case where forewarned is forearmed, and that forearming can result in effective prevention.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat Brief: unauthorized coin mining \u2013 a new threat facing shoppers and retailers this holiday season.<\/p>\n","protected":false},"author":287,"featured_media":25785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10737],"tags":[4279,5001],"coauthors":[3069],"class_list":["post-51879","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-intelligence","tag-retail","tag-unauthorized-coin-mining"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/03\/Linkedin.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/51879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/287"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=51879"}],"version-history":[{"count":6,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/51879\/revisions"}],"predecessor-version":[{"id":53304,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/51879\/revisions\/53304"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/25785"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=51879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=51879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=51879"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=51879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}