Corey O’Connor, Product Marketing Manager, CyberArk
Cryptocurrency seems to bring out the best effort from cyber criminals.
From nation states to traditional attackers, the rise in crypto-related attacks is gathering serious momentum.
2018 has certainly been dominated by major multi-million dollar heists related to crypto-currencies. The motivation is clear: crypto crime is a lucrative business. Despite the recent drop, cryptocurrency values have skyrocketed over the past couple of years incentivising attackers to create malicious code and sophisticated hacking tools to harvest cryptocurrency coins. One quick way to a massive pay out is achieved by compromising a digital wallet and stealing the wallet’s private key. When attackers get their hands on a digital wallet, they can take full control of any funds.
Many online outlets have started to accept cryptocurrency right alongside good old-fashioned cash and credit. This trend is commercialising decentralised currency and forcing the hand of many big banks to get on board. The leg up criminals have, in many of these attacks, is the anonymity involved in crypto-transactions. As this form of currency gains more credibility, organisations across all sectors will need to implement security controls to mitigate risk against crypto-credentials being exploited.
So, what are digital wallets?
There are two types of digital wallets: hot wallets and cold wallets. It’s easier to think of these wallets as bank accounts, where hot wallets would be the checking account and cold wallets would be the savings account. Typically, hot wallets are used by end users and organisations to store smaller amounts of currency, adding the need to be more fluid in nature for quick transfers and exchanges. Hot wallets are usually always connected to the Internet to be ready to use and ensuring the fluidity of transactions. There are many cryptocurrency services such as Coinbase and Bittrex that manage and store the wallet’s private key and provide users with easy access. In most cases, this type of managed service is password protected.
Conversely, cold wallets, used by organisations and security-savvy individuals, typically hold much larger amounts of digital currency. This type of wallet keeps its associated private key off the internet completely (for obvious reasons) and often stores it on an offline computer. Yet, as demonstrated by some of the recent hacks, if the network becomes compromised, then the keys will follow suit shortly thereafter.
There are solutions out there that store private keys on a USB stick-like device that does not allow the extraction of the private key. The device is simply inserted into a computer to prove the user has access to the key (using cryptographic functionality zero trust algorithms). This solution provides sound security on the private keys; however, this is not suitable for larger organisations that need to control who has access to the device and its associated credentials.
How to avoid a ‘digital mugging’
Cryptocurrency private keys are not always used just by human users. There are many automated processes that perform cryptocurrency transactions as well. Securing private keys for all users (both human and machine) is a critical first step, swiftly followed by authenticating and identifying who has access to the keys, controlling the access and monitoring its usage.
What’s imperative is that we start to view cryptocurrency private keys as another type of a privileged credential, and take steps to manage and protect them, with the appropriate workflows and access controls.
Here are six key (excuse the pun) considerations to help secure and protect cryptographic keys:
- Store cryptographic keys in a secure digital vault – Move keys into a digital vault with multiple layers of security wrapped around it, enforce multi-factor authentication to all users who have access to the vault.
- Introduce role segregation – Control individual access to stored keys, preventing even the most privileged administrators from getting to them unless explicit permissions have been granted.
- Enable secure application access – Enable access to stored keys for authorised applications and verify that the applications are legitimate.
- Audit and review access key activity – Audit all activity related to key access and implement trigger events to alert the necessary individuals of any key activity.
- Enforce workflow approvals – Enforce workflow approvals for anything considered to be highly sensitive and the same goes for accessing the keys.
- Monitor cryptocurrency administrator activities – Facilitate connections – similar to an automated secure proxy/jump host – to target systems that are used to perform cryptocurrency administrator activities (e.g. the system hosting the wallet).
Cybercriminals will continue to look at this technology as another opportunity to line their pockets and it is increasingly hard to stay one step ahead of these savvy hackers. But with organisations needing to respond to demand for this type of currency, it’s essential to put in place safeguards, rather than just jumping in on the trend. Protecting critical systems from key harvesting and many other types of advanced attacks will be key in ensuring they don’t find themselves caught out.