• Home

  • Documents

  • Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 ›...
17
Ghost Robbers In The Cloud Finding Crypto Miners Shira Shamban Dome9 Security (acquired by CheckPoint) 0

Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Ghost Robbers In The Cloud Finding Crypto Miners

Shira ShambanDome9 Security (acquired by CheckPoint)

0

Page 2: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Money Heist – Let’s Review…

2

Page 3: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Finders Keepers, Losers Weepers

3

Page 4: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

The 21st Century Gold Rush

“Overtaking Ransomware, Cryptominers affected over 42% of organizations worldwide, compared to 20.5% at the end of 2017”CheckPoint

CheckPoint

“During the first six months of 2018, Cryptomining attacks are estimated to have ‘earned’ their users more than $2.5 billion”4

Page 5: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

It WILL Be Your Fault

“Through 2022, at least 95% of cloud security failures will be the customer’s fault” Gartner

5

Page 6: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

MMM

6

Page 7: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

How?

7

Page 8: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Docker

Containers!

8

Page 9: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

9

Page 10: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

10

Page 11: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

11

Page 12: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

MVD – minimal viable detection

Production environment

12

Page 13: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

MVD – minimal viable detection

Production environment –no standard services

13

Page 14: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

MVD – minimal viable detection

Miner traffic

14

Page 15: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Tell-Tale Signs…

• Scan the code

• Monitor CPU

• Monitor the cost

• Ports (Docker, miner)

• First-time asset

• First-time connections

• Mind the socket

15

Page 16: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Any questions?

16

Page 17: Ghost Robbers In The Cloud Finding Crypto Miners › resources › papers › telaviv2019 › Shira-Dome9 … · Ghost Robbers In The Cloud Finding Crypto Miners ... aws English Web

Shira Shamban

[email protected]

@ShambanITThank you!17

mailto:[email protected]

Miners Ranchers Farmers chapter 7, section 3. Miners

Miners Ranchers Farmers chapter 7, section 3. Miners

Documents
The 1975 robbers

The 1975 robbers

Education
Robbers the 1975 Lyric Analysis

Robbers the 1975 Lyric Analysis

Documents
Robbers - Existing Media Product Analysis

Robbers - Existing Media Product Analysis

Education
Planet Miners

Planet Miners

Documents
Miners introduction

Miners introduction

Business
Air pollution exposure and COPD among miners, ex- miners

Air pollution exposure and COPD among miners, ex- miners

Documents
ROBBERS DIGIPAK

ROBBERS DIGIPAK

Education
SURFACE MINERS

SURFACE MINERS

Engineering
Cops and Robbers March 2014

Cops and Robbers March 2014

Documents
L Communication Robbers - yourwordsmith.com

L Communication Robbers - yourwordsmith.com

Documents
Cops or Robbers? How Georgia's Defense of Habitation

Cops or Robbers? How Georgia's Defense of Habitation

Documents
Miners Rights

Miners Rights

Documents
Security Dissecting LemonDuck Crypto-Miner, a KingMiner ......3 Summary Crypto-currencies have enjoyed dramatic adoption in the past few years, with miners attempting to boost mining

Security Dissecting LemonDuck Crypto-Miner, a KingMiner ......3 Summary Crypto-currencies have enjoyed dramatic adoption in the past few years, with miners attempting to boost mining

Documents
GO MINERS GO FIGHT MINERS FIGHT GO!...MINERS!...WIN! The University of Texas at El Paso

GO MINERS GO FIGHT MINERS FIGHT GO!...MINERS!...WIN! The University of Texas at El Paso

Documents
Cops and Robbers CB000 - Thorp Music

Cops and Robbers CB000 - Thorp Music

Documents
A Conversation with Robbers - Siamese Heritage · Rajanubhab], “เรื่องสนทนากับผู้ร้ายปล้น” [A Conversation with Robbers], printed

A Conversation with Robbers - Siamese Heritage · Rajanubhab], “เรื่องสนทนากับผู้ร้ายปล้น” [A Conversation with Robbers], printed

Documents
Coal Miners’ Honor Garden Memorial a tribute to coal miners and … · 2013. 9. 2. · The Coal Miners’ Honor Garden was dedicated during Black Diamond Miners’ Day, July 6

Coal Miners’ Honor Garden Memorial a tribute to coal miners and … · 2013. 9. 2. · The Coal Miners’ Honor Garden was dedicated during Black Diamond Miners’ Day, July 6

Documents
Cops, Robbers, and Search Engines: The Questionable Role

Cops, Robbers, and Search Engines: The Questionable Role

Documents
Jolly Robbers

Jolly Robbers

Documents
BANG! Robbers Roost

BANG! Robbers Roost

Documents
Surface Miners can replace drilling, Surface Miners

Surface Miners can replace drilling, Surface Miners

Documents
Interesting Event of Robbers, Oct 30

Interesting Event of Robbers, Oct 30

Sales
DIRECTORS PITCH - THE 1975, ROBBERS

DIRECTORS PITCH - THE 1975, ROBBERS

Education
Conjectures on Cops and Robbers

Conjectures on Cops and Robbers

Documents
Cops and Robbers is EXPTIME-Complete

Cops and Robbers is EXPTIME-Complete

Documents
CHRISTIAN ROBBERS

CHRISTIAN ROBBERS

Documents
CONTINUOUS MINERS

CONTINUOUS MINERS

Engineering
SATYA MINERS TRANSPORTERS LIMITED · SATYA MINERS & TRANSPORTERS LIMITED Annual Report 2014-2015 2015 4 SATYA MINERS & TRANSPORTERS LIMITED CIN: L65993WB1975PLC170911 …

SATYA MINERS TRANSPORTERS LIMITED · SATYA MINERS & TRANSPORTERS LIMITED Annual Report 2014-2015 2015 4 SATYA MINERS & TRANSPORTERS LIMITED CIN: L65993WB1975PLC170911 …

Documents
Cops and Robbers - June 2009

Cops and Robbers - June 2009

Documents