CloudNativeCryptojacking.pdf

《CloudNativeCryptojacking.pdf》由会员分享，可在线阅读，更多相关《CloudNativeCryptojacking.pdf（29页珍藏版）》请在三个皮匠报告上搜索。

1、Mor WeinbergerFrom Illuminating to Eliminating Crypto Jacking Techniques in Cloud NativeAgendaIntroWhat is Crypto MiningThe Birth of Crypto-jacking and Why Its So PopularCrypto-jacking Evolution and TrendsDetection&MitigationQuick Intro Mor WeinbergerStaff Software Engineer,Aqua SecuritymorwnWhat is

2、 crypto mining?1.Choose a Crypto CurrencyBuy Your Equipment3.Set up Crypto WalletConfigure Your Mining DeviceTo Become a Crypto MinerThe Birth of Cryptojacking2017-Coinhive Offered Web Client Miner CodeThe Birth of CryptojackingPopular Sites Infected with Coinhive CodeThe Birth of CryptojackingTarge

3、ted PC and Unpatched ServersThe Birth of CryptojackingTargeted UnpatchedRoutersThe Birth of CryptojackingWhy is it so appealing?AnonymizeEasy and Fast Cash OutAbility to ScaleSuitable for Noobies and Script KidsConsider as a Nuisance by VictimsLets See Cryptojacking Techniques in The WildKuberneters

4、 CryptojackersCryptojacker ChallengesHugepages optimizationCompetitors BattlingEvasion:Rootkits,FilelessKilling Security AgentAre Cryptojackers Shifting Left?CICD Free-Tier HijackingCICD Free-Tier HijackingCICD Free Tier HijackingWhat about supply chain techniques?Shift Left Cryptojackinghttps:/ it

5、relevant to me?Financial Loss Service Degradation Compromise of critical assetsWhat can we do about it?Risks PreventionCompliance&Best PracticesCode to CloudRisks PreventionSecurity Posture ManagementEnvironment HardeningRisks PreventionScan Your Code,IAC&DependenciesStatic Code AnalysisAssume Breach MindsetDetectionAbnormal ActivityRuntime ProtectionStatic&Dynamic AnalysisThank You!Mor WeinbergerStaff Software Engineer Aqua Securitymorwn