ABSTRACT
Cryptojacking is the act of using an individual's or an organization's computational power in order to mine cryptocurrency. In some scenarios, this can be considered as a monetization strategy, very much similar to advertisements. But to do so without the explicit consent of the computer owners is considered illegitimate. During previous years, attackers' focus was heavily laid on browser-based cryptojacking. However, it was noted that the attackers are now shifting their attention to more robust, more superior targets, such as cloud servers and cloud infrastructure. This paper analyses 11 forms of practical scenarios of cryptojacking attacks that are targeted towards cloud infrastructure. We carefully look at their similarities and properties, comparing those features with the limitations of existing literature regarding the detection systems. In this paper, we survey the attack forms, and we also survey the limitations of existing literature as an attempt to outline the research gap between the practical scenarios and existing work.
- Alzuri, A. et al. The Growth of Fileless Malware. 5.Google Scholar
- Barbhuiya, S. et al. 2018. RADS: Real-time Anomaly Detection System for Cloud Data Centres. arXiv:1811.04481 [cs]. (Nov. 2018).Google Scholar
- Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations: 2018. https://www.f5.com/labs/articles/threat-intelligence/beware-of-attackers-stealing-your-computing-power-for-their-cryptomining-operations.html. Accessed: 2019-11-17.Google Scholar
- Chen, J. 2019. Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub. Unit42.Google Scholar
- Cryptojacking and Crypto Mining - Tesla, Kubernetes, and Jenkins Exploits: 2018. https://neuvector.com/container-security/cryptojacking-crypto-mining-tesla-kubernetes-jenkins-exploits/. Accessed: 2019-11-16.Google Scholar
- "CryptoSink" Campaign Deploys a New Miner Malware: 2019. https://www.f5.com/labs/articles/threat-intelligence/-cryptosink-campaign-deploys-a-new-miner-malware.html. Accessed: 2019-11-05.Google Scholar
- ESET 2019. Cybersecurity Trends: 2019.Google Scholar
- Eskandari, S. et al. 2018. A First Look at Browser-Based Cryptojacking. 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (London, Apr. 2018), 58--66.Google ScholarCross Ref
- IBM 2019. IBM X-Force Threat Intelligence Index 2019. (2019), 36.Google Scholar
- Jenkins Miner: One of the Biggest Mining Operations Ever Discovered: 2018. https://research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/. Accessed: 2019-11-17.Google Scholar
- Konoth, R.K. et al. 2018. MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18 (Toronto, Canada, 2018), 1714--1730.Google Scholar
- Lessons from the Cryptojacking Attack at Tesla: 2018. https://redlock.io/blog/cryptojacking-tesla. Accessed: 2019-10-17.Google Scholar
- Making it Rain - Cryptocurrency Mining Attacks in the Cloud: https://www.alienvault.com/blogs/labs-research/making-it-rain-cryptocurrency-mining-attacks-in-the-cloud. Accessed: 2019-11-07.Google Scholar
- Mansfield-Devine, S. 2017. Fileless attacks: compromising targets without malware. Network Security. 2017, 4 (Apr. 2017), 7--11. DOI:https://doi.org/10.1016/S1353-4858(17)30037-5.Google ScholarDigital Library
- Meet Adylkuzz: Cryptocurrency-mining malware spreading using the same exploit as WannaCry: 2017. https://blog.avast.com/meet-adylkuzz-cryptocurrency-mining-malware-spreading-using-the-same-exploit-as-wannacry. Accessed: 2019-11-17.Google Scholar
- Miner.Xmrig | Symantec: https://www.symantec.com/security-center/writeup/2018-061105-4627-99. Accessed: 2019-11-18.Google Scholar
- MS-ISAC 2019. EternalBlue. Technical Report #SP2019-0101. MS-ISAC.Google Scholar
- Nahmias, D. et al. 2019. TrustSign: Trusted Malware Signature Generation in Private Clouds Using Deep Feature Transfer Learning. 2019 International Joint Conference on Neural Networks (IJCNN) (Budapest, Hungary, Jul. 2019), 1--8.Google Scholar
- Nakashima, E. and Timberg, C. NSA o?cials worried about the day its potent hacking tool would get loose. Then it did. 5.Google Scholar
- O'Gorman, B. 2018. Cryptojacking: A Modern Cash Cow. Symantec.Google Scholar
- Papadopoulos, P. et al. 2018. Truth in Web Mining: Measuring the Profitability and Cost of Cryptominers as a Web Monetization Model. arXiv:1806.01994 [cs]. (Jun. 2018).Google Scholar
- 'RubyMiner' Cryptominer Affects 30% of WW Networks: 2018. https://research.checkpoint.com/rubyminer-cryptominer-affects-30-ww-networks/. Accessed: 2019-11-17.Google Scholar
- Rüth, J. et al. 2018. Digging into Browser-based Crypto Mining. Proceedings of the Internet Measurement Conference 2018 on - IMC '18. (2018), 70--76. DOI:https://doi.org/10.1145/3278532.3278539.Google ScholarDigital Library
- Saad, M. et al. 2018. End-to-End Analysis of In-Browser Cryptojacking. arXiv:1809.02152 [cs]. (Sep. 2018).Google Scholar
- Schneier, B. 2015. Secrets and lies: digital security in a networked world. John Wiley & Sons, Inc.Google ScholarDigital Library
- Smominru botnet infects 4,700 new PCs daily: 2019. https://www.kaspersky.com/blog/smominru-botnet-eternalblue/28862/. Accessed: 2019-11-16.Google Scholar
- Symantec 2018. Symantec Internet Security Threat Report 2018. Symantec.Google Scholar
- Tahir, R. et al. 2017. Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises. Research in Attacks, Intrusions, and Defenses. M. Dacier et al., eds. Springer International Publishing. 287--310.Google Scholar
- Trend Micro 2017. 2017 Annual Security Roundup: The Paradox of Cyberthreats. Trend Micro.Google Scholar
- Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation: 2019. https://www.varonis.com/blog/monero-cryptominer/. Accessed: 2019-11-17.Google Scholar
- Wang, W. et al. 2018. SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks. Computer Security. J. Lopez et al., eds. Springer International Publishing. 122--142.Google Scholar
- Wannamine cryptominer that uses EternalBlue still active: 2018. https://www.cybereason.com/blog/wannamine-cryptominer-eternalblue-wannacry. Accessed: 2019-11-16.Google Scholar
- Wueest, C. and Anand, H. 2017. Living off the land and fileless attack techniques. (2017), 30.Google Scholar
- xmrig 2019. xmrig/xmrig.Google Scholar
- XMRig Miner Now Targeting Oracle WebLogic and Jenkins Servers to Mine Monero: 2018. https://www.f5.com/labs/articles/threat-intelligence/xmrig-miner-now-targeting-oracle-weblogic-and-jenkins-servers-to-mine-monero.html. Accessed: 2019-11-07.Google Scholar
- Zhou, B. et al. Can We Reliably Detect Malware Using Hardware Performance Counters? 2.Google Scholar
Index Terms
- A Survey of Attack Instances of Cryptojacking Targeting Cloud Infrastructure
Recommendations
MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityA wave of alternative coins that can be effectively mined without specialized hardware, and a surge in cryptocurrencies' market value has led to the development of cryptocurrency mining ( cryptomining ) services, such as Coinhive, which can be easily ...
MineThrottle: Defending against Wasm In-Browser Cryptojacking
WWW '20: Proceedings of The Web Conference 2020In-browser cryptojacking is an urgent threat to web users, where an attacker abuses the users’ computing resources without obtaining their consent. In-browser mining programs are usually developed in WebAssembly (Wasm) for its great performance. Several ...
A New Cryptojacking Malware Classifier Model Based on Dendritic Cell Algorithm
ICVISP 2019: Proceedings of the 3rd International Conference on Vision, Image and Signal ProcessingA new threat known as "cryptojacking" has entered the picture where cryptojacking malware is the future trend for cyber criminals, who infect victim's device, install cryptojacking malware, and use the stolen resources for crytocurrency mining. Worse ...
Comments