Systems surrounding cryptocurrencies may be vulnerable to cybersecurity threats

KUALA LUMPUR: Mediums such as cryptocurrency exchanges, data troves, and internet of things (IoT) enabled devices among others, might be susceptible to looming cyber-security threats and malware which may creep in through these platforms, industry players say.
Forcepoint noted in its 2018 Security Predictions Report cryptocurrency exchanges may be a “hotbed” for risks from malware authors who may have configured malware to mine cryptocurrency, steal from exchange users wallets and exploit weaknesses in blockchain’s underlying algorithm.
With some 1.65 million computers being used as mines, the multi-billion bitcoin market may be a focus point for cybercriminals.
“We expect to see an increasing amount of malware targeting the user credentials of cryptocurrency exchanges and the websites that allow users to buy, sell and exchange cryptocurrencies for other digital and traditional currency,” the report read.
Forcepoint Southeast Asia principal security consultant Brandon Tan said while the bitcoin itself is foolproof against such threats thanks to its underlying blockchain technology secured by algorithm, the exchanges for the cryptocurrency is exposed and vulnerable to risk.
“People will be targeting the cryptocurrency exchange where you have bitcoins and you can convert back into fiat money, vulnerability is not so much on the cryptocurrency but at the point where cryptocurrency is held and converted into fiat money,” Tan said.
As a move to regulate cryptocurrencies, Bank Negara Malaysia recently said that parties acting as exchanges will be deemed as reporting institutions and be required to provide detailed information on buyers and sellers of such currencies.
In a separate event, Trend Micro Asia Pacific Future said bitcoins are also being used as the preferred mode of payment by ransomware attackers for ransom as the money trail cannot be easily tracked. This was also echoed by Tan.
Its managing director Goh Chee Hoh told reporters at a media briefing that although ransomware may have toned down, it is still lurking around with a changed modus operandi.
On top of that, Forcepoint predicts that 2018 may herald further data leakages, stemming from exploitation of security misconfiguration or weak authentication practices as well as employee error.
“In 2018, we predict some malware which will be so sophisticated that there will be no way to circumvent or detect,” Tan added.
This may also exert pressure on credit reporting agencies, online retailers and other large data aggregators who may be held accountable on how information amassed in their databases are being used, shared or sold.
Trend Micro said data obtained from leaks are often compromised and used for activities such as espionage and blackmail among others. It also noted that the motive behind hacks are often monetary.
On another note, with some 8.4 billion IoT enabled devices expected to be used this year, 31% more than 2016, it may also be a viable medium for malware to seep in. Cloud technology was also identified as an area of risk.
Meanwhile, from a business standpoint, both Forcepoint and Trend Micro said it is crucial for employers to be aware and keep tabs on employees behavioural patterns to keep their organisation at bay from inside jobs.
Organisations should also constantly study their risk profiles and monitor and reconfigure their systems and also be equipped with the right security products.
Trend Micro is an online antivirus and security program developer listed in Japan, while Forcepoint is a US based IT security solutions provider.