Cryptocurrency, most notably Bitcoin, has become increasingly popular and valuable in recent years and with it have come a number of associated security risks, according to a pair of security experts speaking at the 2021 RSA Conference on May 19.
Kenneth Geers, external communications analyst at Very Good Security, used the first part of the presentation to explain the history of money and why the US dollar has emerged as the world's dominant reserve currency.
"Good money is scarce, authentic, durable, portable and stable," Geers said. "If digital currency is to survive, thrive and reach its potential, it should have the exact same traits."
Risks from Mining Cryptocurrency
Cryptocurrencies like Bitcoin are generated by a process known as mining.
Kathy Wang, CISO at Very Good Security, explained that essentially what miners are doing is trying to be the first to come up with a solution to a puzzle. That puzzle is a cryptographic hashing algorithm that a computer system, the miner, is trying to solve. Cryptocurrency mining today requires vast amounts of computing power, which has led to different types of cybersecurity risks.
Miners are very resourceful, they're very financially motivated, and some of them are attacking and compromising internet-facing computers to gain control of large numbers of resources to conduct mining activities.
Kathy Wang
One risk comes from miners that attempt to abuse free resources on the internet provided by cloud and application service providers. Wang explained that what the miners might do is create many free accounts on these cloud infrastructures and get a good deal of computing power, at the expense of the service provider. She noted that such activity is considered to be against the terms of service, but the activity still needs to actually be identified so it can be stopped.
"Blocking crypto-mining activity, just like any detection work, is very much an arms race," Wang said.
She noted that detecting indicators of crypto-mining activity can include conducting analysis of DNS traffic or monitoring for specific streams or patterns in network packets. As defenders are trying to identify the crypto-mining activity, she warned, the miners are also reacting to that activity and are working hard to avoid being detected.
Another risk Wang spoke about is cryptojacking.
"Miners are very resourceful, they're very financially motivated, and some of them are attacking and compromising internet-facing computers to gain control of large numbers of resources to conduct mining activities," Wang said.
Among the ways that cryptojacking is executed is with malware, such as WannaMine, which users are somehow tricked into installing by malicious sites.
Cryptocurrency Wallets Under Attack
Wang emphasized that the security pillars of confidentiality, integrity and availability all apply to cryptocurrency as well.
One of the key points of attack in the cryptocurrency world is what are known as cryptocurrency wallets. These are typically software-based vaults or "wallets" where users store the private cryptographic keys for the cryptocurrency they hold.
"If you get access to a cryptocurrency wallet, you effectively own the currency," Wang said.
Attackers have been going after cryptocurrency wallets in different ways. One approach cited by Wang is with the ElectroRAT malware that is able to take over vulnerable wallets. Wang explained that the malware is placed on cryptocurrency forums in ads and in posts that entice users to click and download a particular app to help them get more Bitcoin. Ironically, once they install the app, the only one who gets more Bitcoin is the attacker.
"It was able to evade signature-based malware-detection capabilities for quite some time because it was written from scratch," Wang said.
Zero Trust for Crypto
One of the ways that users can protect themselves from the risk of an account takeover is by using a zero trust approach.
With zero trust, access is very restricted to only provide the bare minimum permissions. For example, Wang said that access to a cryptocurrency wallet could be restricted to only a specific user utilizing a specific device. Additionally, implementing multi-factor authentication schemes can help to further secure access.
While cryptocurrency's popularity is growing, Geers said in the near term it's unlikely that Bitcoin will challenge the US dollar. The future, however, is less certain.
"The security risks have to be better understood and addressed, and the speed in the payment system needs to be faster," Geers said. "So it will take time, but over the long term there will be plenty of interest in cryptocurrency."
Kenneth Geers, external communications analyst at Very Good Security, used the first part of the presentation to explain the history of money and why the US dollar has emerged as the world's dominant reserve currency.
"Good money is scarce, authentic, durable, portable and stable," Geers said. "If digital currency is to survive, thrive and reach its potential, it should have the exact same traits."
Risks from Mining Cryptocurrency
Cryptocurrencies like Bitcoin are generated by a process known as mining.
Kathy Wang, CISO at Very Good Security, explained that essentially what miners are doing is trying to be the first to come up with a solution to a puzzle. That puzzle is a cryptographic hashing algorithm that a computer system, the miner, is trying to solve. Cryptocurrency mining today requires vast amounts of computing power, which has led to different types of cybersecurity risks.
Miners are very resourceful, they're very financially motivated, and some of them are attacking and compromising internet-facing computers to gain control of large numbers of resources to conduct mining activities.
Kathy Wang
One risk comes from miners that attempt to abuse free resources on the internet provided by cloud and application service providers. Wang explained that what the miners might do is create many free accounts on these cloud infrastructures and get a good deal of computing power, at the expense of the service provider. She noted that such activity is considered to be against the terms of service, but the activity still needs to actually be identified so it can be stopped.
"Blocking crypto-mining activity, just like any detection work, is very much an arms race," Wang said.
She noted that detecting indicators of crypto-mining activity can include conducting analysis of DNS traffic or monitoring for specific streams or patterns in network packets. As defenders are trying to identify the crypto-mining activity, she warned, the miners are also reacting to that activity and are working hard to avoid being detected.
Another risk Wang spoke about is cryptojacking.
"Miners are very resourceful, they're very financially motivated, and some of them are attacking and compromising internet-facing computers to gain control of large numbers of resources to conduct mining activities," Wang said.
Among the ways that cryptojacking is executed is with malware, such as WannaMine, which users are somehow tricked into installing by malicious sites.
Cryptocurrency Wallets Under Attack
Wang emphasized that the security pillars of confidentiality, integrity and availability all apply to cryptocurrency as well.
One of the key points of attack in the cryptocurrency world is what are known as cryptocurrency wallets. These are typically software-based vaults or "wallets" where users store the private cryptographic keys for the cryptocurrency they hold.
"If you get access to a cryptocurrency wallet, you effectively own the currency," Wang said.
Attackers have been going after cryptocurrency wallets in different ways. One approach cited by Wang is with the ElectroRAT malware that is able to take over vulnerable wallets. Wang explained that the malware is placed on cryptocurrency forums in ads and in posts that entice users to click and download a particular app to help them get more Bitcoin. Ironically, once they install the app, the only one who gets more Bitcoin is the attacker.
"It was able to evade signature-based malware-detection capabilities for quite some time because it was written from scratch," Wang said.
Zero Trust for Crypto
One of the ways that users can protect themselves from the risk of an account takeover is by using a zero trust approach.
With zero trust, access is very restricted to only provide the bare minimum permissions. For example, Wang said that access to a cryptocurrency wallet could be restricted to only a specific user utilizing a specific device. Additionally, implementing multi-factor authentication schemes can help to further secure access.
While cryptocurrency's popularity is growing, Geers said in the near term it's unlikely that Bitcoin will challenge the US dollar. The future, however, is less certain.
"The security risks have to be better understood and addressed, and the speed in the payment system needs to be faster," Geers said. "So it will take time, but over the long term there will be plenty of interest in cryptocurrency."