CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? [email protected] @duckblog...
Transcript of CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? [email protected] @duckblog...
![Page 1: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/1.jpg)
Paul Ducklin Senior Technologist
versusCRYPTOMINING
What's the difference?
![Page 3: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/3.jpg)
performing the zillions of cryptographic calculations you need to earn hot-topic cryptocurrencies
such as Bitcoin, Monero or Ethereum x
“”
CRYPTOMINING
![Page 4: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/4.jpg)
2016 July-Dec
2017 Jan-June
2017 July-Dec
2018 Jan-June
$0
$20k
$0
$20k
$10k$10k
WHY CRYPTOMINING?
![Page 5: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/5.jpg)
2016 July-Dec
2017 Jan-June
2017 July-Dec
2018 Jan-June
$0
$20k
$0
$20k
$10k$10k
WHY CRYPTOMINING?
![Page 6: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/6.jpg)
2016 July-Dec
2017 Jan-June
2017 July-Dec
2018 Jan-June
$0
$20k
$0
$20k
$10k$10k
WHY CRYPTOMINING?
![Page 7: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/7.jpg)
HOW TO MINE?
![Page 8: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/8.jpg)
HOW TO MINE?
![Page 9: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/9.jpg)
HOW TO MINE?
![Page 10: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/10.jpg)
HOW TO MINE?
![Page 11: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/11.jpg)
HOW TO MINE?
Or...
![Page 12: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/12.jpg)
https://nakedsecurity.sophos.com/2016/09/08/cryptomining-malware-on-nas-servers-is-one-of-them-yours/
![Page 13: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/13.jpg)
https://nakedsecurity.sophos.com/2018/01/31/what-are-wannamine-attacks-and-how-do-i-avoid-them/
![Page 14: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/14.jpg)
https://nakedsecurity.sophos.com/2018/01/31/what-are-wannamine-attacks-and-how-do-i-avoid-them/
![Page 15: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/15.jpg)
https://nakedsecurity.sophos.com/2018/02/12/cryptomining-script-poisons-government-websites-what-to-do/
![Page 16: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/16.jpg)
https://nakedsecurity.sophos.com/2018/01/09/coffeeminer-project-lets-you-hack-public-wi-fi
![Page 17: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/17.jpg)
When you cryptomine without permission (from everyone concerned)
then you are cryptojacking - and in most organisations, you can
assume you don't have permission. x
“”
![Page 18: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/18.jpg)
DOES ROGUE MINING REALLY MATTER?
$2 of electricity ! A bit of heat 🤷
Some fan noise !
![Page 19: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/19.jpg)
DOES ROGUE MINING REALLY MATTER?
$2 of electricity ! A bit of heat 🤷
Some fan noise !
😖😡😱 Cryptojacking is the new ransomware!
![Page 20: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/20.jpg)
DOES ROGUE MINING REALLY MATTER?
1 There's a REPUTATIONAL cost
2 There's a REGULATORY cost
3 There's an OPPORTUNITY cost
4 There's the CUI BONO cost5
![Page 21: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/21.jpg)
DOES ROGUE MINING REALLY MATTER?
4 Where is all that money going?
![Page 22: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/22.jpg)
DOES ROGUE MINING REALLY MATTER?
4 Where is all that money going?
💉🔪💣🎯💩⚔
![Page 23: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/23.jpg)
The 5 Ps
Patch early, patch often
Pick proper passwords
Protect your portals (e.g. RDP)
Pounce on PUAs
Prefer 2FA
![Page 24: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/24.jpg)
Sophos Synchronised Security
![Page 25: CRYPTOMINING - Black Hat | Home · 7/20/2018 · Paul Ducklin Who am I? duck@sophos.com @duckblog nakedsecurity.sophos.com. performing the zillions of cryptographic calculations](https://reader035.fdocuments.net/reader035/viewer/2022070903/5f64444812c9f470bf3acb43/html5/thumbnails/25.jpg)