Title:
"Detection of browser-based crypto-currency mining"
Name:
Dr. Veelasha Moonsamy
Short-Bio:
Veelasha Moonsamy is a tenured research faculty at Ruhr University Bochum in Germany. She was previously a tenure-track Assistant Professor in the Digital Security group at Radboud University in The Netherlands, where she also worked for a few years as a postdoctoral researcher. She received her PhD degree in 2015 from Deakin University (Australia). Her research interests revolves around security and privacy on mobile devices, in particular side- and covert-channel attacks, malware detection, and mitigation of information leaks at application and hardware level.
https://veelasha.org/
Abstract:
A wave of alternative coins that can be effectively mined without specialized hardware, and a surge in cryptocurrencies’ market value has led to the development of cryptocurrency mining (cryptomining) services, which can be easily integrated into websites to monetize the computational power of their visitors. While legitimate website operators are exploring these services as an alternative to advertisements, they have also drawn the attention of cybercriminals: drive-by mining (also known as cryptojacking) is a new web-based attack, in which an infected website secretly executes JavaScript code and/or a WebAssembly module in the user’s browser to mine cryptocurrencies without her consent.
In this talk, I will elaborate on the comprehensive analysis we performed on Alexa’s Top 1 Million websites to shed light on the prevalence and profitability of this attack. We study the websites affected by drive-by mining to understand the techniques being used to evade detection, and the latest web technologies being exploited to efficiently mine cryptocurrency. As a result of our study, we identified 20 active cryptomining campaigns. Furthermore, motivated by our findings, we investigate possible countermeasures against this type of attack. I will discuss how current blacklisting approaches and heuristics based on CPU usage are insufficient, and present MineSweeper, a novel detection technique that is based on the intrinsic characteristics of cryptomining code, and, thus, is resilient to obfuscation.
https://dl.acm.org/doi/pdf/10.1145/3243734.3243858
Time and date:
14:00, March 16th, 2022
Location: 614-4514-3860
