Crypto-Mining Cyber Attacks Continue to Be the Weakest Link in the Cryptocurrency Ecosystem

Colleagues, following high profile cyber security breaches against CoinSecure and CoinCheck earlier this year, crypto-mining attacks have skyrocketed in 2018 representing a plague on the global crypto ecosystem. In its Mid-Year 2018 Security Report TrendMicro states “We also detected a significant number of new cryptocurrency miner malware families, showing that cybercriminals remained keenly interested in profiting from digital currencies.” The Necurs exploit kit, CVE-2017-10271 via port 7001/TCP and Web miner script in AOL ad platform are some of the more notable cyber security used by crypto-miner attackers. Moreover, while cyber-attacks related to crypto mining far outpace other types of attacks, direct attacks against crypto exchanges are on the rise. Where does this leave the integrity of the global cryptosphere? Bottom line: The nature and rise in these attacks will continue to hinder the mass adoption of cryptocurrencies around the world. While far easier said than done, cryptosphere security needs to take a quantum step forward to gain and maintain a proactive advantage over the crypto threat juggernaut. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

NASAA Regulators Zero In on Securities Fraud – What is the Impact of Operation Cryptosweep?

Colleagues, Operation Cryptosweep (aka “OC”) is a joint effort of regulators from the US, Mexico, Puerto Rico, Canada and the US Virgin Islands targeting unregistered ICOs and related securities fraud. Overseeing OC is The North American Securities Administrators Association (NASAA). At is core is the US SEC’s Cyber Taskforce which was launched in September 2017. To date OC has led to some 200 crypto-related investigations. Bottom line: While we support the appropriate regulation of the cryptosphere the question of OC’s effectiveness is more than valid. Noteworthy exceptions to the list of member states are Caribbean nations known for money laundering and non-transparent offshore bank accounts. Antigua and the Cayman Islands are top of mind. Bottom line: The OC will have a positive effect on reducing crypto-related securities and ICO fraud, however, further attention needs to be given to other countries known for their nefarious roles in the broader crypto economy. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Will Iran’s State-Backed Cryptocurrency Enable the Country to Evade US Economic Sanctions?

Colleagues, Iran has taken a major step toward the creation of a state-backed cryptocurrency. The primary goal of this effort is assumed to be the country’s circumvention of new US economic sanctions in the wake of US President Trump revoking support of the Iran nuclear arms accord in May 2018. Work on a national cryptocurrency dates back to late 2017 when the US President re-affirmed his campaign promise to revoke the accord and re-impose stiff trade sanctions. This initiative has the backing of Iranian President Hassan Rouhani and is led by their National Cyberspace Center. Back in January 2018 the US Treasury issued a severe warning against Iran’s use of cyber warfare and development of a cryptocurrency for this very reason. Bottom line: Iran, Russia and Venezuela has announced plans to develop digital currencies for the purpose of evading Western (aka US) trade sanctions. Transaction “transparency” is a vital factors in whether their efforts will be successful at essential protecting nefarious money laundering activities. We assume the currencies which be intentionally designed to avoid detection by the US and its allies. Details to follow in the coming months.

Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Will social media-based payment tools allow for “secure” cryptocurrency transactions and fundraising?

Colleagues, Google Pay, Alipay, WeChat Pay and Facebook Payments are among the most popular tools for online payments, money transfers and fundraising. Each tool is confronted with the dilemma of whether to accept cryptocurrency transactions. The Chinese Banking Regulatory Commission and the People’s Bank of China have release strong warnings against the so-called “crypto payments model”. In the US Google Pay and Facebook Payments are faced with similar challenges. They are global platforms and what is acceptable in one country or region may be prohibited elsewhere. The potential security risks are numerous – exchange fraud, money laundering, lack of transaction transparency along with the fundamental integrity of many second and third tier cryptocurrencies are bona fide concerns among government regulators, platform vendors and users alike. There is no “one size fits all” solution. Bottom line: We see marriage of online payment tools and cryptocurrencies as yet another ‘test’ as cryptos seek mass market adoption. Like other crypto related challenges we do believe that in time such issues will be resolved … although for now no one knows the precise solution. Share your thoughts today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/) 

How can Blockchain be used to secure digital documents and transactions in the public sector?

Colleagues, with good intensions the Japanese, Chinese, American and British governments are exploring the use of Blockchain to securely maintain and transmit documents containing sensitive information about their citizens. The latest example of the UK’ Ministry of Justice assessment of Blockchain for protecting its repository of digital forms of evidence. In the US Blockchain represents a means of securely processing records for Social Security, Medicare and other entitlement programs. Noble endeavors indeed. Nevertheless, the obvious dilemma is that such data and documents needed for smooth government processes will only be as secure as the Blockchains used to manage them. Protecting cryptographic keys remains a top concern. Using hardware security modules (HSMs) and trusted computers in place of digital wallets and as Blockchain nodes will give security-conscious users and organizations greater confidence. As reported by McKinsey and Company recent breaches of crypto exchanges clearly indicate that Blockchain participants and their access to the Blockchain represent a security weakness that must be addressed before the technology. Bottom line: As we have previously reported Blockchain adoption will be directly correlated to the level of both perceived and actual security. Such security is likely to increase as the technology matures. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

What would be the impact of securing the Siacoin Distributed Storage Protocol have on Crypto Mining?

Colleagues, the global cryptosphere is rigorously debating the security of the Siacoin Distributed Storage Protocol (aka the Siacoin Blockchain). More security translates into higher trust and integrity of the platform … right? The answer depends on which segment of the crypto ecosystem you ask. The new security code would fork Siacoin and in turn disabling mining products offered by Bitmain and Innosilicon. At press time we are waiting for Nvidia and AMD to weigh-in on this matter. Both companies have seen demand for their mining ASICs slow during H1 2018. So what is the end goal? Some would say driving increased capacity around the world to create a data storage marketplace that is more reliable and lower cost than traditional cloud storage providers. Our view is that this inevitable debate represents just one more growing pain as cryptocurrencies and their underlying Blockchains mature. The issue will get resolved and yes there will be winners and losers. More to come. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

Mining Malware at Fault a Cryptocurrency Theft of Some $87B in China

Colleagues, as we have previously reported mining malware has far outpaced the growth of ransomware over the past year when it comes to cryptocurrency theft. The most recent example is the theft in China valued at $87B of cryptocurrency by mining malware at the hands of three cyber criminals. Although details are limited, we understand this malware crime to be launched by Chinese nationals against Chinese cryptocurrency investors. To date we have seen many mining malware crimes initiated from within China targeting cryptocurrency investors located abroad.  McAfee Labs’ Threats Report for June 2018 identified more than 2.9 million samples of crypto-mining malware in Q1 2018 alone versus 400k attacks in Q4 2017 Q4 with JavaScript being the tool of choice when targeting web browsers. Bottom line: Both individual as well as corporate crypto investors need to be proactive in preventing crypto theft. Individuals needs to ensure the security on their computers and smartphones is as robust and up-to-date as possible, while institutions (corporations and telecom carriers) need to focus on router security. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

How critical in SIM Swap Fraud theft to cryptocurrency investors?

Colleagues, when members of the cryptocurrency ecosystem assess security threats SIM Swap Fraud likely ranks quite low on the priority list. Nevertheless, for cryptocurrency investors who use software-based crypto wallets the impact of SIM Swap Fraud can be significant. Case I point is the $224m law suit filed against AT&T by crypto investor Michael Terpin. Such fraud is a form of identity theft in which thieves convince untrained or unsuspecting telecom carrier and smartphone vendor support staff of the need to upgrade a SIM card. In turn the thieves gain access to most all of the phones apps and security information. The US Federal Trade Commission has been aware of this scheme for at least two years, however, there is little evidence that phone manufacturers and carriers have implemented protocols (e.g. human factors prevention methods) to reduce such crime. SIM Swap Fraud takes advantage of the rise of cryptocurrency software wallets and identify theft schemes. Cryptocurrency investors need to assess the risk-reward level of software vs. hardware vs. paper wallets along with their vulnerability to ID theft. Bottom line: SIM Swap Fraud is one more weakness is the broader crypto ecosystem which traders and investors need to mitigate. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Crypto Money Laundering, Fraud and Mining Malware Drive Increase in FinCEN SARs

Colleagues, over the past year Financial Crimes Enforcement Network (FinCEN) – a branch of the US Treasury - has reported a significant increase in Suspicious Activity Reports (SARs). Money laundering, fraud and mining malware complaints by financial institutions have all contributed to a rise in SARs to over 1500 per month. It is no wonder that the rise in SARs is directly correlated with in growth in cryptocurrency market capitalization. And in turn, cybercrime – which are at the core of SARs – also correlates the number and trading volume of cryptocurrencies. FinCEN offers an online SAR Stats reporting tool in their web site. Bottom line: The Cryptocurrency Academy and Cyber Security Defender propose the formation of cybercrime protection alliance between the US Treasury, financial institutions, crypto exchanges and security vendors with the goal of reducing cybercrime related to the cryptocurrency ecosystem. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

How will Bitcoin’s emerging crypto monopoly impact global cryptocurrency markets?

Colleagues, despite an aggregate decline in total cryptocurrency market cap since early CY2018, Bitcoin’s percent of total market value has reached staggering 50% threshold. Data also reveal that the top 5 cryptocurrencies – Bitcoin, Ethereum, Bitcoin Cash, Litecoin and Ripple – control almost 60% of the global crypto market. View the data from CoinMarketCap tracking stats. The Cryptocurrency Academy and the Cyber Security Defender draw two key conclusions from these numbers. First, is the definitive market vale concentration – which is nearing monopoly status – around Bitcoin. Thus, the extended crypto ecosystem needs to serve customers by developing tools and applications which are purpose-built for Bitcoin. Second, is the rapid bi-furcation of the global cryptocurrency market between the “Big 5” and the second-tier cryptocurrencies which serve niche geographic- and application-specific markets. We believe that bad actors – such as Russia, Iran, North Korea, Syria, ISIS, and AOAP - will be the primary users of this cryptocurrency underclass of as they seek to evade economic sanctions and conduct nefarious financial transactions with little-to-no transparency. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/) 

Cyber Attacks Targeting Crypto Mining Continue to Infect Hundreds of Thousands of Devices

Colleagues, 2018 has seen the meteoric rise in cyber-attacks focusing on crypto mining applications. Thus, it is no surprise that over 170,000 consumer devices in Brazil which operate under MicroTik routers were infected with Coinhive mining software. Both SkyBox and Trustwave security firms affirms such attacks. We reported earlier this week that some 32% of cyber-attacks now involve crypto mining which far outweighs the relatively modest 8% of ransomware attacks. The weakest link in the crypto ecosystem appears to be network routers. Our previous post cited Cisco routers. Now MicroTik is also on the target list. Bottom line: Whether corporate or service provider networks, router hygiene is of utmost importance. Keeping all security software and patches up-to-date has become more critical than ever. We recommend that IT professionals managing routers increase their vigilance by:  A) Tracking security threats, and B) Maintaining security software. Each router vendor maintain security threat alerts and mitigation tactics on their web sites. Bottom line: The cyber threat against network routers by nefarious crypto miners is likely to get much worse until vendors can make a quantum leap forward in their security measures. Share your comments today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/)  

Does the US SEC Hold the Fate of Cryptocurrencies in its Hands?

Colleagues, according to CoinMarketCap the total market capitalization of cryptocurrencies worldwide has reached an 8 ½ month low of some $225 billion. Moreover, cryptocurrency prices in aggregate have precipitously dropped over the past 11 days. Alternatively the US equities – Dow, S&P, NASDAQ and Russell 2K – have had a strong run during the last month following mediocre performance in H1 2018. Some speculate that crypto values are negatively impacted by a US SEC decision to delay approval of a new ETF. Others simply believe that crypto prices are simply overvalued. And finally, a small number of pundits, believe that cryptos have a negative risk-reward profile. The Cryptocurrency Academy believes this overall downturn is a viable market correction as crypto market is becoming more concentrated on the top 3-5 currencies with Bitcoin dominance approaching 50% of global crypto market capitalization. The past year has seen a tsunami of ICOs, expansion of crypto exchanges and investment funds – ETFs in particular. We expect total crypto market cap to continue its rise toward the end of 2018. Bottom line: Traders and investors alike should stay with the market leading currencies, exchanges and mining operators and stay away from the dubious investment vehicle and short-sighted fluctuations. Share your comments today! Lawrence – Cryptocurrency Academy (https://cryptocurrencyacademy.blogspot.com/)  

How susceptible are Twitter and Facebook to spreading malicious cryptocurrency botnets?

Colleagues, yesterday Duo Security reported that some 88 million Twitter accounts fell prey to a malicious botnet spreading a fraudulent cryptocurrency giveaway program. Many of us, myself included, saw messages from this botnet and simply paid no attention. Nonetheless, the security issued a paper at the Black Hat 2018 conference entitled “Don’t @ Me – Hunting Twitter Bots at Scale.” The paper describes the “Anatomy of a Twitter Bot” on page 14 of the report. We know that Facebook and Twitter have purportedly taken major steps to reinforce their platform and account security in recent months given pressure from the US Congress and the European Union. Bottom line: How secure are social media platforms against penetration by and in turn spreading malware such as the Twitter botnet? The fact that the about 88 million accounts we effected strongly suggests that social media take a quantum leap in security to ensure their users remain secure. As of this writing Twitter has not publically affirmed this attack. Duo Security plans to publish mitigation tactics for this malware on GitHub in the coming days. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)  

What level of cyber risk does the Telegram Passport app pose to the cryptocurrency ecosystem?

Colleagues, the Telegram Passport app promised ease of use and security for the cryptocurrency community and other end-users by storing your personal data in its cloud-based app. The company it wants to bring Blockchain-based payments to the Telegram chat app, which is popular among the crypto community and third party developers can access the Passport Integration Guide. Security researchers have identified two weaknesses inherit in this app. First, Telegram uses SHA-512 to hash passwords. And second, it is prone to spearphishing, insider threats or simply a rogue USB stick. Cryptocurrencies and exchanges may be the chief beneficiaries of this authentication model. Telegram says developers can integrate it in their apps and services at no cost. The first company to support Passport is UK-based ePayments. Bottom line: the Cyber Security Defender questions just how pervasively Passport will be used among the crypto ecosystem. Moreover, Telegram may need to strengthen Passport’s 256 bit security algorithm as soon as a better protocol becomes available. Share your assessment while visiting us today! Lawrence – Cyber Security Defender (https://cybersecuritydefender.blogspot.com/)