Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks
【Author】 Zimba, Aaron; Wang, Zhaoshun; Chen, Hongsong; Mulenga, Mwenge
【Source】KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS
【影响因子】0.972
【Abstract】Recently, ransomware has earned itself an infamous reputation as a force to reckon with in the cybercrime landscape. However, cybercriminals are adopting other unconventional means to seamlessly attain proceeds of cybercrime with little effort. Cybercriminals are now acquiring cryptocurrencies directly from benign Internet users without the need to extort a ransom from them, as is the case with ransomware. This paper investigates advances in the cryptovirology landscape by examining the state-of-the-art cryptoviral attacks. In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively. We examine three cryptoviral attack structures: browser-based crypto mining, memory resident crypto mining and cryptoviral extortion. These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers and crypto mining pools. The digital forensics evidence, which essentially are IOCs include network artifacts such as C2 server domains, IPs and cryptographic hash values of the downloaded files apart from the malware hash values. Such evidence can be used as seed into intrusion detection systems for mitigation purposes.
【Keywords】Cryptovirology; cryptoviral attack; crypto-mining; crypto ransomware; cybercrime; cryptocurrency
【发表时间】2019 30-Jun
【收录时间】2022-01-02
【文献类型】
【主题类别】
--
【DOI】 10.3837/tiis.2019.06.027
评论