By Martin Voorzanger, EclecticIQ
There have been significant fluctuations in the value of cryptocurrency in the past twelve months, a volatility that has already enabled some traders to reap the rewards. However, it’s not just the financial watchdogs that are worried.
Beyond traders, there is another group profiting from the turbulence of cryptocurrencies – cyber criminals. The digital bank heist of tomorrow is quickly becoming a reality, with a notable increase in crypto exchange breaches and reports of crypto malware on the rise.
Crime is money
What’s interesting about some of the criminal cryptocurrency activity seen to date is that it is based around well-known methods of hacking, such as phishing and social engineering. One example of this is the NiceHash raid in 2017. Cyber criminals accessed the company’s payment services through an employee PC, resulting in the theft of 4,700 Bitcoins – valued at a cool $70million at the time. Not only that, Syscoin was targeted through its GitHub account, where a slightly adjusted client was uploaded. As the company advises to use 2FA, it could be suggested that it was uploaded through an employee’s (or other code contributor’s) GitHub account.
With South Korea’s largest crypto exchange, Bithumb, an employee’s home computer was targeted and a vast amount of personal data stolen. While there was no theft of funds here, the hack had a significant impact on Bithumb nonetheless. Its customers reported emails and calls defrauding them of money, leading to both reputational damage and financial loss for the company. In a separate incident in June 2018, hackers did indeed access funds from Bithumb – at the cost of a cool $30 million.
Security – via blockchain – lies at the heart of many cryptocurrencies, but it’s clear that this alone doesn’t go far enough. Regardless of the robustness of blockchain, employees within these exchanges, along with their devices, remain a weak link in the security “chain”. That’s why good security hygiene is not optional – it’s an essential part of any finance function, crypto or otherwise.
The new bots
In addition to the more ‘traditional’ cybercrime tactics, there are new techniques emerging to target the crypto industry specifically. Cryptojacking is one example of this, which sees employees’ computers targeted for criminals to mine cryptocurrencies – without knowledge of the user or their organisation. The rising value of cryptocurrencies means this is a lucrative exploit for cybercriminals and, while each device can only mine small amounts of cryptocurrencies, hackers are getting into so many machines that they are able to create botnets. Collectively, this can deliver large profits.
Cryptojacking isn’t as destructive as other attacks using ransomware, for example. However it still means the devices are compromised, which not only leads to poor performance and affects the longevity of devices, but also means the door is wide open to more serious threats.
But the issue of cryptojacking is moving beyond the employee PC into far more worrying territory, with the first case of a major industrial control system network infected with cryptojacking malware discovered earlier this year. Security firm Radiflow made the discovery, warning that an attack of this nature “can threaten the stability and availability of the physical processes of a critical infrastructure operator”.
A very real reality
Whether criminals are looking to steal crypto assets, mine them covertly or simply cause disruption, the threat is without doubt very real – and growing day by day. A recent report from Microsoft noted a huge surge in coin-mining trojans in Windows PCs in the past six months, advising businesses not to treat them as a nuisance but as a serious threat. The report also noted that while external cybercriminals are often the perpetrators, there is also a growing threat of employees planting unauthorised miners on powerful company systems.
Amongst all of these various threats, humans remain the weakest link in the security chain. Cybercriminals are still using the tactics, techniques and procedures (TTPs) that they know work – and individuals continue to be manipulated and conned into compliance. Despite the security of the cryptocurrencies themselves, the technical systems and exchanges that surround them continue to let the bad guys in.
It’s clear that criminal activity in the crypto space is only going to increase further. As such, organisations across the world must ensure they stay abreast of developments in the crypto world and have adequate measures in place to defend their networks accordingly. Not only that, it’s vital that the employees themselves understand how cybercriminals work and the threats associated with social engineering. Only then can an organisation effectively protect against this new – and prolific – type of threat.