Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2019-01-02 DOI:10.1080/10919392.2019.1552747

Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga

{"title":"Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks","authors":"Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga","doi":"10.1080/10919392.2019.1552747","DOIUrl":null,"url":null,"abstract":"ABSTRACT Crypto-mining attacks have emerged as a new generation of web-based attacks which have seen cybercriminals eschew the infamous crypto ransomware. The watering hole attack vector has by far been the most widely employed attack methodology but it faces the task of luring the victim to the infected web resources. However, cryptojacking injection presents a paradigm shift to web-based crypto-mining attacks in that it eliminates the need for a pivotal third-party such as the exploitable web server. Thus, instead of attacking credit card and other private information of e-commerce users, attackers seek to maliciously abuse a victim’s CPU to generate cryptocurrency. In this paper, we investigate and evaluate cryptojacking injection – a state-of-the-art web-centric attack vector in the crypto-mining attacks landscape. We formulate an attack model based on finite state machines which depicts the various breaches of confidentiality, integrity and availability in the web system as the attack progresses. We show how this new attack vector attacks some of the core components of e-commerce (URL, HTTP and HTML) to generate Monero crypto currency from benign web users. We evaluate our modeling approach with a series of experiments with two attack scenarios using different operating systems. Results show that the attack is indeed cross-platform and feasible on any operating system of a browser-capable device. We analyze the generated network traffic during the attack and draw features such as URLs and the parsed files, the associated cryptographic hashes, and the IP addresses of the crypto-mining domains. These, together with host-based features such as exhaustive CPU usage can be used as indicators of compromise and subsequently act as feed into intrusion detection systems.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"29 1","pages":"40 - 59"},"PeriodicalIF":2.0000,"publicationDate":"2019-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2019.1552747","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2019.1552747","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 14

Abstract

ABSTRACT Crypto-mining attacks have emerged as a new generation of web-based attacks which have seen cybercriminals eschew the infamous crypto ransomware. The watering hole attack vector has by far been the most widely employed attack methodology but it faces the task of luring the victim to the infected web resources. However, cryptojacking injection presents a paradigm shift to web-based crypto-mining attacks in that it eliminates the need for a pivotal third-party such as the exploitable web server. Thus, instead of attacking credit card and other private information of e-commerce users, attackers seek to maliciously abuse a victim’s CPU to generate cryptocurrency. In this paper, we investigate and evaluate cryptojacking injection – a state-of-the-art web-centric attack vector in the crypto-mining attacks landscape. We formulate an attack model based on finite state machines which depicts the various breaches of confidentiality, integrity and availability in the web system as the attack progresses. We show how this new attack vector attacks some of the core components of e-commerce (URL, HTTP and HTML) to generate Monero crypto currency from benign web users. We evaluate our modeling approach with a series of experiments with two attack scenarios using different operating systems. Results show that the attack is indeed cross-platform and feasible on any operating system of a browser-capable device. We analyze the generated network traffic during the attack and draw features such as URLs and the parsed files, the associated cryptographic hashes, and the IP addresses of the crypto-mining domains. These, together with host-based features such as exhaustive CPU usage can be used as indicators of compromise and subsequently act as feed into intrusion detection systems.

查看原文本刊更多论文

加密注入:向基于加密货币的以网络为中心的互联网攻击的范式转变

摘要加密挖矿攻击是新一代基于网络的攻击，网络犯罪分子避开了臭名昭著的加密勒索软件。水坑攻击向量是迄今为止应用最广泛的攻击方法，但它面临着将受害者引诱到受感染的网络资源的任务。然而，加密劫持注入向基于web的加密挖掘攻击提供了一种范式转变，因为它消除了对关键第三方（如可利用的web服务器）的需求。因此，攻击者不是攻击电子商务用户的信用卡和其他私人信息，而是试图恶意滥用受害者的CPU来生成加密货币。在本文中，我们研究并评估了加密劫持注入——加密攻击领域最先进的以网络为中心的攻击向量。我们建立了一个基于有限状态机的攻击模型，该模型描述了随着攻击的进行，网络系统中对机密性、完整性和可用性的各种破坏。我们展示了这种新的攻击向量如何攻击电子商务的一些核心组件（URL、HTTP和HTML），以从良性网络用户生成Monero加密货币。我们通过使用不同操作系统的两种攻击场景的一系列实验来评估我们的建模方法。结果表明，该攻击确实是跨平台的，在任何具有浏览器功能的设备的操作系统上都是可行的。我们分析了攻击期间生成的网络流量，并绘制了URL和解析的文件、相关的加密哈希以及加密挖掘域的IP地址等特征。这些功能，以及基于主机的功能，如详尽的CPU使用情况，可以用作折衷的指标，并随后作为入侵检测系统的反馈。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.