Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


The digital ‘bank job’ – investigating the unprecedented rise in crypto threats

The digital ‘bank job’ – investigating the unprecedented rise in crypto threats

By Martin Voorzanger, EclecticIQ 

There have been significant fluctuations in the value of cryptocurrency in the past twelve months, a volatility that has already enabled some traders to reap the rewards. However, it’s not just the financial watchdogs that are worried.

Beyond traders, there is another group profiting from the turbulence of cryptocurrencies – cyber criminals. The digital bank heist of tomorrow is quickly becoming a reality, with a notable increase in crypto exchange breaches and reports of crypto malware on the rise.

Crime is money

What’s interesting about some of the criminal cryptocurrency activity seen to date is that it is based around well-known methods of hacking, such as phishing and social engineering. One example of this is the NiceHash raid in 2017. Cyber criminals accessed the company’s payment services through an employee PC, resulting in the theft of 4,700 Bitcoins – valued at a cool $70million at the time. Not only that, Syscoin was targeted through its GitHub account, where a slightly adjusted client was uploaded. As the company advises to use 2FA, it could be suggested that it was uploaded through an employee’s (or other code contributor’s) GitHub account.

With South Korea’s largest crypto exchange, Bithumb, an employee’s home computer was targeted and a vast amount of personal data stolen. While there was no theft of funds here, the hack had a significant impact on Bithumb nonetheless. Its customers reported emails and calls defrauding them of money, leading to both reputational damage and financial loss for the company. In a separate incident in June 2018, hackers did indeed access funds from Bithumb – at the cost of a cool $30 million.

Security – via blockchain – lies at the heart of many cryptocurrencies, but it’s clear that this alone doesn’t go far enough. Regardless of the robustness of blockchain, employees within these exchanges, along with their devices, remain a weak link in the security “chain”. That’s why good security hygiene is not optional – it’s an essential part of any finance function, crypto or otherwise.

The new bots

In addition to the more ‘traditional’ cybercrime tactics, there are new techniques emerging to target the crypto industry specifically. Cryptojacking is one example of this, which sees employees’ computers targeted for criminals to mine cryptocurrencies – without knowledge of the user or their organisation. The rising value of cryptocurrencies means this is a lucrative exploit for cybercriminals and, while each device can only mine small amounts of cryptocurrencies, hackers are getting into so many machines that they are able to create botnets. Collectively, this can deliver large profits.

Cryptojacking isn’t as destructive as other attacks using ransomware, for example. However it still means the devices are compromised, which not only leads to poor performance and affects the longevity of devices, but also means the door is wide open to more serious threats.

But the issue of cryptojacking is moving beyond the employee PC into far more worrying territory, with the first case of a major industrial control system network infected with cryptojacking malware discovered earlier this year. Security firm Radiflow made the discovery, warning that an attack of this nature “can threaten the stability and availability of the physical processes of a critical infrastructure operator”.

A very real reality

Whether criminals are looking to steal crypto assets, mine them covertly or simply cause disruption, the threat is without doubt very real – and growing day by day. A recent report from Microsoft noted a huge surge in coin-mining trojans in Windows PCs in the past six months, advising businesses not to treat them as a nuisance but as a serious threat. The report also noted that while external cybercriminals are often the perpetrators, there is also a growing threat of employees planting unauthorised miners on powerful company systems.

Amongst all of these various threats, humans remain the weakest link in the security chain. Cybercriminals are still using the tactics, techniques and procedures (TTPs) that they know work – and individuals continue to be manipulated and conned into compliance. Despite the security of the cryptocurrencies themselves, the technical systems and exchanges that surround them continue to let the bad guys in.

It’s clear that criminal activity in the crypto space is only going to increase further. As such, organisations across the world must ensure they stay abreast of developments in the crypto world and have adequate measures in place to defend their networks accordingly. Not only that, it’s vital that the employees themselves understand how cybercriminals work and the threats associated with social engineering. Only then can an organisation effectively protect against this new – and prolific – type of threat.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post