PAYING THE PRICE OF BITCOIN
By Trevor Hough, Product Manger, Enterprise Security, Arbor Networks
Decentralised proof of ownership and cryptography-based currencies have been becoming increasingly more popular over the past several years. Analysts estimate there are more than 300 types of cryptography-based currencies currently in use. Bitcoin, and Lite coin are two of the more commonly used as organisations continue to grow an acceptance platform for crypto currencies. Offering an alternative payment platform brings multiple benefits to both the consumer and merchant, including reduced acceptance costs for the merchant and instant a global payment platform for the consumer. The rapid growth in value yielded by Bitcoin and Litecoin has provided a new market for arbitrage, digital asset trading, and a global payment system. Because of this, there is now a new market for malicious threats and fraud.
Cryptographic currencies are built off of a decentralised principal; no one “owns” the protocol and everyone can participate. Similarly, no one individual owns the Internet. If an individual wants to create a website, all that is needed is a computer and an egress port to the Internet. The same principal applies to Bitcoin. Everyone is able to participate and secure the protocol. The recent introduction of crypto currencies was designed with public-private key cryptography to ensure every transaction is secure, traceable, and verifiable. Organisations are quickly learning that cryptographic based currencies, principally Bitcoin, have gone mainstream in many areas around the world. Due to the global nature of the Internet, there is instant payment with accepting Bitcoin and other crypto currencies and no cost. This yields tremendous advantages when considering credit card fees can often surmount five percent of merchant’s profits per transaction.
Regardless if a business acknowledges an acceptance of crypto currencies, they are at risk for exposure to new malicious threats. Bitcoin, the most popular crypto currency to date, has seen rapid growth in perceived value. One year ago, Bitcoin was valued at $104 per coin with a peak in December of 2013, valued at roughly $1100 per coin. This explosion in value has created a haven for new advanced threats centered on creating or “mining” coins and also stealing coins. All devices have been targeted, including mobile, virtualisation platforms such as VMware, and endpoint devices. Businesses are becoming more exposed to malicious threats via insiders wanting to mine coins on company assets or unknowingly exposing the business via usual mechanisms such as new drive by downloads and malware attacks.
Companies looking to accept payment in crypto currencies open themselves to new types of exposure. Several considerations including whether to hold or instantly convert the newly acquired coins to fiat, pay other merchants in crypto or fiat, how to store crypto currencies, and how to convert to fiat if necessary all must be carefully thought about. Holding crypto currencies as a form of asset or payment exposes the business to a hacking risk similar to any digital based asset. Further, it exposes the business to extreme fluctuations in market valuations. Using a third party payment processor to convert crypto currencies into fiat can mitigate this. Should the business elect to forego these options and store the crypto currencies, they must consider the implications of how to store them, as most regulatory bodies do not currently insure the digital asset. Encrypted cold storage, storage separated via an air gap, is highly recommended for Bitcoin’s to ensure maximum security.
The new advances in cryptographic currencies have providedbusinesses unique opportunities to compete in a global market space. However, this has also yielded a new, innovative space for advanced threats and insider threats. Businesses need to be aware of the security implications cryptographic currencies have provided to the digital space, regardless of their stance. Careful investigation to both internal assets and users should be used for maximum protection from fraud and exposure to new waves of attacks. Further, businesses need to understand the security risks that are associated with accepting cryptographic currencies.