In a chapter written for 2018 Governance Outlook: Projections on Emerging Board Matters, Palo Alto Networks’ vice president of cybersecurity strategy and global policy Ryan Gillis explains that digital transformation in the workplace is continually introducing new risks from computer-based attacks. Gillis’s chapter includes two predictions: digital risks will increase in volume and variety, and attackers will become stealthier and more sophisticated. Executives and board members should use these forecasts to continually educate themselves about emerging trends and threats in the digital space.
For 2018, one of the main trends executives and board members should pay attention to is cryptocurrencies. Recent price increases in Bitcoin have generated interest among ordinary users. Digital attackers are well aware of this attention, which is why they’re going after cryptocurrency markets. They’re even targeting organizations’ IT assets with software that generates new units of currency at the expense of those devices’ functionality.
Cryptocurrencies are a complex subject, but it’s important for executives and board members to understand in order to defend the enterprise.
What are cryptocurrencies?
Cryptocurrencies are digital cash systems that use cryptography to secure units of currency. Most digital currencies function in peer-to-peer decentralized networks. As Blockgeeks’ Ameer Rosic explains, pending transactions broadcast out to a cryptocurrency’s community in “blocks.” Users known as miners confirm those transactions by solving a mathematical puzzle assigned to each block. When one of those users solves the puzzle, the block joins the other approved blocks in the “blockchain.”
Bitcoin and others are different from traditional payment systems in two primary ways, notes Martin Tillier for Nasdaq. First, governments do not issue or control cryptocurrencies; the algorithms built into miners’ software do. Second, digital currencies abide by a deflation model, because the total number of currency units in circulation is limited. This means that what costs one Bitcoin now will likely cost a fraction of a coin in the future.
Why do digital currencies matter to attackers?
Attackers are interested in digital currencies for two reasons. On the one hand, cryptocurrencies are a means of payment that can facilitate nefarious activity. Users do not need to tie their names and physical addresses to an account in order to obtain Bitcoin. That’s because virtual currencies are fast, permission-less, and pseudonymous.
As a result, computer criminals can use systems such as Litecoin to purchase drugs, sex, and malware with relative anonymity on dark web marketplaces. Ransomware actors demand ransom payments in Bitcoin for the same reason. They can receive payment from victims quickly without leaving a paper trail for law enforcement. Those malicious individuals can then use those Bitcoins to fund subsequent attack campaigns.
On the other hand, with the meteoric rise of Bitcoin’s value in 2017, cryptocurrencies are a worthy target. The deflation model of many digital currencies means that units of these systems will likely increase in price as time goes on. Criminals don’t want to miss out, so they’re using various techniques to acquire shares of virtual currencies.
One strategy that gained prominence in 2017 was cryptojacking. These attacks involve secretly embedding cryptomining scripts into web sites or installing mining solutions onto enterprise IT assets. The tools set to work mining cryptocurrencies, all the while draining the CPU of an unsuspecting web visitor’s computer or an enterprise’s server. Such behavior can degrade the productivity of an organization’s business-critical IT resources if the attackers don’t get caught.
In 2017, malefactors staged hacking operations against cryptocurrency exchanges in order to steal members’ money. These attacks proved successful in numerous cases, including Bithumb, NiceHash, Youbit, and EtherDelta.
As perpetrators develop increasingly more sophisticated cryptocurrency-based threats, executives and boards need to start rethinking how they conceive of digital risk. Christopher Budd, senior threat communications manager at Palo Alto Networks, agrees with this assessment “Cryptocurrencies are the most disruptive thing to emerge on the threat landscape in a long time. They are introducing unknown unknowns,” he said. “When we think of threat-assessment around cryptojacking attacks, one thing we must remember is that bad actors attempt to hijack CPU resources. That might not sound too bad at face-value; they’re not after corporate data. But consuming CPU resources is a huge cost to the business. To protect against this emerging threat, CISOs must begin to consider risk-assessment paradigms that we haven’t even thought of yet.”
Budd believes cryptocurrency-based threats will be around for some time. Therefore, boards and executives can’t settle into defending against familiar threats, such as ransomware. Instead, they need to turn their attention to up-and-coming issues.
“If you want to be a CISO that’s ahead of the curve, cryptocurrencies are where you should be starting your long-term strategic counter-measure planning,” Budd advised.
Enterprises can begin this by working with security teams to determine the business value of critical assets. This exercise should include an assessment of the potential impact that a cryptojacking attack on each device would have on the business. From that understanding, executives and the board can work with IT and security to harden the most critical solutions using security controls and solutions, such as continuous monitoring and vulnerability-management products. In so doing, they can stay ahead of cryptojacking attacks and similar threats as criminals shift their gaze to cryptocurrencies.