By Danny Lopez, CEO of Glasswall
Since its creation in 2009, cryptocurrency has operated as a decentralized, self-managed method of payment for users who wanted to retain some level of anonymity.
As of November 2021, there are an estimated 7,557 cryptocurrencies on the market.
While once relatively unheard of, cryptocurrencies are no longer utilized exclusively by a niche group of early adopters. The market has grown tremendously and businesses are catching on; according to Pew Research, 16% of Americans say they’ve invested, traded, or used cryptocurrency in some capacity. Several major companies have announced that they now accept cryptocurrencies, such as Bitcoin as payment including Paypal, Starbucks, Whole Foods, Etsy and Microsoft.
As businesses incorporate cryptocurrency as payment and more people rely on it as currency, it exposes a new unregulated cybersecurity threat vector. This has led to an increase in crypto-based ransomware attacks including the JBS Foods attack and the Poly Network Attack. In an effort to combat the rise in ransomware attacks, the Biden Administration’s newly passed infrastructure bill requires reporting on “digital assets,” which include NFTs and cryptocurrencies.
Benefits of cryptocurrency
Cryptocurrency has grown in popularity largely due to its decentralized nature and capacity to give users some level of control. Users have the ability to self-manage their currency privately without outside intervention from third parties. It provides an easy, optimal transfer of funds for transactions and trades across currency exchanges. In addition, cryptocurrency is self-managed and governed, so the transactions are monitored and kept up to date by the miners who curate it. This helps ensure that the integrity of the cryptocurrency is maintained.
Disadvantages of cryptocurrency
Although many users appreciate cryptocurrency for its anonymity, this can be conversely disadvantageous too. Alternatively, there is still a risk of getting locked out, due to its strong hacking defenses and inaccessible authentication protocols, so if a user loses a key, there is no getting it back. Cryptocurrency is also irreversible as there is no ability for users to make refunds or cancellations. In addition, the market also uses large amounts of energy due to large requirements of computer power and electricity, resulting in a higher carbon footprint. This technology is new and evolving, which means there are more risks for cybercriminals to take advantage of.
Cybersecurity risks from cryptocurrency
Although cryptocurrencies offer benefits such as allowing users to have more control over their finances and transactions by remaining comparatively anonymous, this makes cryptocurrency a lucrative target for cybercriminals. Many blockchain and crypto-related technologies are experimental and relatively new, which means there are many areas for attackers to infiltrate. Crypto accounts must be treated with caution as account takeovers can result in stolen keys and personal information.
One of the common ways this can occur is through cryptojacking, when hackers use phishing and ransomware-like tactics to gain unauthorized access to the victim’s computer to run code that mines cryptocurrency in the background. This process is easily done by tricking the user into clicking on a link or online ad that releases the code onto the victim’s browser. Unlike other forms of malware, the code usually runs in the unseen without stealing any personal information, so it can run undetected for long periods of time. Google recently filed a lawsuit against the creators of “Glupteba,” a malicious botnet that performed cryptojacking on over 1 million devices. The sophisticated botnet weaponized the bitcoin blockchain by embedding code that looked for specific addresses.
How users can take precaution
One of the ways in which users can verify the safety of their cryptocurrency exchanges and applications is by checking for a Cryptocurrency Security Standard (CCSS), an open source set of requirements that helps standardize methodologies and help end-users make safe decisions and identify the best systems to use. The process is based on ten security aspects that determine an information system’s overall score within three levels of security. These levels are based on things such as secure key storage, key usage, key compromise policy, wallet creation, proof of reserve, and audit logs. An information system that passes a level I security has proven by audit that they protect their assets with strong security policies and procedures. On the other end, a level III pass has proved that they’ve exceeded enhanced levels of strictly enforced security policies consistently over an extended period of time
The CCSS ranks the security controls of crypto transactions and systems and organisations, but it does not account for the common standards and practices for improving the cybersecurity measures in place.
Organisations wanting to incorporate blockchain technology into their practices need to be aware of all the ways to prevent cyberattacks. File sanitization and safety is another step that can be taken to ensure there is no chance of malicious code running in the background. Businesses can stay ahead of the curve by implementing proactive cybersecurity measures like content disarm and reconstruction (CDR) technology. CDR works to eliminate file-based threats by scanning files and rebuilding them to a ‘known good’ industry standard. This helps to eliminate disruption often caused by traditional reactive cybersecurity solutions.
While the cryptocurrency market is fast-paced and quickly evolving, there are many risks associated with involving an unregulated threat vector. Organisations must be aware of how to best take precautions to ensure sensitive data is protected.