2 min Security

Sysdig integrates machine learning to detect cryptojacking attempts

Sysdig integrates machine learning to detect cryptojacking attempts

Container security firm Sysdig introduced ML-powered cloud detection to help businesses deal with cryptojacking threats.

Sysdig announced its latest machine-learning-backed response capability and cloud detection that can aid companies in dealing with various cryptojacking threats and vulnerabilities.


Sysdig believes cryptojacking is a growing concern for many businesses. Cryptojackers use a victim’s computing resources without authorization to mine crypto like Bitcoin (BTC).

The tactic includes hacking servers, placing mining-based software and using resources to earn money. In the meantime, victims are clueless, finding it hard to figure out why their spending on cloud computing has mushroomed.

Sysdig update

To identify these threats and vulnerabilities, Sysdig believes teams need ML algorithms tuned and trained to detect cryptocurrency mining patterns and avoid unwanted cloud fees.

The company claimed its latest tool is the way out, blocking cryptojackers from gaining control of cloud resources with 99 percent precision.

“Machine learning provides effective detection”, Sysdig VP of Engineering Omer Azaria said. “Sysdig developed an ML algorithm that is specifically tuned to detect cryptojacking before your cloud bill rockets.”

According to the Threat Horizon report by Google, cryptojacking is increasingly popular among hackers. Google said more than 80 percent of vulnerable Google Cloud environments were employed by hackers to mine crypto.

Though there are several reasons for its popularity, one major reason is that cybercriminals can employ low and slow attacks and hide what they do. This way, victims typically don’t know they’ve been breached until the bill for their cloud services is sent.

The expenses vary based on the victim and the number of cloud instances they run. Victims can easily suffer bills anywhere from $100,000 to $500,000.

Another reason Sysdig said why it’s common is because conventional security tools and gears lack visibility in container environments. Nowadays, the latest apps in the cloud are run in isolated runtime environments with a majority of components hosted isolated and separately to allow greater portability.