The Growing Risks of Cryptocurrencies for Businesses

2

Cryptocurrencies are catching on with investors and traders based on their rapidly rising values, although digital currency markets remain quite volatile due to wide fluctuations in valuations, both up and down.

However, such wild price swings are not the only risks for businesses. Bitcoin is the best known cryptocurrency, but there are many others including Ethereum, Ripple and Litecoin. In June, Seoul-based Bithumb reported that almost $32 million worth of cyber cash had been stolen from its cryptocurrency platform overnight after an employee’s PC had been hacked.

All cryptocurrencies involve decentralized systems of exchange that rely on advanced cryptography for security. In this way, a mathematical equation requires high processing power to be solved, and the solved result becomes a hash which in turn serves as the currency for exchanges.

A public key – much like an extended ID number – is used to identify the ownership of Bitcoins. Users can mask their personal identities through the trading platform. All that’s needed to conduct an exchange is someone’s Bitcoin address, or a version of the so-called public key which is easier to read and type. Another chunk of the address is a user’s private key which is used to control the digital currency’s ownership.

If hackers can get access to the private key, they can transfer ownership to their own accounts, and this type of theft poses real risks for businesses that deal in digital currencies.

Many people wrongly assume that digital currencies are somehow more secure than regular financial transactions, but in fact cryptocurreny can pose greater risks because no authorized oversight bodies exist to regulate these digital financial transactions.

Initially, we saw threats involving malware activists or hackers who were able to install ransomware on the systems that encrypt a user’s file, then they would demand payments for the decryption. Now we are seeing more cases of activists simply telling users to transfer funds directly into their Bitcoin accounts. The bad guys are protected due to the privacy of cryptocurrency identities, which cannot be traced.

Malware activists have even switched targets from hacking a user’s system to access funds or data to simply planting cryptominers on a larger scale. With cryptojacking, resourceful criminals can tap into a user’s computing resources without IT managers becoming aware, mining digital currency while leaving the IT network with less available processing power. Hence, large networks of corporate servers and cloud servers with almost unlimited computing resources present an ideal target for these illegal cryptominers.

In one example, a computer system could become infected by what’s known as Ngay’s Monero miner. If you notice that your system is working slower than expected, open Windows Task Manager and see if “notepad.exe” process is utilizing 100% CPU – despite the fact you are not using Notepad. If that is the case, then your system is likely infected from Ngay’s Monero miner.

None of this is good for midsize businesses and large enterprises. In some attacks in which a server is hacked via a miner, it will consume so much processing power that it can appear to be a distributed denial of service (DDoS) attack. In addition to stealing digital currencies, the hackers are also racking up huge costs by gobbling up the business’s processing power.

Companies should also be careful as more machines get added to their networks, creating more targets for entry. Once a single machine gets infected with malware, it can spread quickly throughout the network to infect other nodes.

Some of the most popular malware miners these days include Coinhive, Cryptoloot, JSEcoin and Rig EK. Rig EK is an exploit kit that carries malware which can bypass anti-virus protections. It can carry either ransomware or malicious miners that are very hard to remove. Android devices are also increasingly being targeted by cryptojackers.

Another way to become infected is by unwittingly downloading a malicious file. The threat actors often imitate executable files that seem legitimate. Then the system may become infected without the user even realizing it.

In this case, the best protection is to install a browser extension that can protect against the injection of crypto-miner code. Some extensions that prevent unwanted intrusions include No Coin, Mining Blocker and Minerblock.

That false sense of security poses a growing security threat because it lulls people into taking the wrong actions that play directly into the hackers’ plans. While some of these attacks harvest Bitcoins from a victim’s account, others simply con the victim into giving their Bitcoins to the thief. Security teams should be vigilant to guard against this problem for network users who may unconsciously introduce crypto-miners into their company computers by mistake.

Share.

About Author

Atif Mushtaq is founder and CEO of SlashNext, which is pioneering a new, more effective way of protecting companies from the growing problem of Web-based phishing. Atif is the visionary behind SlashNext's innovative approach that employs cloud-based session emulation and phishing detection technology to uncover threats. Prior to founding SlashNext, Atif spent nine years at FireEye as a senior scientist, where he was one of the main architects of FireEye’s core malware detection technology. He has spent most of his career on the front lines of the war against cybercrime, working with law enforcement and other global organizations to take down some of the world’s biggest malware networks including Rustock, Srizbi, Pushdo and Grum botnets.