Following the dramatic increase in the values of various cryptocurrencies in recent years, malicious actors have begun increasing their focus on cryptocurrency-related cyber attacks. Monero remains one of the most valuable cryptocurrencies that can still be mined through common systems. Monero,s privacy-focused features also make it appealing to cybercriminals. Because of this, malicious actors have been using a variety of means to install Monero miners on victim machines. These miners have the potential to negatively impact a victim's resources. This type of attack is becoming increasingly popular among Chinese cybercriminals. This represents a shift, as some Chinese actors leverage infrastructure and tools that were originally intended for DDoS purposes to mine Monero. This shift is reflected by chatter in Chinese underground forums, tools offered in hacking marketplaces, and payloads dropped by malicious campaigns. This presentation will take an in-depth look at illicit cryptocurrency mining activity conducted by Chinese cybercriminals. It will begin by examining the trend toward cryptocurrency attacks in general. Then it will focus on China, looking at the country,s cryptocurrency environment, and examining how some Chinese actors are transitioning from DDoS to mining-focused attacks. Then it will analyze tools and techniques, looking at Monero mining and hacking tools purchased on Chinese forums as well as malware samples collected through honeypots and Chinese social media platforms. Finally, it will address ways to mitigate the threat, through blacklisting, collecting samples, and using human intelligence.

Bio: David M. Liebenberg is a senior threat analyst for Cisco Talos. His research interests include Chinese cybersecurity policy, China,s underground hacking marketplace, as well as PRC military reform. Before joining Cisco, David worked as a research analyst at CNA, a federally funded research and development center in the Washington DC area. He conducted detailed research on politics, international relations, and defense in East Asia, using Mandarin-language sources, and produced written analysis for U.S. Government clients. Before that, he worked at the Council on Foreign Relations in the Asia Studies department, where he wrote comprehensive economic, political, and security analyses on China and translated Mandarin articles, essays, and microblogs. David holds an M.A. in East Asian studies from Columbia University and a B.A. in international studies from Kenyon College. He has also studied Mandarin Chinese at the Middlebury Summer Language Program, the CET Chinese language program at Zhejiang Technical University, and the Inter-University Program at Tsinghua University.

Back to ShowMeCon 2018 video list