Table 1 Cryptomining attack. Security analysis.
From: Synthetic flow-based cryptomining attack generation through Generative Adversarial Networks
Threat | Description | Impact | Risk |
|---|---|---|---|
Covered channel | Use of well known protocols such as HTTPS will avoid detection | Long-term concealment. Compromised system stay covered over long periods of time, due the lack of detection with classical tools | Very high |
Abuse of resources | Steal computer capacity in terms of CPU/memory | Unforeseen cost, in term of energy demanded or billing in pay per use model | High |
Malfunctioning | Competition over resources lead to some application to fail, e.g. lack of memory | Application degradation or disruption caused by resource competitiveness especially in virtualized environment | High |
Other malicious activity | Once compromised the system it can be dedicated to other illegal activities, e.g.: Distributed Denial of Service (DDoS), ransomware, etc. | Data loss, bandwidth outages | Medium |
Lateral movement | Compromise machine can be used as entry point for recognition (IP scanning) and propagation, inside the perimeter | Malware propagation, Advanced Persistent Threat (APT), data extrafiltration | Medium |
IP reputation | Source IP address is associated with malicious activity and added in IP bad reputation list | Public IPs associated to NAT can be blocked on the Internet, creating additional disruption | Low |
