markn.ca
Archive 5 min read

Cryptocurrency & High Value Targets

Cryptocurrency is a digital asset. As such, it's a major target for cybercriminals. We've seen attack after attack in the past few months as exchanges, apps, and other players in the cryptocurrency market aren't aligning their security to the threats they face.

Cryptocurrency & High Value Targets

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Good morning everyone. How's it going today? I want to talk about uh in this episode, I want to talk about um cryptocurrencies and high value targets now, specifically um not Cryptocurrency uh for normal users, but for exchanges and applications because there's been a few um incidents over the last few months and they seem to be increasing in frequency where Cryptocurrency exchanges or Cryptocurrency um applications are under attack and Yeah, really?

Right. I mean, these are high value targets. Um These are uh normally um set up quickly operational security may not be necessarily one of the most critical aspects of the operation. Um And they're literally holding digital assets that could be worth millions. So a couple of weeks ago, an app called Taylor um had, I think it was just north of a million um equivalent us d um stolen uh in Cryptocurrency and Coin rail in South Korea last week got hit for about a third of their assets again into the millions.

So this is obviously happening because there's money to be made and we know that cyber criminals very much follow the money. Um The reason why the money is to be had why it's so simple, um, has to do with the sort of pseudo anonymous, um, nature of Cryptocurrency.

So it's not completely anonymous, but once you have, um, a stolen Cryptocurrency asset, it's far easier to move that asset than, um, something like a credit card. Right? Credit cards have a limited, um, lifetime as far as it goes for. Um, once the credit card number has been stolen, there's sort of this countdown timer um before it's no longer useful where the person realizes their number has been stolen, they report it in this is why we see in the digital Underground.

Um And in the Carter scenes that very much it's sort of the freshness of a be of credit cards, uh credit card numbers um determine their value when it comes to Cryptocurrency. Things get a little more nuanced and a little more complicated because of the unknown legal nature of cryptocurrencies in most countries.

Um And I'll link to a fantastic talk um for the Canadian perspective given by Anna Manley um out in Atlantic, Canada, she gave a fantastic example of walking through the legal nature of Cryptocurrency within Canada. And it's similar in other jurisdictions of whether it's a security, whether it's um property or whether it's actually a currency.

And while that doesn't seem like it's, um, you know, important. It absolutely is when it comes to the legal nature of these devices as well as the crimes for stealing them. And um prosecuting them and the focus that law enforcement will put on the theft of these kinds of assets.

Um Now, the challenge you get is because the cryptocurrencies are basically pseud anonymous. There's, you know, there are ways to track their usage um that they're far easier to move, right. So you can filter this out. Yes, you can trace it to the Blockchain, which is the advantage.

Um You can kind of watch that money flow. However, um figuring out um what's legitimate, what's illegitimate. Um and tracing that back is very, very difficult. So for cyber kernels, this is an extremely attractive target. Um Now, the the challenges as well is because uh the Cryptocurrency market is so hot, you'll notice I'm using Cryptocurrency, not crypto crypto is cryptography.

Cryptocurrency is the digital assets. Yeah. Little pet peeve again for me. Um But Cryptocurrency is such a hot market right now. There are so many uh initial coin offerings or IC Os going on um which is people spinning up new coins. Um There are so many exchanges that are helping people trade value between different coins.

Um uh and into traditional currencies. There is so much opportunity here, but that also means there's so many so much criminal opportunity because people are jumping at the chance to get on board with these various currencies. There is a sort of a feeling of haste.

There is this sort of rush to get out there and the challenge with that is that, that means some basic operational security and cybersecurity measures aren't being taken. And unfortunately, when it comes to this scenario, we a Cryptocurrency and as we know, security is very much a balance between the value of the asset and how much you're willing to pay to protect that asset.

Well, when the values are fluctuating in the Cryptocurrency market, it can be very difficult to figure out how much you want to spend on security to offset the risks because, you know, Bitcoin itself, you know, which is the most more stable of the cryptocurrencies. Um you know, wildly fluctuates by double digit percentage points on any given day.

Um You know, when it's at its most volatile, so it makes it very difficult to make reasonable security decisions. You're not going to sit there and say I'm going to spend $100 million in security to make sure that this is air tight and nobody will ever get into this exchange um when that exchange isn't making that amount of money.

So the challenge you get is a high value target and an unknown um valuation of the assets though, you know, they, they're potentially high, but then also the sort of market potential and it's a recipe for disaster as we've seen time and time again. Um In that cybercriminals are targeting these exchanges because they are vulnerable.

So the advice here is really um overvalue your asset and invest in security and that goes for the exchanges that goes for applications, but especially for personal use of cryptocurrencies at the end of the day, a Cryptocurrency is still just the digital file. Um There's cryptographic material there, but that means it's all existing in the digital ether.

That means it's easy for cybercriminals to get hold of just like it is for any other digital file. So if you're dealing in cryptocurrencies, ensure that you're practicing good operational security, you're backing them up securely, you're strong pass phrases. Um You're encrypting your drives at rest.

Um You're not um exposing things, needlessly, you're not, you know, hosting or saving all your Cryptocurrency also on a server exposed to the internet and this kind of thing, reduce your tax service and that goes doubly triply. Um you know, 10 times. So for uh cryptocurrencies because we're not going to see any reduction in attacks against these assets because they are really high value and whether they currently have value.

It's that speculative potential value that the Attackers are putting against these cryptocurrencies that defenders need to take into account. So you need to invest even more in your security and operational security, which includes not just products but people in process to ensure that you have a stable business.

You have a stable exchange that you have a stable part of the Cryptocurrency market. Um Interesting views today, I think uh hit me up online at markca in the comments down below are as always by email me@markn.ca. What do you think about Cryptocurrency and security?

Um What do you think about the privacy side? Does the nature of Cryptocurrency make it a more attractive target for cyber criminals? You know, cyber criminals are very active in the Cryptocurrency seen in that. We see that in ransomware where they pull in uh ransoms in Cryptocurrency.

What are your thoughts there? What are your experiences? Let me know. Um, let's keep the discussion going. I hope you're set up for a fantastic day. We'll see you tomorrow.

Share Tweet Share Share Email

Read next