CISO MAG got in touch with Amit Jaju, a Senior Managing Director with Ankura Consulting, to discuss these challenges.  It was startling to learn from Amit that global temperatures will increase by two degrees by 2024 due to crypto mining activities. You will be amazed to learn how much power is consumed for every cryptocurrency transaction when the blockchain ledgers are updated. Amit offered some suggestions for crypto exchanges during our discussion to protect user wallets. He also suggests what regulators and governments can do to protect consumers.

Amit leads the Data & Technology Segment at Ankura Consulting in India. He has over 17 years of experience in forensic technology consulting covering data analytics, cyber, e-discovery, software licensing, and information governance. He has created market-leading solutions around financial crime, cyber incident response, analytics, and software licensing and delivered engagements for global and Indian clients in over 20 countries. His experience spans multiple sectors, including Financial Services, Information Technology, Pharmaceuticals, and Media & Entertainment.

He has led many complex global data analytics engagements, including implementing and managing enterprise-wide fraud and AML monitoring solutions for banks and implementing terrorism monitoring over the internet for defense services. He has delivered sanctions diagnostics, and investigation engagements across Europe and the Middle East for large US sanctions matters and has developed a sanctions analytics platform to deliver end-to-end sanctions diagnostics and monitoring.

Before joining Ankura, Amit was a Senior Managing Director and India head for FTI Consulting, Partner with Ernst & Young for nine years as Head of Forensic Technology in India and Markets. He was responsible for setting up and leading Forensic Technology in EMEIA. Before EY, Amit was the Forensic Technology lead at KPMG in India for five years. Previous to joining the Big Four, Amit worked with a boutique information security consulting firm.

Edited excerpts from the interview follow:

We have seen a lot of illegal crypto mining activities around the world in countries like Iran, Venezuela, Malaysia, the UK, Kazakhstan, and the U.S. Tremendous computational power is required for Bitcoin mining, which even leads to power outages directly impacting electricity prices. Are there any studies to back this? What impact will this have on the environment and resources like power?

That is a very important point, and it is getting missed out in many conversations around crypto. I think this is one of the most important points on adopting  crypto and the blockchain itself. A few months ago, I made a LinkedIn post to initiate a conversation with my network on this aspect. One study said that just with crypto mining, the global temperature will shoot up by two degrees centigrade by 2024. That is two degrees in two years, and it is a significant increase.

A Cambridge Institute study says that around 0.5% of global electricity production could be utilized by crypto mining. That is roughly the annual energy utilization of small countries like Sweden or Malaysia. That is how bad it is. And when you look at carbon emission, we have some data points, but of course, it needs further verification. I see a trend in terms of where all the numbers are. So, just for larger countries where a lot of this mining is happening, for instance, in China, they say that 130 million metric tons of CO₂ is the net contribution.

I talked to a friend of mine running a carbon credit trading company. It is a listed company. I was surprised by the numbers he gave me. And very few know about these numbers. Look at it in terms of a single cryptocurrency transaction. You are running complex mathematical calculations to validate that transaction. This requires tremendous computational power, which consumes a lot of power. In terms of energy consumption, if you do a Bitcoin transaction, it uses the equivalent power to process two million standard credit card transactions. That is the energy it takes to watch up to 160,000 hours of YouTube videos. So, imagine YouTube servers running and consuming all that energy. You have to watch 160,000 hours of video for one Bitcoin transaction because you need certain numbers of confirmations to validate a transaction at the end of it. This transaction will replicate across all ledgers at the end of the day. So, by the time that replication happens, that is the amount of energy it will use. In simpler terms, it is equivalent to 70 days of the total energy that a typical U.S. household will consume for one Bitcoin transaction.

What impact could this have on the energy resources of a nation? How do governments address this?

I think we need to at least start talking about the problem. Awareness related to the environmental impact of cryptocurrency and crypto mining is not at the forefront. We need to discuss it, get different experts to provide their opinions, and formulate some policies. You must create a framework around it and involve the experts. For example, if you need to identify illegal crypto miners who use hundreds or thousands of machines for illegal crypto mining, you need to use data analytics for that. In Venezuela, for instance, they have a history of illegal miners, and because of this, they had a power crisis. So, they used data analytics to identify 100 miners and take legal action.

We need regulation and then analytics. I know India has a draft bill on cryptocurrencies. It will be interesting to see whether crypto mining is addressed in it — or is it just about trading cryptocurrencies, because mining itself is an important piece. This is especially true for India, where most of our power gets generated from non-renewable sources. Today, we are fast moving towards renewable sources. And I have seen that a lot of miners go towards colder regions. That is because less cooling is required, and it is a very thin margin kind of enterprise. So, if you can reduce your cooling bill, that is a lot of savings. It is generally concentrated towards colder regions of the world where they do that. I think governments need to proactively address this through various means.

Cryptocurrency Exchanges are the new attack targets for hackers. A recent example is BitMart, which lost approx. $150mn in cryptocurrency assets. Attackers had stolen a private key and compromised two of the exchange’s hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC), making off with approximately $150 million worth of assets; in a “large-scale security breach.”

What can the exchanges do to protect themselves and their users? What do users need to do to protect their Hot Wallets? Since these are not centrally regulated, what kind of legal provisions are in place to enable the exchanges to penalize attackers when they are traced? We have seen how the big exchanges were brought down completely, and some went out of business overnight. And that is the weak link; crypto exchanges do not make only trades, but they are quasi custodians of your wallet, and they have access to your wallet because your private key is stored with them. It is on the blockchain, though. It is impossible to offer 100% protection for exchanges, because cyber is an area where you always have to plan for contingencies.

But I am reading more about the zero-trust model, which I think is valuable for exchanges. It is often an insider attack, or the attack vector is within the company, which gets exploited. It could be an employee or vendor who has access to maintenance. Or perhaps a developer writing the code for the trading platform has intentionally created some backdoors. There are incidents where ransomware hackers pay employees a commission of up to 20% to run a file on the server. You can never rule out insider involvement.

To address this, you need to look at independent custodians; for our capital market exchanges, we have CDSL (Central Depository Services Limited) and NSDL (National Security Depository Limited) as independent custodians of our DMAT accounts. That is where our shares reside. So, these independent custodians will ask us for an OTP verification for the transaction – and not the exchanges. Similarly, we could have independent custodian firms as custodians of the wallets. There could be a model where the offline wallets are with the end customer. And the offline wallet could automatically sync with the exchanges. So, the exchanges are not keeping your coins or tokens.

The offline wallet (cold wallet) could be backed up to a USB pen drive, laptop, or phone. It could be on a piece of paper. You could print out certain words, and that is your coin. So having a tiered approach to storing these coins is more secure. On the other hand, having all your coins with the exchange is risky because they also have your private key.

So, to strengthen their defenses, a zero-trust model with independent custodians, plus a hybrid wallet model, also de-risks the exchanges. Of course, that will result in some disruption to their business models. For example, some exchanges deposit your coins for an annual percentage return. This may not be possible in such cases, but the risk is far higher for an exchange that has your wallets online with them (hot wallets).

Are you suggesting a mix of cold and hot wallets? What else could be done to ensure resiliency and minimize downtime due to code vulnerabilities being exploited?

Yes, hybrid wallets. You have the wallet at the exchange keeping the user data, but then it gets transferred T +1 or end of the day to the user’s wallet (cold wallet), which resides with them offline. Both cold and hot wallets could be used during a trading session.

I think trading platform resilience is very important. That is always the case, with capital market exchanges or crypto exchanges. Trading platforms are high-frequency platforms, so you have millions of texts transmitted in one second, resulting in an order getting placed. The coding of that must be robust to facilitate the performance. But at the same time, looking at it from a security perspective is very important. It is about making sure every source code or application developed is reviewed thoroughly by multiple parties. Changes should be tracked from a security perspective, not just a functionality perspective. If something goes down, they should revert to the older version to ensure that the exchange runs. Crypto exchanges run 24×7 unlike our captive market exchanges, which shut down in the afternoon or the evening. Market exchanges have time for maintenance and upgrades. But that is more difficult for crypto exchanges since they run 24×7. So, they must have backup environments. And it’s slightly complicated, but by ensuring that the trading platform is thoroughly checked, they can provide defenses to implement two-factor at every stage. And when you implement a zero-trust model, a lot of that gets addressed.

What do you see as the big trends coming in 2022? What are the opportunities that exist?

I closely monitor the developments around quantum computing. Some companies are very close to building a retail version of a quantum computer. Whenever such a computer is available, it will transform this space overnight.

I also look at the zero-trust model and how it is evolving because I think that is a very good model to address all the challenges we face with our existing perimeter security and access control model.

I am also looking at the personal data protection regulation and the new challenges and opportunities that it will create. Compliance is a challenge for corporations trying to protect their data assets. It is also about individuals knowing their privacy rights and options if that data gets stolen or compromised.

There are opportunities too. The multinationals will have to build an infrastructure within India to address all the data-related challenges within the country (data residency). There is a huge demand for workforce and technology components, which India can address because we have a lot of talent. But we must see how different sectors adopt it. We already see financial services adapting to data localization, even though some companies take longer. I am seeing this with other industries such as pharmaceutical and life sciences, from data privacy and data confidentiality perspectives. Here they will focus more on protecting their IP and their data within the country. I see the measures they must put in place because these companies also deal with sensitive personal information of many people.

Take hospitals, for instance. Many U.S. hospitals have been impacted by ransomware in the past two years because they have sensitive personal data. Hackers know that they will not benefit much if they attack a steel company. But hospitals have critical data on which they rely for their operations, so the risks are higher.

In terms of technologies, we will see more use cases for blockchain. It will be used for transmitting documents and maintaining integrity, which is crucial.

Cybersecurity and forensics will also use blockchain. If you have an evidence chain of custody logs, how do you maintain the integrity and authenticity of that data? This is most important when something goes wrong. The insider threat is an area where companies will not trust a user because they are employees. They have to look at a customer, a vendor, or an employee, and observe how they behave. Based on that, they will profile the person and then create rules and access controls around the person’s behavior. Machine learning will play a key role because it is a rule-based analysis, and it cannot be done manually. All of this will be machine learning-based with human input for authorization. We will see more use of machine learning and artificial intelligence in cybersecurity. This is a space to watch out for.

About the Interviewer

Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).

More stories from Brian

The post ‘Illegal Crypto Mining is a Huge Drain on a Nation’s Power Resources’ appeared first on CISO MAG | Cyber Security Magazine.

How Did the Intrusion Happen?

Crypto.com stated that it identified an unauthorized activity on its user accounts on January 17, 2022, where transactions were being approved without the 2FA authentication from the user side. The crypto platform suspended all withdrawals as a precautionary measure and launched an investigation to find additional details.

Mitigation

As a security measure, Crypto.com invalidated all customer 2FA tokens and asked its customers to re-login and set up their 2FA token to ensure only authorized users can log in. While the threat actors behind the intrusion are unknown, Crypto.com stated it will notify and compensate the affected customers.

Also Read: Lazarus Group Stole $400 M Worth of Cryptocurrencies in 2021

“Full audit of the entire infrastructure has been conducted internally, with a number of improvements being implemented to further harden the security posture. While Crypto.com already performs internal and external penetration tests, Crypto.com has immediately engaged with third-party security firms to perform additional security checks on our platform, as well as initiating additional threat intelligence services,” the release said.

What Crypto.com is Doing to Prevent Intrusions

Crypto.com has introduced the Worldwide Account Protection Program (WAPP) to provide additional protection and security for its users’ funds. It is said that WAPP is designed to protect user funds in cases where a third party gains unauthorized access to their account and withdraws funds without the user’s permission.

To qualify for the WAPP program, users must:

• Enable Multi-Factor Authentication (MFA) on all transaction types where MFA is currently available
• Set up an anti-phishing code at least 21 days before the reported unauthorized transaction
• Not be using jailbroken devices
• File a police report and provide a copy of it to Crypto.com
• Complete a questionnaire to support a forensic investigation

“The safety of our customers’ funds is our highest priority, and we are continually enhancing our Defense-in-Depth security and protection measures. While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, co-founder, and CEO of Crypto.com.

The post Crypto.com Suffers Unauthorized Activity Affecting 483 Users appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

What is Cryptomining?

Cryptocurrency mining or cryptomining is a process of validating cryptocurrency transactions, also called blocks. Cryptocurrencies like Bitcoin, Binance coin, Ethereum, Dash, Monero, etc., use distributed public ledgers to track all the crypto transactions linked to the previous transactions, forming a chain of recorded blocks called a blockchain.

Cryptomining is usually done via sophisticated hardware that solves complex mathematical equations. The first computer (miner) to solve the equation is rewarded with the next block of cryptocurrencies, and the process continues.

How Illicit Cryptomining Works

Anyone with a network of computers (crypto miners) and capable of solving complex mathematical problems can become a crypto miner. However, some crypto miners hire malicious botnets to mine cryptocurrency illicitly. Adversaries leverage malicious cryptomining techniques to compromise cryptocurrencies.  According to Akamai’s report, cybercriminals use several malware variants to infect personal and corporate servers for malicious cryptomining activities. The report stated that the access to fake crypto exchange phishing URLs increased over 500% between March 2020 and May 2021. Threat actors also leverage malicious crypto apps to trick users and steal crypto coins.

Targeting Crypto Wallets

Cryptocurrency hackers often target cryptocurrency exchanges and digital wallets by deploying malicious cryptomining techniques to infect targeted systems and mine crypto coins.

Also Read: How to Safeguard Your Cryptocurrency Wallet from Digital Exploits

A digital wallet (cryptocurrency wallet) allows users to store, transfer, and receive cryptocurrencies without intermediates. Digital wallets are categorized into two types – Hot wallets and Cold wallets. Hot wallets allow users to store, send, and receive digital coins linked with public and private keys that help facilitate transactions. Hot wallets are connected to the internet, making them vulnerable to cyberattacks and unauthorized intrusions. But, cold wallets are stored offline and do not connect to the internet. Therefore, they are not prone to cyberattacks.  Storing your private keys in a cold wallet, also known as a hardware wallet, is the most viable option as these come encrypted, keeping your keys secure.

How to Prevent Illicit Cryptomining  

Cryptocurrency attackers perform illegal cryptomining activities using two methods – Binary-based and Browser-based.

In Binary-based cryptomining, hackers use malicious mobile applications installed on the targeted devices to mine cryptocurrency. These malicious applications automatically download cryptomining botnets to procure digital currency.

In Browser-based mining activity, also known as cryptojacking, bad actors use malicious JavaScript, designed to mine cryptocurrency, embedded into a website. In cryptojacking, threat actors hijack a network of computers and exploit them to mine crypto coins.

How to Prevent Binary-based Cryptomining   

• Research on the app developers. Visit their official website and find their contact details.
• Always download apps from an official app store to reduce the risk.
• Read the terms and conditions carefully. Don’t download if you find anything suspicious.
• Read the reviews to know more about the app.
• Read the app permissions. Don’t install if the app asks for more permissions than required.

How to Prevent Browser-based Cryptomining   

• Frequently update critical systems along with malware intrusion detection software.
• Implement a BYOD (Bring Your Own Devices) at your company and make security awareness training mandatory for all employees.
• Use DNS filters, firewalls, and install the best web filtering tools.
• Install antivirus software and block pages that send cryptojacking mining scripts.
• Continuously monitor your enterprise’s computing resources, check CPU energy consumption, and ensure no cloud misconfigurations exist.

About the Author:

Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.       

More from the Rudra.

 

The post How Illicit Cryptomining Works, And How to Prevent It appeared first on CISO MAG | Cyber Security Magazine.

There has been a spate of incidents where ransomware has been demanded in the form of cryptocurrency by cybercriminals for ease of business operations. Incidents of rising ransomware attacks have been reflecting the low resilience of the critical network infrastructure and the vulnerabilities.

The statement was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States.

Per the White House statement, significant economic losses have been incurred globally due to the increased ransomware attacks. “Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.”

Ransomware is a world-wide threat leveraging global infrastructure – and no country can fight it alone. This week, the United States and dozens of nations aligned on common approaches to counter it together. 

— Jake Sullivan (@JakeSullivan46) October 14, 2021

The Counter-Ransomware Initiative

Governments of the 30 countries have realized the need for an immediate action plan and collective effort to tackle the risk of ransomware. Cybercriminals abuse the financial mechanism of countries and launder huge amounts through cryptocurrency mining, evading all kinds of surveillance.

The White House states, “We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities. We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and act against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts.  We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing.”

The need of the hour is to collectively look at the problem of exploitation of the digital asset platform and disrupt the machinery from further exploiting the platform. As policies and regulations vary from one jurisdiction to the other, this effort will help accelerate the investigation and prosecution of the criminals. The problem has been exacerbated as incidents of attack are treated in isolation.

“Ransomware criminal activity is often transnational in nature, and requires timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units. Such collaboration must be consistent with domestic legal requirements and may be pursued alongside diplomatic engagement so that malicious activity can be identified and addressed, and the actors responsible can be investigated and prosecuted.  Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same, in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations,” the White House said.

The post 30 Governments Join Hands to Suppress Ransomware Payment Channels appeared first on CISO MAG | Cyber Security Magazine.

The market had already suffered a major setback in April-May 2021 due to tightening regulations from China. China continues to intensify its ban and is imposing stricter policies for curbing the growing crypto market to safeguard its digital assets.

Millions of dollars were wiped off the market in a single day post the announcement as clients clamored for liquidation of their investments.

PBOC wreaks havoc across crypto market with recent ban on all crypto payments in China.
Today #NFT global volume decreased to 192 800 103,14 US$ and with recent China bans there is high probability of continuous downtrend. pic.twitter.com/Rdh6hKER2d

— CryptoMarketNFT (@CryptoMarketNFT) September 24, 2021

It has been reported that stringent regulations are being put in place as China is trying to develop its first-ever official digital currency.

Over a chat with CISO MAG, R “Ray” Wang, Founder, Chairman, & Principal Analyst of Constellation Research said, “The People’s Bank of China (PBOC) ban is really a reinforcement of an existing law from 4 years ago. China took the time to study the market in order to build their digital yuan and destabilize the dollar. Now they know they can build their own country backed crypto (CBC). They no longer need other cryptos and do not want money to flow out of the country.  They want to run their own belt and road metaverse economy.”

In a blog analysis Wang explained how the Metaverse Economy will grow with or without CCP China. He added, “China’s ban only delays the inevitable. The DeFi movement and cryptocurrencies demonstrate how and why individuals will conduct business outside of central banks. Moreover, the Metaverse economy is powered by cryptos. As adoption grows, a ban by China will eventually lead to digital isolation as citizens find workarounds for more efficient approaches.”

This is only the latest strongarm signal over crypto as China ramps up its efforts to launch a central bank digital currency.

In June, ahead of China’s 100th anniversary, the PBOC shut down mining and told banks to stay away from crypto.https://t.co/acUEqo2Hqv pic.twitter.com/34fXODMjwT

— CoinDesk (@CoinDesk) September 24, 2021

China has been issuing warnings against the usage of cryptocurrency since 2013 and had also announced a new cryptography law, effective January 1, 2020, designed to assist the development of the cryptography business and enhancing the security of cryptocurrency. This has resulted in Bitcoin miners fleeing China and large number of Investors opting for decentralized exchanges.

Nischal Shetty, Founder and CEO at WazirX + Crowdfire, said, “The global markets reacted with caution leading to a drop in Bitcoin and other crypto prices. However, the markets recovered quickly, and prices seem to have stabilized. Overall, this does impact the number of participants in crypto as China has a huge crypto population. It will be interesting to see how this ban plays out as crypto is a decentralized technology making the ban hard to implement. “

How effective this ban will be, is yet to be ascertained as globally the regulators are working on a positive note to make the crypto market mainstream.

The Chinese ban on trading #crypto had a negligible impact as the overall market cap recovers.

Several #DeFi tokens have been booming lately. A highlight would be #DYDX which gained 30% today.

Decentralized Exchanges could become alternatives for Chinese traders. pic.twitter.com/arPItR4Wr1

— Delta Investment Tracker (@get_delta) September 27, 2021

The post China Issues Stricter Ban on Cryptocurrency Activity – Global Markets Under Pressure appeared first on CISO MAG | Cyber Security Magazine.

Poly Network is a blockchain system that provides a platform for cross-chain interactive services. It allows authorized homogeneous and heterogeneous public blockchains to connect to Poly Network through an open, transparent admission mechanism and communicate with other blockchains.

Going by the name Mr. White Hat, the hacker stole approximately $600 million in bitcoins from the Poly platform and took control of the user assets. According to Twitter updates the company shared that, less than 48 hours into the hack, the stolen tokens were being returned.

The company first announced the breach on 10th August on its official twitter handle @PolyNetwork2

The post read:

Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s address.

Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker’s following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71

— Poly Network (@PolyNetwork2) August 10, 2021

Twitterati went into a flurry of activity and  #polynetworkhack was the most tweeted hack of the day.

The Poly Network Vulnerability

SlowMist Technology, a company focused on blockchain ecological security analyzed the hack in detail and shared the following:

1. At the center of the attack is the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract that can execute specific cross-chain transactions through the _executeCrossChainTx function.
2. Since the owner of the EthCrossChainData contract is the EthCrossChainManager contract, the EthCrossChainManager contract can modify the keeper of the contract by calling the putCurEpochConPubKeyBytes function of the EthCrossChainData contract.
3. The verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can perform user-specified cross-chain transactions by calling the _executeCrossChainTx function internally. So, the attacker only needs to pass in the carefully constructed data through the verifyHeaderAndExecuteTx function for the _executeCrossChainTx function to execute the call to the EthCrossChainData contract PutCurEpochConPubKeyBytes function to change the keeper role to the address specified attackers.
4. After replacing the address of the keeper role, the attacker can construct a transaction at will and withdraw any amount of funds from the contract.
5. Simply put, the hacker exploited a smart contract vulnerability that is used by the Poly Network platform to exchange crypto coins between blockchains. The hackers managed to strike gold in Ether, a type of bitcoin in addition to 12 different cryptocurrencies in their steal.

DeFi is an attractive platform for the crypto market and rapidly growing with increased acceptance. As the industry captures market share, it is a lucrative target for hackers at it is still in its nascent stage but operates with large financial volumes.

DeFi related hacks total $361 million

According to CipherTrace “Cryptocurrency Crime and Anti-Money Laundering Report, August 2021”, major crypto thefts, hacks, and frauds totaled $681 million by July 21. Revealing insights related to Decentralized Finance hacks and frauds the report pegged the market loss at $361 million, 76% of major hack volume in 2021.

Highlights

• By the end of July 2021, major crypto thefts, hacks, and frauds totaled $681 million
• At $361 million, DeFi-related hacks make up 76% of major hack volume in 2021
• By the end of July 2021, DeFi hacks have already increased more than 2.8X from 2020
• At $113 million, DeFi-related fraud makes up 53% of major fraud volume in 2021
• By the end of July 2021, DeFi fraud have already increased more than 2.7X from 2020

The cryptocurrency market is gaining wider acceptance and is becoming a platform of choice for businesses. The market is still unregularized and not matured. With absence of regulation the platform is vulnerable to security attacks as there is no legal accountability. These incidents are wake up calls where the transactions could have touched billions as touted by the hacker in a Q & A, shared by CipherTrace. As the business volumes spiral upwards so will the stolen assets.

The post Mr. White Hat Controls Poly Network’s User Assets for Fun! appeared first on CISO MAG | Cyber Security Magazine.

By Zachery S. Mitcham, MSA, CCISO, CSIH, VP and Chief Information Security Officer, SURGE Professional Services-Group

What is it?

Simply put, cryptojackers attack enterprise technological systems with the goal of leveraging their computer resources to launch cryptomining assaults on cryptocurrency firms. Graboid, PowerGhost, Badshell, MinerGate, and Prometei are all well know cryptojacking variants that intruders use to capitalize on the resources of the enterprise and personal systems with the intent of conducting cryptomining of popular cryptocurrencies.

How does it work?

Cybercriminals surreptitiously gain access into enterprise or personal computer systems and inject malicious computer code onto them. No systems are safe from cryptojacking. Cloud-based, file-based, and browser-based systems have all been known to have been affected by cryptojackers.  The method of choice used by the intruder to introduce the code onto a system is by way of phishing attacks in various forms.  Once the code’s payload is applied to the system it behaves similarly to a technological parasite, much like a tick on a dog or a leach on a host.  The injected code works in the system background undetected. The preferred code used by the intruder is usually a polymorphic, zero-day, advanced persistent malware deployed as a rootkit.

The intent of the code is not to harm the host, rather hijack its CPU resources in order to launch attacks on other computer systems particularly cryptocurrency targets. Cryptojackers view crypto mining of cryptocurrency as less risky than ransomware in that cryptocurrency firms do not have the same emotional public and law enforcement support as does traditional brick and mortar enterprises that directly affect their everyday lives as was the case with the ransomware attack on the colonial pipeline causing a major consumer panic.

How do I know If my system is affected?

The degraded performance of your system could be an indication that its resources are being used to conduct unwitting cybercriminal activities. Traditional methods used to detect common vulnerabilities such as antivirus protection and popular vulnerability scans are ineffective when it comes to detecting Cryptojacking malware.  Network monitoring tools are more effective in detecting Cryptojacking activities in that they reveal increased and unexplainable CPU usage that could possibly cause endpoint failure due to overheating as a result of the increase in usage. Utilizing various network monitoring tools such as Simple Network Management Protocol tools in tandem with Security Information and Event Management tools configured to detect changes within an enterprise technological network, servers and endpoints will be beneficial in the quest for discovering Cryptojacking within your organization.

How can I protect my system against cryptojackers?

1. Both non-governmental organizations (NGOs) and government organizations (GOs) can avoid becoming unwitting accessories to cybercrime by implementing the NIST 800-207 Zero Trust framework throughout their enterprise. The Zero trust framework focuses on three primary areas of enterprise computing operations:  the user, the device, and the application.  Computer systems at their inception were designed to be collaborative in nature and therefore did not focus much on security.  In 1988 that paradigm shifted with the introduction of the Morris Worm. Zero Trust now becomes the default, with the idea that the device, the user, and the application cannot be trusted, even when they have been vetted and confirmed as being a legitimate component of the enterprise’s network.  The user’s identity and authentication coupled with the authentication of the device and application access controls are the foundation of this model. Zero trust forces administrators to approach every component of their network as possibly being compromised and therefore require stringent policies and configurations that must be met in order to allow them to operate within its schema.  Network segmentation and sensitive data compartmentalization, irrespective of where the system computing occurs or resides, whether it be in the cloud, or on-premise, are treated in the same manner.  When all of these conditions are met then, and only then will the device, user, or application be allowed to operate freely within the network given audit trails and constant monitoring.
2. Information security awareness education and training are of paramount importance in combatting Cryptojacking. The enterprise must create a culture of security that is ubiquitous throughout the organization.  Everyone in the enterprise has a role to play in protecting the organization’s technological assets from the Board of Trustees, Senior Management to the frontline operational staff.  Again, this culture must be pervasive throughout the organization.
3. Newer endpoint protection products are now capable of detecting and isolating some of the most popular Cryptojacking variants. The enterprise must invest in outfitting its computer systems with robust endpoint protection.

The long and short of it is that cybercriminals do not have to comply with any rules, regulatory compliance mandates, or standards.  Their tactics to disrupt, destroy and manipulate organizations technological system operations are ever-evolving.  Therefore, the enterprise must be ever vigilant in the safeguard of their technological resources.

Stay alert! Stay Alive!

About the Author

Zachery S. Mitcham, MSA, CCISO, CSIH is the VP and Chief Information Security Officer at SURGE Professional Services-Group. He is a 20-year veteran of the United States Army where he retired as a Major. He earned his BBA in Business Administration from Mercer University Eugene W. Stetson School of Business and Economics. He also earned an MSA in Administration from Central Michigan University. Zachery graduated from the United States Army School of Information Technology where he earned a diploma with a concentration in systems automation. He completed a graduate studies professional development program earning a Strategic Management Graduate Certificate at Harvard University extension school. Mr. Mitcham holds several computer security certificates from various institutions of higher education to include Stanford, Villanova, Carnegie-Mellon Universities, and the University of Central Florida. He is certified as a Chief Information Security Officer by the EC-Council and a Certified Computer Security Incident Handler from the Software Engineering Institute at Carnegie Mellon University. Zachery received his Information Systems Security Management credentials as an Information Systems Security Officer from the Department of Defense Intelligence Information Systems Accreditations Course in Kaiserslautern, Germany.

Disclaimer

 CISO MAG does not endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. Views expressed in this article are personal.

The post How Cryptojacking and Cryptomining Assaults Work appeared first on CISO MAG | Cyber Security Magazine.

The study, which was conducted between October 2020 and May 2021, saw the researchers discretely analyze phishing and business email compromise (BEC) attacks. After monitoring the trends closely, it was observed that the volume of cryptocurrency-related attacks was associated with the rapidly rising price of Bitcoin. The price of Bitcoin increased nearly 400% during the observation period and saw a subsequent 192% increase in impersonation (i.e., phishing and BEC) attacks.

Until recently, the real-world usage of Bitcoins looked like a far-fetched dream. However, with companies embracing this digital payment option, cryptocurrency has now started gaining more value than expected.

As rightfully stated by Mandia, cryptocurrency has been traditionally used in ransomware attacks and was evident in the Colonial Pipeline attack or the JBS attack, where the companies were asked to pay millions of dollars in Bitcoin as ransom. Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific said, “You don’t need to be a technical genius to launch a ransomware attack. Ransomware-as-a-service — where you can hire a group to carry out an attack for you — is flourishing on the dark web, making ransomware more accessible to criminals, and driving an increasing number of attacks.”

However, Barracuda’s study reveals that cybercriminals are now not just using cryptocurrency for ransomware attacks but are also pivoting towards newer attack vectors. This includes spear phishing, impersonation, and BEC attacks. Cybercriminals are using malicious tactics like sending fake security alerts to steal Bitcoin login credentials, targeting employees with personalized emails, and even tricking users into purchasing or donating cryptocurrency to fake charities.

Another key trend that Barracuda’s researchers observed was that, with every passing year, there has been a spike in both ransomware attacks and the ransom amounts. In 2019, the ransom demand ranged from a few thousand dollars to $2 million, but by mid-2021, the demand reached the ceiling at $20 million.

As a note of caution, Lukie suggested, “Staying on top of the latest trends in email attacks and providing employees with security awareness training to identify and avoid attacks, as the highest priority when it comes to protecting against these kinds of attacks. While making sure you have watertight security solutions in place that provide bot mitigation, DDoS protection, API security, and credential stuffing to secure web applications against ransomware, backing-up data to minimize downtime, data loss, and get your systems restored quickly following an attack, is also necessary and give you peace of mind.”

Related News:

Most Phishing Emails Originate from Eastern Europe: Barracuda

The post Bitcoin Craze Gives Rise to the Cryptocurrency-based Cyberattacks: Report appeared first on CISO MAG | Cyber Security Magazine.

How did it happen?

EXMO claimed that threat actors targeted the exchange with $75 million in trading volume by overloading the system with numerous unwanted traffic from multiple malicious servers. The incident affected the servers of the exchange, which are now temporarily unavailable. The volume on the exchange platform has fallen 4.9% after the attack.

Important: DDoS attack on EXMO
Please note the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.
We are solving this issue right now. Please stay tuned.

— EXMO (@Exmo_Com) February 15, 2021

The attack comes two months after EXMO reported that unknown attackers stole $10.5 million in Bitcoin, Ether, Bitcoin Cash, Tether, and Zcash cryptocurrencies.

DDoS Attacks Turn Weaponized

In DDoS attacks, cybercriminals make a targeted system or service unavailable to its users by flooding with unwanted incoming traffic from different sources. They leverage various compromised computer systems and connected sources like IoT devices as sources of attack traffic.

Several industry experts stressed that DDoS attacks have evolved into weaponized instruments used to disseminate ransomware, as well as to launch disruptive attacks against their targets.

Recently, the New Zealand stock exchange NZX Ltd. went offline for three days in a row due to a blow of successive cyberattacks. In a security alert, the bourse operator said that initially it had been hit by a DDoS attack on August 25, 2020, from offshore, via its network service provider. The attack impacted the exchange’s network connectivity systems, including NZX websites and the markets announcement platform.

The post U.K’s Crypto Exchange EXMO Halted Operations After DDoS Attack appeared first on CISO MAG | Cyber Security Magazine.

Why Bitcoins are Being Cashed

The Bitcoin price which was at $20,000 per coin has soared to a record high of $36,000 in a months’ time. This skyrocketing is not new because if the price has soared by 92% in the last one month, overall, it has boomed by 340% in a year. This all-time high has pepped the bitcoin owners to sell their bitcoins and savor their riches. However, a New York Times report shows that 20% of the cryptocurrency owners have either lost their passwords or have their wallets stranded. This means they now own a fortune but still cannot enjoy the riches.

Related News:

PII of Thousands of Users Exposed in Multi-Stage Bitcoin Scam

The Last Two Chances to Guess the Password

According to the NYT report, Thomas has stored the private key to his wallet in a small IronKey hard drive. This piece of hardware is protected by a password which allows the user to make only 10 possible attempts at getting the password right. However, if the user fails to enter the correct password on the 10^th attempt then it seizes and encrypts the contents in the drive forever. Thomas has already used eight of his 10 attempts formulating his most utilized passwords, but with zero success.

A dejected Thomas says,

I would just lay in bed and think about it. Then I would go to the computer with some new strategy, and it wouldn’t work, and I would be desperate again.

The rise in the number of cases though has prompted a new booming business solution altogether, that of Bitcoin Wallet Recovery Services. But will they really be able to duplicate the key to these treasure chests? Only time will tell.

Related News:

How to Safeguard Your Cryptocurrency Wallet from Digital Exploits

The post $220 Million Riding on the Last Two Chances of Guessing a Password appeared first on CISO MAG | Cyber Security Magazine.