Professional Documents
Culture Documents
Webinar 1516 Slides
Webinar 1516 Slides
Sponsored by
Anatomy of a Hack: How
Cryptojacking Works, Why It’s
Growing, Its Risks and
Detection
Made possible by
Thanks to
1
8/21/2018
Crypto mining
2-ways crypto mining used without consent relevant to infosecurity
Preview of Key Browser-based cryptojacking
demo
Points Targeted installation of crypto mining software
demo
Transaction
Transaction
Transaction
Transaction
Miner
Transaction
Miner
Crypto mining Miner
Miner Miner
2
8/21/2018
To profit from
You need to spend less on the equipment, space, power, cooling and
crypto mining bandwidth than you win in terms of cryptocurrency
…. Or use someone else’s equipment, space, power, cooling and
bandwidth for free
Mining the
hard way
3
8/21/2018
Pool
Mining the
Coinhive way
4
8/21/2018
Targeted
installation of An insider (typically privileged) installs crypto mining software on
systems at their employer
crypto mining
An outsider gains access to an organization’s systems and finding no
software information of value, chooses to install crypto mining software instead
of launching ransomware attack
ccminer
Targeted
installation of
crypto mining
software
5
8/21/2018
6
8/21/2018
Website owners
Transparent
Illicit
Crypto jacking Compromised websites
Routers
Public Wireless Access Points
Apps
Cryptojacking
via MitM
7
8/21/2018
Cryptojacking
via
compromised
website
8
8/21/2018
Productivity
Battery
Slowness
“When dozens of machines get locked up at a company, or when
important work is lost due to a mining glitch, this can have a serious
effect on a organization’s network” - Wired
Risks Liability
Embarrassment
SCADA
Hardware damage
Denial-of-service
Power and cooling costs
Targeted
Application control
Prevention Privileged account management
Crypto-jacking
Browser features and extensions
Blocking outbound connections to crypto-mining sites
Anti-malware
9
8/21/2018
IOC strings
Anti-malware products
UEBA
Process monitoring
Other benefits
of detecting Indicative of possibly compromised components by outside attacker
crypto-mining Indicative of possible malicious insider
Catch them before they go further
10
8/21/2018
Bottom line Eric Sun will show us how their InsightIDR solution specifically helps to
detect crypto-jacking and more broadly unifies SIEM, UBA, ABA, and
EDR capabilities to provide real-time visibility and incident detection
across your network, endpoints, and cloud services.
11
8/21/2018
Who is Eric?
• Sr. Solutions Mgr,
Detection & Response
• Crypto-enthusiast
IT SECURITY DEV
12
8/21/2018
X X
DEV SECURITY
Rapid7
powers the
practice of
SecOps
IT
13
8/21/2018
The Rapid7
Insight IT
Platform
SECURITY
DEV
14
8/21/2018
Post Pre-
Breach Breach
Breach
15
8/21/2018
16
8/21/2018
67%
17
8/21/2018
User Behavior
IaaS Servers User Behavior Applications
Directory
Services
Web Apps Endpoints Files & Network Cloud Services Endpoints
Shares
User Behavior
IaaS Servers User Behavior Applications
Directory
Services
Web Apps Endpoints Files & Network Cloud Services Endpoints
Shares
18
8/21/2018
Solution Architecture
Remote
Endpoints
Microsoft AD
Infrastructure
Existing Security
Solution Events Security Team
and Alerts SSL
InsightIDR SSL
Network Log On-Premise SSL
Attacker Analytics
Events Insight Platform
Collectors
• User Behavior • Machine • Log Search &
Deception Analytics Learning Visualization
Technology
Real-Time Enterprise
Endpoint Events Cloud Apps
19
8/21/2018
Demo
Insight Platform
20
8/21/2018
21