New Cybersecurity Threats for the Crypto Industry

New-Cybersecurity-Threats-for-Crypto-Industry

Blockchain-based cryptocurrencies and financial systems are supposed to be inherently more secure than traditional fiat currencies, thanks to their decentralized nature, proof-of-work concept, and the immense amount of computing power need to bypass both the encryption and alter enough nodes to compromise the system.

While that might be true from a technical standpoint, that doesn’t mean that cryptocurrencies and blockchain-based technologies are completely isolated from cyber threats. In fact, these technologies suffer from their own inherent vulnerabilities, just like all other technologies of the day.

Hacks involving crypto exchanges, for example, have led to losses of over $534 million in a single hack. In total, billions have been lost to cyber criminals targeting crypto platforms.

With the increasing sophistication of cybersecurity threats and the more widespread awareness and usage of crypto systems, it’s time that we take an honest and comprehensive look at these threats, and consider and implement mitigating security measures to protect them.

As it turns out, the human factor is an ever-present source of vulnerabilities and potential exploits. The crypto industry is no different.

While the blockchain itself may be nearly impossible to compromise with the resources cyber attackers have today, blockchain-related endpoints like exchanges, wallets, brokerage, and, most critically, its users.

 

As this is still a very new field, many individuals and businesses alike are simply unaware of the various cybersecurity concerns surrounding crypto and how to protect themselves. LIFARS cyber security and risk advisory consultants offers the technical capability to develop advisories and mitigations on evolving cybersecurity threats.

 

ElectroRAT

A RAT (or, remote access trojan) is a common type of malware used to infect and compromise computer systems. Typically, it tricks unsuspecting users to download malicious files through phishing, spoofing, third-party content injection, or other means.

Just like its mythic counterpart, a Trojan lies in wait on the target system, hoping to log keystrokes, take screenshots, or gather other information useful for compromising the user’s accounts or even provide computer access. It then exfiltrates this information back to its attackers.

In January of 2021, ElectroRAT started to spread rapidly among crypto users. The trojan was packaged in files posing as cryptocurrency trading platform software as well as a poker app that accepts cryptocurrencies. Its creators even made three versions of the software, targeting Windows, macOS, and Linux machines, respectively.

One aspect that set this attack apart was the effort and time cybercriminals put into social engineering tactics to convince users to download and use the compromised software. From creating legitimate-looking websites to paying crypto influencers to promote their “software” to building an entire and convincing “brand” surrounding the supposed crypto platforms.

How to keep your crypto assets safe?

While ElectroRAT might be a specific example of how the hype surrounding crypto has been hijacked by cybercriminals for their own means, it’s by no means isolated. Cybercriminals are nothing if not adaptable. Where technologies may block off any avenues for attack, they won’t hesitate to exploit the human element.

Just some other threats include Chrome extensions that steal crypto keys and cryptojacking.

Hacks involving crypto exchanges have seen hundreds of millions of dollars disappear. In most cases, this involved hacking the less secure “hot wallets” used by these platforms, obtaining user credentials, a lack of coding security, or compromised employees.

As you can see, the “human element” is heavily represented. The best way to secure your crypto assets is to educate yourself and your employees about common phishing or social engineering techniques as well as the dangers of using these platforms. You should also use strong password practices in combination with MFA and other various verification procedures that responsible crypto exchanges and brokerages employ.

 

 

Sources:

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry