Sysdig blocks crypto-jacking in the cloud using Machine Learning

Cloud development security specialist Sysdig has added crypto-jacking protection to its platform, strengthening its cloud detection and response to prevent unexpected costs.

Sysdig announced machine learning-powered cloud detection and response (CDR) to combat cryptojacking. The company’s threat engine and detection algorithms block cryptojacking in the cloud with 99% precision.

Cryptojacking is the unauthorised use of someone else’s compute resources to mine cryptocurrency. According to the Google Cloud Threat Horizons Report, 86% of compromised Google Cloud instances were used for cryptocurrency mining. Cryptojackers use low-and-slow attack techniques to mask what they are doing so those impacted do not realise until they receive their cloud bill. The longer cryptojacking goes undetected, the greater the financial impact. While the average increase in a monthly bill varies by report, it is not uncommon for cryptojackers to run up a $100,000 – $500,000 bill in a single month. Time is of the essence.

While the cloud and on-premises security challenges seem similar, the attack patterns and detection techniques are fundamentally different and require different approaches. Traditional tools lack the visibility into container environments and breadth of coverage needed to identify threats and anomalies at runtime. A multi-layered approach that includes curated rules and machine learning is better suited to address the complex threats in cloud environments. To detect threats like cryptojacking, teams need machine learning algorithms that are trained and tuned to recognise cryptocurrency mining patterns immediately to avoid unexpected cloud fees, which can have a significant financial impact.

The CDR can:

  • Block cryptominers with 99% precision: Sysdig Secure machine learning is trained to automatically detect cryptominers. Even as new cryptojackers come into play, highly precise and continually evolving algorithms keep the model up-to-date and drastically reduce false positives.


  • Prevent unexpected costs: Early detection is the only way to avoid hefty cryptojacking bills and reputation damage due to an attack. Sysdig is able to detect behaviour patterns even if the cryptominer slowly ramps up use of cloud resources.


  • Strengthen security with a multi-layered approach to cloud detection and response: Effective protection in today’s threat landscape requires multiple protection layers. Sysdig threat detection uses machine learning to complement a rules-based approach based on Falco. Easily customisable out-of-the-box policies curated by the Sysdig Threat Research Team maximise coverage. Adding defence techniques, such as profiling, comprehensive indicators of compromise (IOCs), and Drift Control further strengthen security.


“Machine learning is not a silver bullet for detecting threats. Many vendors throw around ‘ML’ quite loosely for solutions that are not true machine learning,” said Omer Azaria, Vice President of Engineering at Sysdig. “Cryptojacking is a specific use case where machine learning provides effective detection. Sysdig developed an ML algorithm that is specifically tuned to detect cryptojacking before your cloud bill skyrockets.”



Sysdig Secure customers have access to the machine learning-powered threat detection now and for new customers, it is included in Sysdig Secure at no additional cost.