Sysdig Inc., the application container security firm, said today it’s introducing a new, machine learning-powered cloud detection and response capability that can help enterprises deal with the threat of “cryptojacking.”
Cryptojacking is slowly becoming a major concern for enterprises, Sysdig believes. It refers to the unauthorized use of someone’s computing resources — be it a server, personal computer or some other device — to mine cryptocurrencies such as bitcoin.
The tactic involves hacking a server, for example, and then installing mining software on it and using its resources to make money for the hacker. Meanwhile, the victims are left wondering why their cloud computing costs have suddenly mushroomed.
Sysdig cites the most recent edition of the Google Cloud Threat Horizons report, which shows that cryptojacking has become very popular with hackers. It found that 86% of compromised Google Cloud instances last year were used to mine cryptocurrency. One of the reasons why cryptojacking is so popular is that attackers can use “low-and-slow” attack techniques to hide what they’re doing, so those who have been compromised will not realize they have been attacked until their cloud bill arrives.
Cryptojacking can run up huge costs depending on how big the victims are and how many cloud instances they’re running. In some cases, victims have been hit with bills of between $100,000 and $500,000, Sysdig said. Clearly, then, enterprises need to do all they can to avoid becoming victims of it.
Sysdig said that another reason why cryptojacking is so common is that traditional security tools lack visibility into container environments. These days, most modern applications in the cloud are “containerized,” with most of their components hosted separately and isolated to enable greater portability.
Traditional anti-malware software tools struggle to protect container environments, Sysdig says, adding that a multilayered, machine learning-based approach to security is more effective. To detect such threats, the company explained, teams need machine learning algorithms that are trained and tuned to recognize cryptocurrency mining pattern immediately to avoid unexpected cloud fees.
Sysdig claims that its new tool is just the ticket, blocking cryptojackers from hijacking cloud resources with up to 99% precision. Available now within its flagship Sysdig Secure product, it can automatically detect when crypto mining is taking place and shut down those resources immediately to prevent sky-high cloud bills.
Users can quickly implement customizable, out-of-the-box security policies curated by Sysdig’s Threat Research Team. They can also add defense techniques such as profiling, comprehensive indicators of compromise and drift control to further enhance their security. What’s more, Sysdig says, the tool is regularly updated with its evolving algorithms to ensure hackers can’t outsmart it by employing new techniques.
Sysdig Vice President of Engineering Omer Azaria said machine learning is not the silver bullet for detecting all kinds of threats, as many other security providers suggest. However, he said it can be effective at detecting some very specific kinds of threats, cryptojacking a primary example.
“Machine learning provides effective detection,” Azaria said. “Sysdig developed an ML algorithm that is specifically tuned to detect cryptojacking before your cloud bill rockets.”