Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks

ABSTRACT Crypto-mining attacks have emerged as a new generation of web-based attacks which have seen cybercriminals eschew the infamous crypto ransomware. The watering hole attack vector has by far been the most widely employed attack methodology but it faces the task of luring the victim to the infected web resources. However, cryptojacking injection presents a paradigm shift to web-based crypto-mining attacks in that it eliminates the need for a pivotal third-party such as the exploitable web server. Thus, instead of attacking credit card and other private information of e-commerce users, attackers seek to maliciously abuse a victim’s CPU to generate cryptocurrency. In this paper, we investigate and evaluate cryptojacking injection – a state-of-the-art web-centric attack vector in the crypto-mining attacks landscape. We formulate an attack model based on finite state machines which depicts the various breaches of confidentiality, integrity and availability in the web system as the attack progresses. We show how this new attack vector attacks some of the core components of e-commerce (URL, HTTP and HTML) to generate Monero crypto currency from benign web users. We evaluate our modeling approach with a series of experiments with two attack scenarios using different operating systems. Results show that the attack is indeed cross-platform and feasible on any operating system of a browser-capable device. We analyze the generated network traffic during the attack and draw features such as URLs and the parsed files, the associated cryptographic hashes, and the IP addresses of the crypto-mining domains. These, together with host-based features such as exhaustive CPU usage can be used as indicators of compromise and subsequently act as feed into intrusion detection systems.

[1]  Rahmath Safeena,et al.  Exploratory Study of Internet Banking Technology Adoption , 2017, Int. J. E Serv. Mob. Appl..

[2]  Béla Genge,et al.  ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services , 2016, Secur. Commun. Networks.

[3]  Erik Tews,et al.  Practical attacks against WEP and WPA , 2009, WiSec '09.

[4]  Sudhakar,et al.  A survey on comparative analysis of tools for the detection of ARP poisoning , 2017, 2017 2nd International Conference on Telecommunication and Networks (TEL-NET).

[5]  Barry E. Mullins,et al.  Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices , 2014, Int. J. Crit. Infrastructure Prot..

[6]  Ping Chen,et al.  A Study on Advanced Persistent Threats , 2014, Communications and Multimedia Security.

[7]  Vinay Avasthi,et al.  Ransomware: A Rising Threat of new age Digital Extortion , 2015, ArXiv.

[8]  Aaron Zimba,et al.  Malware-Free Intrusions: Exploitation of Built-in Pre-Authentication Services for APT Attack Vectors , 2017 .

[9]  Aruna Jain,et al.  Cyber ethics and cyber crime: A deep dwelved study into legality, ransomware, underground web and bitcoin wallet , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[10]  Henning Schulzrinne,et al.  World Wide Web: whence, whither, what next? , 1996, IEEE Netw..

[11]  Jeffrey S. Rosenschein,et al.  Bitcoin Mining Pools: A Cooperative Game Theoretic Analysis , 2015, AAMAS.

[12]  Stefan Katzenbeisser,et al.  Structure and Anonymity of the Bitcoin Transaction Graph , 2013, Future Internet.

[13]  Nikita Borisov,et al.  Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises , 2017, RAID.

[14]  Tim Schmidt,et al.  Thread- and data-level parallel simulation in SystemC, a Bitcoin miner case study , 2017, 2017 IEEE International High Level Design Validation and Test Workshop (HLDVT).

[15]  Chris Stokel-Walker Are you making cryptocurrency for crooks , 2018 .

[16]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[17]  Iddo Bentov,et al.  Proof of Activity: Extending Bitcoin's Proof of Work via Proof of Stake [Extended Abstract]y , 2014, PERV.

[18]  Nicolas Courtois,et al.  The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining , 2013, ArXiv.

[19]  Omar Alfandi,et al.  Analysis of cloud computing attacks and countermeasures , 2016, 2016 18th International Conference on Advanced Communication Technology (ICACT).

[20]  Dimitris Gritzalis,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012, Comput. Secur..

[21]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[22]  Jeremy Clark,et al.  A First Look at Browser-Based Cryptojacking , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[23]  Tilman Wolf,et al.  A one-way proof-of-work protocol to protect controllers in software-defined networks , 2016, 2016 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[24]  Jordi Herrera-Joancomartí,et al.  Research and Challenges on Bitcoin Anonymity , 2014, DPM/SETOP/QASA.

[25]  Michal Zalewski Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks , 2005 .

[26]  Phivos Mylonas,et al.  Real-Life Paradigms of Wireless Network Security Attacks , 2011, 2011 15th Panhellenic Conference on Informatics.

[27]  Neil Gandal,et al.  Price Manipulation in the Bitcoin Ecosystem , 2017 .

[28]  Christoph Meinel,et al.  Advanced persistent threats: Behind the scenes , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[29]  Jega Anish Dev Bitcoin mining acceleration and performance quantification , 2014, 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE).

[30]  Li Gong,et al.  Enclaves: Enabling Secure Collaboration Over the Internet , 1996, IEEE J. Sel. Areas Commun..