One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 803093 |
| Date de publication | 2018-09-11 13:00:00 (vue: 2018-09-11 16:03:27) |
| Titre | Explain Cryptojacking to Me |
| Texte | Last year, I wrote that ransomware was the summer anthem of 2017. At the time, it seemed impossible that the onslaught of global ransomware attacks like WannaCry and NotPetya would ever wane. But, I should have known better. Every summertime anthem eventually gets overplayed. This year, cryptojacking took over the airwaves, fueled by volatile global cryptocurrency markets. In the first half of 2018, detected cryptojacking attacks increased 141%, outpacing ransomware attacks. In this blog post, I’ll address cryptojacking: what it is, how it works, how to detect it, and why you should be tuning into this type of threat. What is Cryptojacking? Crytojacking definition: Cryptojacking is the act of using another’s computational resources without their knowledge or permission for cryptomining activities. By cryptojacking mobile devices, laptops, and servers, attackers effectively steal the CPU of your device to mine for cryptocurrencies like Bitcoin and Monero. Whereas traditional malware attacks target sensitive data that can be exploited for financial gain, like social security numbers and credit card information, cybercriminals that launch cryptojacking campaigns are more interested in your device’s computing power than your own personal data. To understand why, it’s helpful to consider the economics of cryptocurrency mining. Mining for cryptocurrencies like Bitcoin and Monero takes some serious computing resources to solve the complex algorithms used to discover new coins. These resources are not cheap, as anyone who pays their organization’s AWS bill or data center utility bill can attest to. So, in order for cryptocurrency mining to be profitable and worthwhile, the market value of the cryptocurrency must be higher than the cost of mining it – that is, unless you can eliminate the resource costs altogether by stealing others’ resources to do the mining for you. That’s exactly what cryptojacking attacks aim to do, to silently turn millions of devices into cryptomining bots, enabling cybercriminals to turn a profit without all the effort and uncertainty of collecting a ransom. Often, cryptojacking attacks are designed to evade detection by traditional antivirus tools so that they can quietly run in the background of the machine. Does this mean that all cryptomining activity is malicious? Well, it depends on who you ask. Cryptomining vs. Cryptojacking As the cryptocurrency markets have gained value and become more mainstream in recent years, we’ve seen a digital gold rush to cryptomine for new Bitcoin, and more recently, Monero. What began with early adopters and hobbyists building home rigs to mine for new coins has now given way to an entire economy of mining as a service, cryptoming server farms, and even cryptomining cafes. In this sense, cryptomining is, more or less, considered a legal and legitimate activity, one that could be further legitimized by a rumored $12 Billion Bitman IPO. Yet, the lines between cryptomining and cryptojacking are blurry. For example, the cryptomining “startup” Coinhive has positioned its technology as an alternative way to monetize a website, instead of by serving ads or charging a subscription. According to the website, the folks behind Coinhive, “dream about it as an alternative to micropayments, artificial wait time in online games, intrusive ads and dubious marketing tactics.” Yet at the same time, Coinhive has been one of the most common culprits found |
| Envoyé | Oui |
| Condensat | 002 2018 365 7600 7602 able about above account accounts across actionable activities activity admin advanced advantage against aggressively alerts alienvault all amazon analyze analyzed anomalous antivirus anywhere appear apps are attack attacker attackers attacks attempt automates automatically avoid aws azure based becoming behaviors being bent best between beyond blank bots built bypass campaign campaigns can capabilities challenge chrome cloud cloudtrail command common computing container continuously control core correlates correlation cover created credentials critical crucial cryptojacking cryptominer cryptomining curate cve daily dark data day dedicated defend defense delete deleted deleting delivers desktop detect detected detecting detection detects discover disrupt docker down download draining drive drupal duration easy elasticsearch emerging employ endpoint endpoints entire environment environments evade even events evolve evolving example examples exchange exe executed exfiltration explain exploitation exploits extension fileless first flood fortunately found free from get github good guidance has have headline here high hijack hosts how href= https://www human hunt hunting hygiene identify important incident include include: including increasingly indicators infected infiltrated infinite infrastructure installation instances instrumentation integrated intelligence introduction involved iocs it’s jboss jenkins keep labs lateral latest launched learning like like: linux list listening lock logs long look machine malicious malware management many massminer may mentioned microsoft million modern modules monitoring more movement much multiple must near needed network network; new normal noting number observed off office oka once onto open order org/sa organization other otx out pace packaged payload payloads perhaps perimeter persistence physical platform powerful powershell practices practices: practicing premises premises; priority privileges procedures process processes programatically programmatically protection protocol provide public queries quickly rapidly rdp real recently remote requires research resources respond response result reverse rise rules saas secure security see servers service services session shared shut signature silently simple single siphon spin ssh start started starting stay sufficient suite suspicious tactics take target target= targets team temporary test there’s these threat threats through tips tools tracks traditional trails trial tscon ttps tunnel two types uac unfolds unfortunate unified unless unsecure updated use user users uses using usm virtualized visibility way we’ve web well which wild windows without wmi write year yet your yourself |
| Tags | Malware Threat |
| Stories | NotPetya Wannacry Tesla |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.