Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks

IF 2 4区 管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Organizational Computing and Electronic Commerce Pub Date : 2019-01-02 DOI:10.1080/10919392.2019.1552747
Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga
{"title":"Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks","authors":"Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga","doi":"10.1080/10919392.2019.1552747","DOIUrl":null,"url":null,"abstract":"ABSTRACT Crypto-mining attacks have emerged as a new generation of web-based attacks which have seen cybercriminals eschew the infamous crypto ransomware. The watering hole attack vector has by far been the most widely employed attack methodology but it faces the task of luring the victim to the infected web resources. However, cryptojacking injection presents a paradigm shift to web-based crypto-mining attacks in that it eliminates the need for a pivotal third-party such as the exploitable web server. Thus, instead of attacking credit card and other private information of e-commerce users, attackers seek to maliciously abuse a victim’s CPU to generate cryptocurrency. In this paper, we investigate and evaluate cryptojacking injection – a state-of-the-art web-centric attack vector in the crypto-mining attacks landscape. We formulate an attack model based on finite state machines which depicts the various breaches of confidentiality, integrity and availability in the web system as the attack progresses. We show how this new attack vector attacks some of the core components of e-commerce (URL, HTTP and HTML) to generate Monero crypto currency from benign web users. We evaluate our modeling approach with a series of experiments with two attack scenarios using different operating systems. Results show that the attack is indeed cross-platform and feasible on any operating system of a browser-capable device. We analyze the generated network traffic during the attack and draw features such as URLs and the parsed files, the associated cryptographic hashes, and the IP addresses of the crypto-mining domains. These, together with host-based features such as exhaustive CPU usage can be used as indicators of compromise and subsequently act as feed into intrusion detection systems.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"29 1","pages":"40 - 59"},"PeriodicalIF":2.0000,"publicationDate":"2019-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2019.1552747","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2019.1552747","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 14

Abstract

ABSTRACT Crypto-mining attacks have emerged as a new generation of web-based attacks which have seen cybercriminals eschew the infamous crypto ransomware. The watering hole attack vector has by far been the most widely employed attack methodology but it faces the task of luring the victim to the infected web resources. However, cryptojacking injection presents a paradigm shift to web-based crypto-mining attacks in that it eliminates the need for a pivotal third-party such as the exploitable web server. Thus, instead of attacking credit card and other private information of e-commerce users, attackers seek to maliciously abuse a victim’s CPU to generate cryptocurrency. In this paper, we investigate and evaluate cryptojacking injection – a state-of-the-art web-centric attack vector in the crypto-mining attacks landscape. We formulate an attack model based on finite state machines which depicts the various breaches of confidentiality, integrity and availability in the web system as the attack progresses. We show how this new attack vector attacks some of the core components of e-commerce (URL, HTTP and HTML) to generate Monero crypto currency from benign web users. We evaluate our modeling approach with a series of experiments with two attack scenarios using different operating systems. Results show that the attack is indeed cross-platform and feasible on any operating system of a browser-capable device. We analyze the generated network traffic during the attack and draw features such as URLs and the parsed files, the associated cryptographic hashes, and the IP addresses of the crypto-mining domains. These, together with host-based features such as exhaustive CPU usage can be used as indicators of compromise and subsequently act as feed into intrusion detection systems.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
加密注入:向基于加密货币的以网络为中心的互联网攻击的范式转变
摘要加密挖矿攻击是新一代基于网络的攻击,网络犯罪分子避开了臭名昭著的加密勒索软件。水坑攻击向量是迄今为止应用最广泛的攻击方法,但它面临着将受害者引诱到受感染的网络资源的任务。然而,加密劫持注入向基于web的加密挖掘攻击提供了一种范式转变,因为它消除了对关键第三方(如可利用的web服务器)的需求。因此,攻击者不是攻击电子商务用户的信用卡和其他私人信息,而是试图恶意滥用受害者的CPU来生成加密货币。在本文中,我们研究并评估了加密劫持注入——加密攻击领域最先进的以网络为中心的攻击向量。我们建立了一个基于有限状态机的攻击模型,该模型描述了随着攻击的进行,网络系统中对机密性、完整性和可用性的各种破坏。我们展示了这种新的攻击向量如何攻击电子商务的一些核心组件(URL、HTTP和HTML),以从良性网络用户生成Monero加密货币。我们通过使用不同操作系统的两种攻击场景的一系列实验来评估我们的建模方法。结果表明,该攻击确实是跨平台的,在任何具有浏览器功能的设备的操作系统上都是可行的。我们分析了攻击期间生成的网络流量,并绘制了URL和解析的文件、相关的加密哈希以及加密挖掘域的IP地址等特征。这些功能,以及基于主机的功能,如详尽的CPU使用情况,可以用作折衷的指标,并随后作为入侵检测系统的反馈。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Organizational Computing and Electronic Commerce
Journal of Organizational Computing and Electronic Commerce 工程技术-计算机:跨学科应用
CiteScore
5.80
自引率
17.20%
发文量
7
审稿时长
>12 weeks
期刊介绍: The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.
期刊最新文献
Revisiting Mobile Payment Risk-Reduction Strategies: A Cross-Country Analysis Synthesizing Information Security Policy Compliance And Non-compliance: A Comprehensive Study And Unified Framework The Role of Secure Online Payments in Enabling the Development of E-Tailing Acceptance of Rpa in Public Sector Institutions Money at my Fingertips: Decoding the Role of Referent Network Size and Financial Knowledge in Reinforcing Continuance Intention of m-Payment Services
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1