SlideShare ist ein Scribd-Unternehmen logo

What is Cryptojacking and How Can I Protect Myself?

Als PPTX, PDF herunterladen
Global Knowledge Training
Global Knowledge Training

Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be a center of conversation. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent.

Technologie
1 von 21
What is Cryptojacking and How Can I Protect Myself? Presented by Dave Buster, CISSP
© Global Knowledge Training LLC. All rights reserved. Page 2 Your Panelists Dave Buster Senior Cybersecurity Portfolio Director
© Global Knowledge Training LLC. All rights reserved. Page 3 Cryptojacking?
© Global Knowledge Training LLC. All rights reserved. Page 4 What is: • Blockchain? • Bitcoin? • Hashing? • Mining? • Cryptocurrency? Definitions?
© Global Knowledge Training LLC. All rights reserved. Page 5 Blockchain is a technology to publicly distribute immutable information across multiple computers. • Information is stored in “blocks” of data that are passed around. (Distributed) • Most implementations use some sort of hashing to insure the integrity of blocks. (Immutable) • Each block includes the hash of the previous block- hence the term “block chain” • Various protocols are used to distribute updates across all computers. • The computers then verify and agree on legitimate transactions to add to the next block. • In order to get them to cooperate to do the work, some sort of reward must be offered. • One of the first useful implementations of the concept was “Bitcoin”. Blockchain technology (Generic view)
© Global Knowledge Training LLC. All rights reserved. Page 6 In 2009, someone using the name Satoshi Nakamoto wrote a white paper outlining a scheme to use Blockchain technology as a new form of public “cryptocurrency”. • Bitcoin uses “proof of work” to award new Bitcoins to computers who build and verify the blocks. • Because new coins come into existence as rewards, they are called “miners”. • The rewards get smaller over time, while the difficulty of the work increases. This helps make bitcoins more valuable and scale. • There can only be a maximum of 21 Million Bitcoins ever created. As of January 2018, about 16.7 million have been mined (released). • A user can create a “wallet” to hold coins. The public address is used to receive money, but a private (secret) key is required to send money. Bitcoin By Zhitelew - Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=40617621 Bitcoin Transactions per month Is it money? IF a buyer and a seller agree, then it is. Rational actors will only hold a commodity if they believe it will hold value and can be traded to someone else later. A student showed his Bitcoin public address on ESPN…and collected over $20K
© Global Knowledge Training LLC. All rights reserved. Page 7 SHA-256 is one of a family of mathematical algorithms that produce a unique digital signature for any data input into the calculation. • The hash is “computationally difficult” to compute, but easy to verify. • No matter how many bits in the source file, the output is always 256 bits. (It is recursive.) • It is impossible to predict what a hash will be for a given block of data without actually doing all of the calculation (no short cuts or estimates). What is a the SHA-256 Hash? "Hello, world!0" => 1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64 "Hello, world!1" => e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8 "Hello, world!2" => ae37343a357a8297591625e7134cbea22f5928be8ca2a32aa475cf05fd4266b7 ... "Hello, world!4248" => 6e110d98b388e77e9c6f042ac6b497cec46660deef75a55ebc7cfdf65cc0b965 "Hello, world!4249" => c004190b822f1669cac8dc37e761cb73652e7832fb814565702245cf26ebb9e6 "Hello, world!4250" => 0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9 Examples of hashes: (we typically don’t show 1’s and 0’s. So, 64 characters x 8 bits = 256 bits) • Note that changing a single bit changes the entire hash, and it’s completely unpredictable (Avalanche effect). • If you want 4 leading zeros, you would have to test 4,250 additional numbers until you found a hash that works.
© Global Knowledge Training LLC. All rights reserved. Page 8 Mining is a reward system based on proof of work. • Bitcoin uses the SHA-256 Hash algorithm to create a unique digital signature (hash) for each block. • Bitcoin adds difficulty by requiring that the computer add a random number (called a “nonce”) to the block with the goal of getting the final hash to have some number of leading zeros. (Yes, it’s a bit arbitrary, but it works.) • The first miner to find a nonce that returns the correct number of leading zeros (currently 18) wins some Bitcoins (currently 12.5). That block and hash are then distributed. • The Bitcoin network mines a new block about every 10 minutes. What is bitcoin “mining”? Home ASIC miner: Antminer U3 with a Raspberry Pi acting as a supervisor. This rig calculates 50 GH/s (50 billion hashes per second) in the “Bitminter” pool. After electricity costs, it makes a profit of about 17 cents per week. (January 2018). Sigh. Bitminter Pool dashboard
© Global Knowledge Training LLC. All rights reserved. Page 9 In addition to Bitcoin, there are hundreds of competing cryptocurrency coins emerging. Most will fail. Other Cryptocurrencies Coinmarketcap.com currently tracks about 1422 different crypto coins.
© Global Knowledge Training LLC. All rights reserved. Page 10 Blockchain and Cryptocurrencies use cybersecurity technologies: • encryption • hashing There is ongoing development to use blockchain to benefit cybersecurity: • Enhanced data availability (storage) • Certificate management (Guardtime) • Identification management (REMME) • Trusted DNS (to prevent DDoS) What about Cybersecurity?
© Global Knowledge Training LLC. All rights reserved. Page 11 The Dark Side of Cryptocurrencies Anonymity supports illegal transactions: • Ransomware payments • Dark web transactions
© Global Knowledge Training LLC. All rights reserved. Page 12 There have been some high profile cryptocurrency hacks: • Mt. Gox • In June of 2011, a hacker broke in, transferred and then sold bitcoin. Losses were about $8,750,000. • In February of 2014, transaction malleability attack forced Mt. Gox to declare bankruptcy. • Ethereum DAO attack • In June of 2016, someone manipulated a contract programming loophole and stole about a third of all Ether coins before the leak was detected. (~$50M dollars). It caused Ethereum to split into “Ethereum Classic(ETC)” and Ethereum(ETH). • Bitfinex attack • In August of 2016, the Hong Kong based exchange was attacked and about $72M in Bitcoins was stolen. • NiceHash attack • In December of 2017, the Slovenian bitcoin mining was hacked and about $80M in Bitcoins were stolen. What about the bad guys? Never the less, cryptocurrencies continue to move forward.
© Global Knowledge Training LLC. All rights reserved. Page 13 Mining software that runs as Javascript in the browser. A link to the software can be included in any web page. When you go to that web page, they can cause your computer to start mining cryptocurrency for them. Top 3 cryptojacking companies: • Coinhive • JSEcoin • Cryptoloot The companies split the profits with the web page owner. These products are legal, and being offered as a substitute for advertising revenue. However, the web site owners don’t have to tell the users. The next trend: Cryptojacking These miners typically mine Monero coins, because Bitcoin difficulty is too high.
© Global Knowledge Training LLC. All rights reserved. Page 14 Coinhive pays out about 0.00015 XMR (Monero) per 1 million hashes. Data: A typical laptop computer can do about 30 H/s Cryptojacking by the numbers Advertising model 1000 users per day 1% click through ratio, payment $0.50 per click Total: 10 clicks per day Total daily revenue: $5.00 per day Cryptojacking model 1000 users per day 30 H/s, 5 minute visit = 9000 H/user Total hashes = 9 million hashes per day Total daily revenue: $0.51 So, if Advertising pays 10 times better than Cryptojacking, why is Cryptojacking “a thing”? If a website can be hacked, the hacker can add the cryptojacking code and collect the reward for himself. The website owner would not even know.
© Global Knowledge Training LLC. All rights reserved. Page 15 Coinhive has been injected into many sites. Hacked Websites https://shop.subaru.com.au/ Note: The actual browser code can be easily viewed and analyzed. A unique Coinhive ID is included so that the hacker can be paid. Over 85% of them in the wild go back to the same 2 Coinhive accounts (IDs).
© Global Knowledge Training LLC. All rights reserved. Page 16 Some downloadable apps contain hidden mining software. They can: • Slow down your cellphone • Use up your battery Some have been known to physically damage the phone by draining the battery too quickly, causing it to overheat and swell. Mobile risks Loapi Malware on Android
© Global Knowledge Training LLC. All rights reserved. Page 17 Defenseᵌ: Human Element and 3D Defense PROCESS PEOPLE TECHNOLOGY More than “Defense in depth,” organizations need Defenseᵌ because cyber attacks happen across three dimensions. Cyber attacks are people attacking people, not machines attacking machines, so an educated workforce is critical.
© Global Knowledge Training LLC. All rights reserved. Page 18 Install anti-cryptojacking plug-ins in Chrome. Many Ad-blockers are starting pick them up as well. Redirect: add 127.0.0.1 coin-hive.com coinhive.com to your hosts file. Use a trusted DNS service. Examples:  Google: 8.8.8.8, 8.8.4.4  OpenDNS: 208.67.229.220, 208.67.222.222  DNSWatch: 84.200.69.80, 84.200.70.40  Norton Connectsafe: 199.85.126.10, 199.85.127.10  Comodo Secure: 8.26.56.26, 8.20.247.20 If the computer slows down, check the process manager to see if the browser is using up too many resources. What should you do? Note: Some cryptojackers are using “pop-under” techniques to hide the running code (often under the bottom task bar) You may have to reboot. Traffic to/from the miner is typically encrypted in TLS, and looks like normal port 80 web traffic. It’s difficult to detect on the network.
© Global Knowledge Training LLC. All rights reserved. Page 19 Take That Next Step in your Cybersecurity Career Foundational Courses: Cybersecurity Foundations Fundamentals of IS Security Certification Courses: CompTIA, (ISC)2, ISACA, IAPP, EC-Council, Product Courses: Cisco, IBM, SonicWall, F5, Dell, Palo Alto
© Global Knowledge Training LLC. All rights reserved. Page 20 Learning More www.globalknowledge.com For additional resources, visit us at…
Thank you!

Empfohlen

CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackBryan Becker
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingAPNIC
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Overview of Blockchain Consensus Mechanisms
Overview of Blockchain Consensus MechanismsOverview of Blockchain Consensus Mechanisms
Overview of Blockchain Consensus MechanismsJohannes Ahlmann
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Cryptocurrency
CryptocurrencyCryptocurrency
CryptocurrencyRemaisha Ali
 
Icsa2018 blockchain tutorial
Icsa2018 blockchain tutorialIcsa2018 blockchain tutorial
Icsa2018 blockchain tutorialLen Bass
 
Phishing
PhishingPhishing
PhishingHHSome
 

Empfohlen

CryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackCryptoJacking and Security: Evolution of a Hack
CryptoJacking and Security: Evolution of a HackBryan Becker
 
PacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingPacNOG 23: Introduction to Crypto Jacking
PacNOG 23: Introduction to Crypto JackingAPNIC
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Overview of Blockchain Consensus Mechanisms
Overview of Blockchain Consensus MechanismsOverview of Blockchain Consensus Mechanisms
Overview of Blockchain Consensus MechanismsJohannes Ahlmann
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Cryptocurrency
CryptocurrencyCryptocurrency
CryptocurrencyRemaisha Ali
 
Icsa2018 blockchain tutorial
Icsa2018 blockchain tutorialIcsa2018 blockchain tutorial
Icsa2018 blockchain tutorialLen Bass
 
Phishing
PhishingPhishing
PhishingHHSome
 
Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologySabrina Kirrane
 
Crypto Currency
Crypto CurrencyCrypto Currency
Crypto CurrencyShubham Kumar
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshellDaniel Chan
 
Cryptocurrency - Digital Currency
Cryptocurrency - Digital CurrencyCryptocurrency - Digital Currency
Cryptocurrency - Digital CurrencySameer Satyam
 
Software Vulnerabilities
Software VulnerabilitiesSoftware Vulnerabilities
Software Vulnerabilitiesamiable_indian
 
Cryptocurrency
CryptocurrencyCryptocurrency
CryptocurrencySarvesh Meena
 
hacking presentation slide
hacking presentation slide hacking presentation slide
hacking presentation slide Tauhidul islam
 
Crypto currency
Crypto currencyCrypto currency
Crypto currencyHemon Dey
 
Blockchain Economics
Blockchain EconomicsBlockchain Economics
Blockchain EconomicsMelanie Swan
 
Cryptojacking
CryptojackingCryptojacking
CryptojackingXnews
 
Click jacking
Click jacking Click jacking
Click jacking Faysal Hossain Shezan
 
Presentation on cryptocurrency
Presentation on cryptocurrencyPresentation on cryptocurrency
Presentation on cryptocurrencyDhruv Gandhi
 
How do bitcoin transactions work?
How do bitcoin transactions work?How do bitcoin transactions work?
How do bitcoin transactions work?Pavel Kravchenko, PhD
 
Crypto trading bot
Crypto trading botCrypto trading bot
Crypto trading botzaarahary
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrencytanmaymodi4
 
What is Cryptocurrency?
What is Cryptocurrency?What is Cryptocurrency?
What is Cryptocurrency?Rakesh Ranjan
 
Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Kashif Khans
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisInderjeet Singh
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysisinder_barara
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologySabrina Kirrane
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshellDaniel Chan
 
Cryptocurrency - Digital Currency
Cryptocurrency - Digital CurrencyCryptocurrency - Digital Currency
Cryptocurrency - Digital CurrencySameer Satyam
 
Software Vulnerabilities
Software VulnerabilitiesSoftware Vulnerabilities
Software Vulnerabilitiesamiable_indian
 
hacking presentation slide
hacking presentation slide hacking presentation slide
hacking presentation slide Tauhidul islam
 
Crypto currency
Crypto currencyCrypto currency
Crypto currencyHemon Dey
 
Blockchain Economics
Blockchain EconomicsBlockchain Economics
Blockchain EconomicsMelanie Swan
 
Cryptojacking
CryptojackingCryptojacking
CryptojackingXnews
 
Presentation on cryptocurrency
Presentation on cryptocurrencyPresentation on cryptocurrency
Presentation on cryptocurrencyDhruv Gandhi
 
Crypto trading bot
Crypto trading botCrypto trading bot
Crypto trading botzaarahary
 
What is Cryptocurrency?
What is Cryptocurrency?What is Cryptocurrency?
What is Cryptocurrency?Rakesh Ranjan
 
Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Kashif Khans
 

Was ist angesagt? (20)

Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technology
 
Crypto Currency
Crypto CurrencyCrypto Currency
Crypto Currency
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Ethereum in a nutshell
Ethereum in a nutshellEthereum in a nutshell
Ethereum in a nutshell
 
Cryptocurrency - Digital Currency
Cryptocurrency - Digital CurrencyCryptocurrency - Digital Currency
Cryptocurrency - Digital Currency
 
Software Vulnerabilities
Software VulnerabilitiesSoftware Vulnerabilities
Software Vulnerabilities
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
hacking presentation slide
hacking presentation slide hacking presentation slide
hacking presentation slide
 
Crypto currency
Crypto currencyCrypto currency
Crypto currency
 
Blockchain Economics
Blockchain EconomicsBlockchain Economics
Blockchain Economics
 
Cryptojacking
CryptojackingCryptojacking
Cryptojacking
 
Click jacking
Click jacking Click jacking
Click jacking
 
Presentation on cryptocurrency
Presentation on cryptocurrencyPresentation on cryptocurrency
Presentation on cryptocurrency
 
How do bitcoin transactions work?
How do bitcoin transactions work?How do bitcoin transactions work?
How do bitcoin transactions work?
 
Crypto trading bot
Crypto trading botCrypto trading bot
Crypto trading bot
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking
Hacking Hacking
Hacking
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
What is Cryptocurrency?
What is Cryptocurrency?What is Cryptocurrency?
What is Cryptocurrency?
 
Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)
 

Ähnlich wie What is Cryptojacking and How Can I Protect Myself?

Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisInderjeet Singh
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysisinder_barara
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and CryptocurrenciesnimeshQ
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017🔗Audrey Chaing
 
#blockchain_hashin_bitcoin_cryptocurranies
#blockchain_hashin_bitcoin_cryptocurranies#blockchain_hashin_bitcoin_cryptocurranies
#blockchain_hashin_bitcoin_cryptocurraniesMoaaz Mohamed
 
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKS
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKSCLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKS
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKSSteven Rhyner
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.SanjeebSamanta1
 
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.Qutomatic
 
Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Justin Denton
 
what is crypto currency.pptx
what is crypto currency.pptxwhat is crypto currency.pptx
what is crypto currency.pptxbishwaskevin
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding BlockchainTony Willenberg
 
Crypto currency presentation
Crypto currency presentationCrypto currency presentation
Crypto currency presentationobaid r
 
State of Digital Assets May 2019 - Blockshine Singapore
State of Digital Assets May 2019 - Blockshine SingaporeState of Digital Assets May 2019 - Blockshine Singapore
State of Digital Assets May 2019 - Blockshine SingaporeRandeep Melhi
 

Ähnlich wie What is Cryptojacking and How Can I Protect Myself? (20)

Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Bitcoin and Ransomware Analysis
Bitcoin and Ransomware AnalysisBitcoin and Ransomware Analysis
Bitcoin and Ransomware Analysis
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and Cryptocurrencies
 
Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017Blockchain & Cryptocurrencies Intro - July 2017
Blockchain & Cryptocurrencies Intro - July 2017
 
#blockchain_hashin_bitcoin_cryptocurranies
#blockchain_hashin_bitcoin_cryptocurranies#blockchain_hashin_bitcoin_cryptocurranies
#blockchain_hashin_bitcoin_cryptocurranies
 
Digital currency
Digital currencyDigital currency
Digital currency
 
Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKS
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKSCLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKS
CLOUD MINING VS TRADITIONAL MINING: HOW TO MINIMIZE RISKS
 
An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.An in depth presentation of Cryptocurrency.
An in depth presentation of Cryptocurrency.
 
Mining hub
Mining hubMining hub
Mining hub
 
MINING HUB SUMIT
MINING HUB SUMITMINING HUB SUMIT
MINING HUB SUMIT
 
Mining hub-
Mining hub-Mining hub-
Mining hub-
 
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
WHAT IS CRYPTOCURRENCY EXPECTED APPLICATIONS.
 
Blockchain presentation v0617
Blockchain presentation v0617Blockchain presentation v0617
Blockchain presentation v0617
 
Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency
 
what is crypto currency.pptx
what is crypto currency.pptxwhat is crypto currency.pptx
what is crypto currency.pptx
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding Blockchain
 
Crypto currency presentation
Crypto currency presentationCrypto currency presentation
Crypto currency presentation
 
Blockchain
BlockchainBlockchain
Blockchain
 
State of Digital Assets May 2019 - Blockshine Singapore
State of Digital Assets May 2019 - Blockshine SingaporeState of Digital Assets May 2019 - Blockshine Singapore
State of Digital Assets May 2019 - Blockshine Singapore
 

Mehr von Global Knowledge Training

PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywhereGlobal Knowledge Training
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10Global Knowledge Training
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceGlobal Knowledge Training
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningGlobal Knowledge Training
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Global Knowledge Training
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyGlobal Knowledge Training
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksGlobal Knowledge Training
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationGlobal Knowledge Training
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationGlobal Knowledge Training
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success Global Knowledge Training
 
Tackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People ManagementTackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People ManagementGlobal Knowledge Training
 

Mehr von Global Knowledge Training (20)

Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
 
The Basics of Computer Networking
The Basics of Computer NetworkingThe Basics of Computer Networking
The Basics of Computer Networking
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
How to Maximize Your Training Budget
How to Maximize Your Training BudgetHow to Maximize Your Training Budget
How to Maximize Your Training Budget
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online Learning
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification Journey
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
How to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS LambdaHow to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS Lambda
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your Organization
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success
 
How to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration PitfallsHow to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration Pitfalls
 
Tackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People ManagementTackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People Management
 

Kürzlich hochgeladen

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

What is Cryptojacking and How Can I Protect Myself?

  • 1. What is Cryptojacking and How Can I Protect Myself? Presented by Dave Buster, CISSP
  • 2. © Global Knowledge Training LLC. All rights reserved. Page 2 Your Panelists Dave Buster Senior Cybersecurity Portfolio Director
  • 3. © Global Knowledge Training LLC. All rights reserved. Page 3 Cryptojacking?
  • 4. © Global Knowledge Training LLC. All rights reserved. Page 4 What is: • Blockchain? • Bitcoin? • Hashing? • Mining? • Cryptocurrency? Definitions?
  • 5. © Global Knowledge Training LLC. All rights reserved. Page 5 Blockchain is a technology to publicly distribute immutable information across multiple computers. • Information is stored in “blocks” of data that are passed around. (Distributed) • Most implementations use some sort of hashing to insure the integrity of blocks. (Immutable) • Each block includes the hash of the previous block- hence the term “block chain” • Various protocols are used to distribute updates across all computers. • The computers then verify and agree on legitimate transactions to add to the next block. • In order to get them to cooperate to do the work, some sort of reward must be offered. • One of the first useful implementations of the concept was “Bitcoin”. Blockchain technology (Generic view)
  • 6. © Global Knowledge Training LLC. All rights reserved. Page 6 In 2009, someone using the name Satoshi Nakamoto wrote a white paper outlining a scheme to use Blockchain technology as a new form of public “cryptocurrency”. • Bitcoin uses “proof of work” to award new Bitcoins to computers who build and verify the blocks. • Because new coins come into existence as rewards, they are called “miners”. • The rewards get smaller over time, while the difficulty of the work increases. This helps make bitcoins more valuable and scale. • There can only be a maximum of 21 Million Bitcoins ever created. As of January 2018, about 16.7 million have been mined (released). • A user can create a “wallet” to hold coins. The public address is used to receive money, but a private (secret) key is required to send money. Bitcoin By Zhitelew - Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=40617621 Bitcoin Transactions per month Is it money? IF a buyer and a seller agree, then it is. Rational actors will only hold a commodity if they believe it will hold value and can be traded to someone else later. A student showed his Bitcoin public address on ESPN…and collected over $20K
  • 7. © Global Knowledge Training LLC. All rights reserved. Page 7 SHA-256 is one of a family of mathematical algorithms that produce a unique digital signature for any data input into the calculation. • The hash is “computationally difficult” to compute, but easy to verify. • No matter how many bits in the source file, the output is always 256 bits. (It is recursive.) • It is impossible to predict what a hash will be for a given block of data without actually doing all of the calculation (no short cuts or estimates). What is a the SHA-256 Hash? "Hello, world!0" => 1312af178c253f84028d480a6adc1e25e81caa44c749ec81976192e2ec934c64 "Hello, world!1" => e9afc424b79e4f6ab42d99c81156d3a17228d6e1eef4139be78e948a9332a7d8 "Hello, world!2" => ae37343a357a8297591625e7134cbea22f5928be8ca2a32aa475cf05fd4266b7 ... "Hello, world!4248" => 6e110d98b388e77e9c6f042ac6b497cec46660deef75a55ebc7cfdf65cc0b965 "Hello, world!4249" => c004190b822f1669cac8dc37e761cb73652e7832fb814565702245cf26ebb9e6 "Hello, world!4250" => 0000c3af42fc31103f1fdc0151fa747ff87349a4714df7cc52ea464e12dcd4e9 Examples of hashes: (we typically don’t show 1’s and 0’s. So, 64 characters x 8 bits = 256 bits) • Note that changing a single bit changes the entire hash, and it’s completely unpredictable (Avalanche effect). • If you want 4 leading zeros, you would have to test 4,250 additional numbers until you found a hash that works.
  • 8. © Global Knowledge Training LLC. All rights reserved. Page 8 Mining is a reward system based on proof of work. • Bitcoin uses the SHA-256 Hash algorithm to create a unique digital signature (hash) for each block. • Bitcoin adds difficulty by requiring that the computer add a random number (called a “nonce”) to the block with the goal of getting the final hash to have some number of leading zeros. (Yes, it’s a bit arbitrary, but it works.) • The first miner to find a nonce that returns the correct number of leading zeros (currently 18) wins some Bitcoins (currently 12.5). That block and hash are then distributed. • The Bitcoin network mines a new block about every 10 minutes. What is bitcoin “mining”? Home ASIC miner: Antminer U3 with a Raspberry Pi acting as a supervisor. This rig calculates 50 GH/s (50 billion hashes per second) in the “Bitminter” pool. After electricity costs, it makes a profit of about 17 cents per week. (January 2018). Sigh. Bitminter Pool dashboard
  • 9. © Global Knowledge Training LLC. All rights reserved. Page 9 In addition to Bitcoin, there are hundreds of competing cryptocurrency coins emerging. Most will fail. Other Cryptocurrencies Coinmarketcap.com currently tracks about 1422 different crypto coins.
  • 10. © Global Knowledge Training LLC. All rights reserved. Page 10 Blockchain and Cryptocurrencies use cybersecurity technologies: • encryption • hashing There is ongoing development to use blockchain to benefit cybersecurity: • Enhanced data availability (storage) • Certificate management (Guardtime) • Identification management (REMME) • Trusted DNS (to prevent DDoS) What about Cybersecurity?
  • 11. © Global Knowledge Training LLC. All rights reserved. Page 11 The Dark Side of Cryptocurrencies Anonymity supports illegal transactions: • Ransomware payments • Dark web transactions
  • 12. © Global Knowledge Training LLC. All rights reserved. Page 12 There have been some high profile cryptocurrency hacks: • Mt. Gox • In June of 2011, a hacker broke in, transferred and then sold bitcoin. Losses were about $8,750,000. • In February of 2014, transaction malleability attack forced Mt. Gox to declare bankruptcy. • Ethereum DAO attack • In June of 2016, someone manipulated a contract programming loophole and stole about a third of all Ether coins before the leak was detected. (~$50M dollars). It caused Ethereum to split into “Ethereum Classic(ETC)” and Ethereum(ETH). • Bitfinex attack • In August of 2016, the Hong Kong based exchange was attacked and about $72M in Bitcoins was stolen. • NiceHash attack • In December of 2017, the Slovenian bitcoin mining was hacked and about $80M in Bitcoins were stolen. What about the bad guys? Never the less, cryptocurrencies continue to move forward.
  • 13. © Global Knowledge Training LLC. All rights reserved. Page 13 Mining software that runs as Javascript in the browser. A link to the software can be included in any web page. When you go to that web page, they can cause your computer to start mining cryptocurrency for them. Top 3 cryptojacking companies: • Coinhive • JSEcoin • Cryptoloot The companies split the profits with the web page owner. These products are legal, and being offered as a substitute for advertising revenue. However, the web site owners don’t have to tell the users. The next trend: Cryptojacking These miners typically mine Monero coins, because Bitcoin difficulty is too high.
  • 14. © Global Knowledge Training LLC. All rights reserved. Page 14 Coinhive pays out about 0.00015 XMR (Monero) per 1 million hashes. Data: A typical laptop computer can do about 30 H/s Cryptojacking by the numbers Advertising model 1000 users per day 1% click through ratio, payment $0.50 per click Total: 10 clicks per day Total daily revenue: $5.00 per day Cryptojacking model 1000 users per day 30 H/s, 5 minute visit = 9000 H/user Total hashes = 9 million hashes per day Total daily revenue: $0.51 So, if Advertising pays 10 times better than Cryptojacking, why is Cryptojacking “a thing”? If a website can be hacked, the hacker can add the cryptojacking code and collect the reward for himself. The website owner would not even know.
  • 15. © Global Knowledge Training LLC. All rights reserved. Page 15 Coinhive has been injected into many sites. Hacked Websites https://shop.subaru.com.au/ Note: The actual browser code can be easily viewed and analyzed. A unique Coinhive ID is included so that the hacker can be paid. Over 85% of them in the wild go back to the same 2 Coinhive accounts (IDs).
  • 16. © Global Knowledge Training LLC. All rights reserved. Page 16 Some downloadable apps contain hidden mining software. They can: • Slow down your cellphone • Use up your battery Some have been known to physically damage the phone by draining the battery too quickly, causing it to overheat and swell. Mobile risks Loapi Malware on Android
  • 17. © Global Knowledge Training LLC. All rights reserved. Page 17 Defenseᵌ: Human Element and 3D Defense PROCESS PEOPLE TECHNOLOGY More than “Defense in depth,” organizations need Defenseᵌ because cyber attacks happen across three dimensions. Cyber attacks are people attacking people, not machines attacking machines, so an educated workforce is critical.
  • 18. © Global Knowledge Training LLC. All rights reserved. Page 18 Install anti-cryptojacking plug-ins in Chrome. Many Ad-blockers are starting pick them up as well. Redirect: add 127.0.0.1 coin-hive.com coinhive.com to your hosts file. Use a trusted DNS service. Examples:  Google: 8.8.8.8, 8.8.4.4  OpenDNS: 208.67.229.220, 208.67.222.222  DNSWatch: 84.200.69.80, 84.200.70.40  Norton Connectsafe: 199.85.126.10, 199.85.127.10  Comodo Secure: 8.26.56.26, 8.20.247.20 If the computer slows down, check the process manager to see if the browser is using up too many resources. What should you do? Note: Some cryptojackers are using “pop-under” techniques to hide the running code (often under the bottom task bar) You may have to reboot. Traffic to/from the miner is typically encrypted in TLS, and looks like normal port 80 web traffic. It’s difficult to detect on the network.
  • 19. © Global Knowledge Training LLC. All rights reserved. Page 19 Take That Next Step in your Cybersecurity Career Foundational Courses: Cybersecurity Foundations Fundamentals of IS Security Certification Courses: CompTIA, (ISC)2, ISACA, IAPP, EC-Council, Product Courses: Cisco, IBM, SonicWall, F5, Dell, Palo Alto
  • 20. © Global Knowledge Training LLC. All rights reserved. Page 20 Learning More www.globalknowledge.com For additional resources, visit us at…

Hinweis der Redaktion

  1. Dave is the Global Senior Portfolio Director for Cybersecurity at Global Knowledge & has over 35 years of experience as a technologist in engineering & holds Security+ & CISSP certifications. Ross Casanova, also 35+ years aof experience in both cybersecurity engineering roles as well as roles such as instructional design and training program management with firms such as SANS, the SEC & CSRA.