Once confined to the underworld of dark web markets and ransomware payments, cryptocurrency has made impressive strides toward legitimacy in recent years and true to form, cybercriminals are following the money. In fact, analyst firm Gartner predicts that by the year 2020, the banking industry will derive one billion dollars of business value from the use of blockchain-based cryptocurrencies. The continued endorsement of cryptocurrency will, however, only fuel security risks associated with digital transactions. Fortunately, there are ways that conscientious organizations and consumers can keep their cryptocurrency investments safe.
How Did We Get Here?
Cryptocurrency has been around for more than a decade. The most widely used currency — Bitcoin — was launched in 2009. Its easy procurement and relative anonymity made cryptocurrency an early favorite among cybercriminals. Cybercrime campaigns had been using nontraditional currencies for years, mostly for their own exchanges, but occasionally for an extortion effort. None of the earlier electronic currencies ever achieved wide adoption, but when Bitcoin did so, they sensed an opportunity. Suddenly, a ransom demand could be made in Bitcoin, with a reasonable chance that the victim would actually be able to figure out how to pay it. It’s no accident that billions of emails, compromised websites and even mobile apps have sought to infect users with ransomware in the last three years.
While its checkered past and recent volatility have been well chronicled, less well known has been its growing acceptance among banks and other financial institutions as more consumers get into the cryptocurrency game. For example, many apartment dwellers around the world can now pay the rent via Bitcoin, using third-party providers like Coinbase and ManageGo.
Another little talked about but significant trend in cryptocurrency adoption has come from large investments from banks and tech companies to hedge against future ransomware attacks. Because ransomware attackers often ask for payments in cryptocurrency, these institutions bought early in large quantities at lower prices. When cryptocurrency prices surged, this risk management initiative turned out to be a surprisingly strong investment.
Cryptocurrency Threats And Following The Money
As with most early adopters, the first wave of cryptocurrency users had a built-in tech savviness and operational security not necessarily shared by the public at large. As a result, the growing acceptance of cryptocurrency is not without risk. Let’s start with one important fact.
Mining cryptocurrency requires enormous amounts of computing power. As a result, business networks have become popular targets among crypto thieves. The Proofpoint cybersecurity research team recently identified, tracked and helped dismantle part of a massive botnet. The botnet included individual companies with thousands of compromised endpoints, all working surreptitiously to mine cryptocurrency and spread the infection further across the corporate network.
Because cyberthieves always follow the money, the exploding popularity of cryptocurrency has impacted cyberattacks in several ways.
• Nation-states are getting into the game. Crime syndicates in Russia and China, as well as nation states like North Korea, are devoting large teams toward “illicit cryptomining.” Targets include Windows servers, Android phones and IoT devices running embedded servers.
• Email phishing aimed at cryptocurrency users has increased. 2017 was a record year for email phishing and the Proofpoint research team saw a big uptick in messages aimed at cryptocurrency users. Any cryptocurrency owner with an account on a cryptocurrency exchange or a digital wallet could be compromised. These kinds of attacks often try to steal credentials and wallet IDs, which enable cybercriminals to complete fraudulent funds with third parties or withdraw funds.
• Cryptocurrency values are highly volatile. Cryptocurrency values often swing wildly from day to day. To counter this, cybercriminals have adjusted and now often demand ransoms in local currency, even if payment is made in Bitcoin.
• Cybercriminals are shifting away from Bitcoin. Alt-currencies like Monero and Ethereum offer even greater anonymity than Bitcoin. These alt-currencies are now favorites among cybercriminals and are thus increasingly targeted.
So, What Can You Do?
There are some basic safeguards consumers and businesses should follow. Consumers of cryptocurrency should guard their credentials carefully and stay alert. They can also look out for fake mobile apps and typo-squatted domains that seem to represent legitimate exchanges at first but are actually camouflaged with a phony web address or identical branding. Be sure to always contact vendors through their established email, especially when you have received an unexpected notification from exchange and wallet services. You should never consider online wallets as a trusted form of storage for any significant amount of cryptocurrency.
Every business, regardless of size, should adopt the following three safeguards as well:
Organizations need to implement technology solutions that stop cryptocurrency-related phishing email attacks before they reach their intended victims. Make sure systems are updated and patched, and watch for users complaining about unexpectedly slow computers — that could indicate a miner infection.
2. Awareness And Training
It’s not enough to rely on technology. These attacks usually target specific individuals, so educating your workforce to identify and report potential threats is essential to maintaining a secure work environment.
3. Identify The Real VIPs
Cybercriminals don’t always target who you think. Yes, the CEO and chief financial officer (CFO) should be in this group, but so should anyone with specialized access to sensitive information or your organization’s cryptocurrency credentials.
Bitcoins and other cryptocurrencies are like cash in a wallet — much easier to steal if you can access the wallet itself, making losses less likely to be detected and almost impossible to recover. The cyber theft possibilities are expanding as more and more unsuspecting people explore the world of cryptocurrency. Those who invest in cryptocurrency are clearly comfortable with financial risk, but there’s no reason they should be comfortable with the security risk that comes with it.
Read more at: