Cyber Security in the Age of Digital Currency
October 2023 by SecurityHQ
Cryptocurrencies can be notoriously volatile. With prices fluctuating rapidly and without warning, a single tweet can shift a token price by 40%, only to see the price plummet in a matter of hours. While fluctuations are expected within crypto currency, you need to be able to spot the difference between what is a normal event, and what is a scam.
Disclaimer: SecurityHQ does not offer advice with regards to cryptocurrency. This blog is intended to highlight the cyber threats targeting the industry, and how to spot them.
Common Crypto Scams
Initial Coin Offering (ICO) Fraud and Investment Scams
These are falsely advertised crypto investments, often with fake testimonials and grand promises of industry disrupting cryptocurrencies. These come complete with a well-produced website and marketing strategy, only for any invested money to simply disappear among the supposed ’launch’ of the currency. These Ponzi schemes of the digital currency era are also known in the community as a ’rugpull’.
Giveaway Scams
Celebrities often do giveaways for worthless crypto tokens; many celebrities have often not been aware that this is a criminal offence.
Types of Blockchain Attacks
In a Sybil Attack, a malicious actor controls multiple fake identities and tries to manipulate the communication in a P2P Cryptocurrency network.
In a DDOS Attack, a malicious actor aims to slow down or halt a digital currency network by overloading it with many transactions, this typically targets newer and smaller networks, as opposed to major networks such as Ethereum or Binance’s BSC network.
51% Attack - If one person or group controls more than half of the nodes on a blockchain network, they can change the transactions however they want. They may even create falsified transactions and attempt to manipulate pricing.
PII Data at Risk
The requirement for cryptocurrency exchanges, to implement Know Your Customer (KYC) and Anti Money Laundering (AML) policies, has led to an increased need for the collection and storage of personal information. This information is often sensitive and can include Personally Identifiable Information (PII), including full passport details with associated financial information. This of course becomes not only a regulatory minefield but makes data breaches for crypto exchanges a major incident.
Third Party and Supply Chain Risks
Crypto Exchanges, like any business, rely on third party providers. This, of course, comes with the associated supply chain risks. Once this is coupled with the plethora of sensitive PII held by exchanges for the purposes of KYC and the inner workings of an exchange, Third Party Risk management, and managing data exposure to external parties, is an important consideration.
Ambiguous Regulations
The regulations covering Cryptocurrencies are scattered and lack a centralized solution. This has led to a breakdown in international co-operation when it comes to Cryptocurrency security and regulation.
EU: In the G7 Nations - The Financial Action Task Force (FATF), also known by its French name, Groupe d’action financière, is an intergovernmental organisation founded in 1989 on the initiative of the G7 to develop policies to combat money laundering and to maintain certain interest.
This regulation has been coupled with the ’Markets in Crypto-Assets’ Regulation (MiCA), which is a new EU regulation that could be used as the blueprint for other jurisdictions to follow when regulating crypto-asset related activities.
USA: The SEC and the Treasury in the USA, who have already sanctioned Crypto Exchanges in the past for Financing Terror Groups, faces further challenges when regulation is implemented at a state and federal level.
Global: The FCA in the UK, and many other regulatory bodies are watching the trends of these actions, attempting to draft their own crypto-asset regulations.
Next Steps
Managed Endpoint Protection (EPP) allows any threats targeting a large environment to be prevented and contained, mitigating any potential damage. While Vulnerability Management as a Service (VMaaS) can ensure your digital estate is protected and always hardened.
SecurityHQ’s holistic approach to cybersecurity means that we can assess, manage, and provide advice regarding Third Party Risk exposure. This ensures that supply chain compromise and data exposure is not an issue that you have to face. This is enriched by Threat and Risk Intelligence (TRI) to stay ahead of any potential issues and leverage Dark Web Intelligence.