February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 2:45pm - 3:20pm
From Illuminating to Eliminating Crypto Jacking Techniques in Cloud Native - Mor Weinberger, Aqua Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Ever since cryptomining had emerged as a novel promising digital currency technology, its evil twin cryptojacking has gained popularity and become a major type of attack. Threat actors consider this attack as a low hanging fruit which allows them to easily cash out their attack, since one can easily convert compute power into digital coins. Moreover, defenders often mistakenly perceive this attack as a noisiness rather than an attack that allows to freely run remote code on your server. At first threat actors deployed cryptominers on unpatched servers and targeted browsers. Today attackers focus on the cloud native, including exploiting containers, Kubernetes, CI/CD and SCM platforms. In this Talk, we’ll explore the key concepts and techniques related to the evolvement of cryptomining and also explain on how to proactively protect your environment with open-source tools and approaches that will help you strengthen your security starting from static analysis and up to runtime protection. Below are some of the topics we shell include:
  • Reviewing of attacks, techniques & exploits. 
  • The main challenges threat actors face and overcome, how they maximize their gain and conceal their attacks 
  • Finally, we will present measures to mitigate and strengthen your environments

avatar for Mor Weinberger

Mor Weinberger

Staff Supply Chain Security Engineer, Aqua Security
Mor is a Staff Supply Chain Security Engineer at Aqua Security with vast experience in analyzing cloud native security and supply chain threats and developing solutions to defend against them. Mor recently worked alongside CIS to co-create the industry’s first formal guidelines... Read More →

Wednesday February 1, 2023 2:45pm - 3:20pm PST
Room 612
  Detections + Incidents + Response
  • Content Experience Level Any