SOAR renewal? Migrate to D3 for free

Learn More
Get a Demo

Cryptojacking

Cryptojacking Detection & Remediation

Cryptojacking — hijacking a machine to run cryptomining scripts — is a common attack against enterprise cloud environments, such as AWS EC2 instances. Smart SOAR helps you to detect and prevent cryptojacking attacks by automating the advanced threat and malware removal process using playbooks. Smart SOAR analyzes credential dumps, logs, instance metadata, and IP addresses to detect suspicious activity. Furthermore, it removes attackers’ access to your environment, restores legitimate processes, and remediates compromised endpoints.

Steps for Orchestrated Cryptojacking Response

Step 1:

When D3 is alerted to a potential cryptojacking event, the analyst can trigger an incident-specific cryptojacking playbook.

Step 2:

D3 investigates the IOCs, determining the reputation of the URLs and IPs, and blocks them if necessary.

Step 3:

Simultaneously, D3 retrieves logs from Datadog or another integrated tool and also retrieves the details of the affected instance.

Step 4:

D3 retrieves the security group details of the affected instance and the analyst decides if the EC2 or hosts need to be quarantined. D3 then quarantines the EC instance and takes a volume snapshot.

Step 5:

Simultaneously, D3 queries the mapping list to get the McAfee ePO system name, groups, and system details.

Step 6:

D3 then orchestrates a scan of the EC2 instance via ePO.

Step 7:

Finally, D3 generates a summary report of the incident.

Benefits of Cryptojacking Protection

Full Investigation of Incidents

D3 acts as a bridge between application performance monitoring (APM) tools and security tools, enabling users to turn evidence of cryptojacking into end-to-end, automation-powered investigation and response.

Hybrid Security

D3 integrates with cloud and on-premise tools, empowering incident response that can leverage the entire security stack and span across environments.

Automatic Escalation

Users of Datadog or another APM tool can set up filters to automatically escalate signs of cryptojacking to D3 for investigation.

Act Quickly and Efficiently

By automating cryptojacking response, you can rapidly minimize the damage of attacks with minimal resources used on each incident.

New to Smart SOAR?

Learn how Smart SOAR outperforms conventional SOAR tools in every aspect of threat detection, analysis, and incident response.

Get Started