As the value of cryptocurrencies go up and down, it makes legitimate crypto-mining endeavors a volatile mix of risk and reward. But...if you can get your computing power, cooling and electricity for free – that’s an entirely different proposition. And that’s exactly what cryptojacking offers. In fact, it’s been attractive enough to put a sizable dent into the use of ransomware. That makes sense because ransomware only pays off if you get deep enough into a system to get write to the file system, remain undetected long enough to encrypt sufficient information, and then convince the victim to pay the ransom.
Cryptojacking requires less privilege and can be silent with regard to the file system. The only thing really needed is the ability to run code and communicate with the mining coordination server. That means cryptojacking can occur on the browser level with JavaScript.
Cryptojacking has its roots in a well-intentioned effort to replace ads with a less annoying source of revenue for free sites. But like many things, that technology has been bent to evil designs.
In this webinar, we’ll look at the current landscape of cryptojacking and show you how it works. We’ll try to infect a lab system with this “parasitic” type of malware and see what it does to the system. We’ll talk briefly about the other types of cryptocurrency besides classic Bitcoin that come up when you discuss cryptojacking.
Then we’ll discuss the risks. Cryptojacking is far from harmless. Its multi-faceted risks are actually quite interesting.
Finally, we’ll focus on detecting cryptojacking and show you where detection of crypto-mining is similar to other types of malware detection and where it’s different. For instance, Ransomware detection leverages the fact that ransomware has to read a lot of files and generates high write activity. That doesn’t happen with crypto-mining. There are other non-signature dependent indicators to look for though. Some specific to crypto-mining and others common to general malware detection. We’ll talk about how browser-based cryptojacking lacks a lot of these general malware IOCs, but how it’s also less efficient and more challenging to achieve persistence.
Our sponsor is Rapid7 and Eric Sun will show us how their InsightIDR solution specifically helps to detect crypto-jacking and more broadly unifies SIEM, UBA, ABA, and EDR capabilities to provide real-time visibility and incident detection across your network, endpoints, and cloud services.
Please join us for this real training for free event.