Danny Lopez, CEO at Glasswall, explains the importance of securing cryptocurrency, and how digital currencies and cyber security are connected
The cryptocurrency market has sky-rocketed over the past couple of years. Although the market can dramatically fluctuate, an estimated 106 million people worldwide now use cryptocurrency exchanges. Created 13 years ago, the first cryptocurrency, Bitcoin, was relatively unheard of for the first years of its existence, only used by a small group who sought to retain a level of transactional anonymity. The second cryptocurrency was not created until two years later, but as of January 2022, there are over 8,000 different cryptocurrencies.
Some of the UK’s biggest retailers now accept payment in cryptocurrency, including Microsoft, Dell and Lush Cosmetics. Many other household names – although they don’t accept payments directly – allow customers to buy gift cards with cryptocurrencies, such as Amazon, Wagamama, Spotify and Uber. With the ability to self-manage and transfer funds with ease, it is unsurprising that its popularity has soared in recent years.
Cyber security warning
Yet, as more people invest and businesses establish it as a payment method, cryptocurrency is increasingly becoming a tool for cyber criminals. There is already evidence of this: Bitcoin now accounts for around 98% of ransom payments. Cyber criminals often deploy ransomware attacks by running code to encrypt data and then demanding payment in the form of cryptocurrency to release it. As identities can be hidden in Bitcoin wallets, it is the obvious choice for cyber criminals to get what they want and remain anonymous. For example, in July 2021, ransomware group REvil demanded £50.5 million in Bitcoin from IT firm Kaseya, in return for their files to be unlocked.
Whilst cyber criminals are using cryptocurrency to remain anonymous, they are also taking advantage of the vulnerabilities and unsecured areas of these new and fast-developing technologies. By stealing the account keys of crypto wallets, cyber criminals can permanently lock users out, gaining access to entire investments. For this reason, it’s crucial that crypto accounts are treated with the utmost caution.
Cryptojacking is one of the most common ways that cyber criminals access users’ accounts. This is the practice of hijacking a computer to mine cryptocurrencies without the user’s knowledge. Usually, no personal information is stolen whilst the code is running to avoid detection for a long period, in which time a cyber criminal can make a significant amount of money.
Another way cyber criminals utilise cryptojacking is through the cloud. ‘Cloud cryptojacking’ occurs when hackers steal an organisation’s credentials to gain access to their cloud environment where they run their cryptojacking code, rather than on a local device.
How cryptocurrency wallets can be safeguarded through biometrics
Stay one step ahead
With cryptocurrency here to stay for the long-term, it is important to balance the possible cyber security risks with the opportunities they offer. Crypto users should be mindful of the risks and can take steps to protect their investment from falling into the wrong hands. Here are five top tips to keep your money and computer systems safe:
- Know the cyber security basics: As many cyber criminals use techniques, such as phishing emails, to gain access to user accounts, ensuring that you and your employees are focused on cyber security is the best and easiest way to start. For instance, being able to identify dangerous messages and avoiding potential malicious links is a solid step towards denying cyber criminals access to your company’s computer system and crypto wallets.
- Prioritise password protection: To deny cyber criminals the ability to engage in cryptojacking, it is important that organisations should combine effective password management with multi-factor authentication to prevent unauthorised access. This will significantly reduce the possibility of cyber criminals gaining access to cloud environments and IT assets.
- Keep your eyes open: Cryptojacking takes place in the background and can often go undetected for long periods of time. The best and easiest way to quickly identify if cyber criminals have infiltrated your system is through constant monitoring. Network monitoring tools can also aid in monitoring systems and send alerts if suspicious activities are spotted.
- Consult the CCSS: The Cryptocurrency Security Standard (CCSS) lays out an open source set of requirements to standardise the techniques and methodologies used by cryptocurrency systems across the globe. The process includes 10 security aspects – including wallet creation, key storage, key usage and data sanitisation policy – and scores them across three levels. Security considered ‘level one’ proves that assets are protected with strong policies and procedures whilst those deemed ‘level three’ exceed security expectations and provide strictly enforced policies. Users should consult the CCSS to identify the best cryptocurrency systems to use and keep their currency safe.
- Stay ahead of the curve with CDR: Businesses using cryptocurrency can adopt file sanitisation to ensure there is no chance of malicious code running in the background. Proactive cyber security solutions, such as content disarm and reconstruction (CDR), help organisations to be one step ahead of cyber criminals. CDR ensures that no malicious malware is present within a file by scanning it and re-building it to the known good manufacturer’s specification.
2022 cyber surge of ransomware
Although the fast-paced and quickly evolving nature of the cryptocurrency market can be daunting for any investor or organisation using this for the first time, there is a significant opportunity to reap many benefits that could far outweigh the uncertainties. As with any new and unregulated market, there are risks to acknowledge and it is essential to take the right precautions to protect crypto investments and prevent IT systems from being exploited. A smart mindset is to remember that, while cyber criminals look for lucrative rewards, legitimate investors can also be hugely successful.