Light Dark
April 20, 2018 By Shane Schick 2 min read

A research report from the U.K. suggested that the practice of cryptojacking website visits to mine Monero and other digital currencies will emerge as a prominent threat over the course of 2018.

For its “The Cyber Threat to U.K. Businesses,” report, the U.K. National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) drew upon several existing studies as well as their own data to assess the current cyberthreat landscape in the region. While the scope of the report included everything from security vulnerabilities to ransomware and distributed denial-of-service (DDoS) attacks, the authors highlighted a half-dozen new threats for U.K. businesses to look out for, including cryptojacking.

Cryptojacking Poses Unique Challenges

In February, at least 600 websites in the U.K. (and more than 4,000 worldwide) secretly used a screen plugin for visually impaired computer users to mine cryptocurrency, according to the report. Victims were likely unaware that their machine’s resources were being diverted because, other than webpages taking longer to load and potential slowdowns in application performance, the attackers left few clues of their intrusion.

The report noted that cryptojacking is a particularly challenging threat to detect because it is sometimes carried out by legitimate website owners looking for new revenue streams.

CMS in the Crosshairs

While cyptojacking WordPress sites has been a prevalent trend for some time, a recent report from the SANS Technology Institute revealed that attackers are now turning to a new content management system (CMS) as well. For example, one attack vector uses a downloader to place a cryptocurrency miner and then activate it on a site. CryptoVest conducted its own investigation and found that the threat actors behind the scheme host multiple websites from a set of shared servers.

Last month, Symantec’s “Internet Security Threat Report” revealed that the volume of crypojacking attempts against endpoint computers skyrocketed by 8,500 percent over the course of the past year.

Beyond the rise of cyptojacking as a serious threat to consumers in the U.K. and elsewhere, the NCA/NCSC report cited attacks against Internet of Things (IoT) devices, supply chain compromises and cloud security as areas of concern.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

February 14, 2025

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature