McAfee’s Advanced Threat Research team have released an in-depth report highlighting the emerging cybersecurity risks associated with Blockchain.
According to the report, bad actors have aggressively taken advantage of the rapid adoption of blockchain-based cryptocurrencies and the early adopters who use them. This is a trend that McAfee predicts will steadily increase alongside the market’s rapid growth, which is expected to reach $9.6 billion by 2024.
By closely examining the history of specific attacks targeting blockchain technology, and analysing the latest threat trends, McAfee’s researchers identified four key attack vectors that are being used by cyber criminals today with notable success. These include: phishing or fraud schemes, malware, implementation exploits, and technology vulnerabilities. These attacks, which creatively apply both old and new attack techniques, have been targeting both consumers and enterprises.
In a phishing scheme in January, Iota cryptocurrency lost $4 million to scams that lasted several months. In late 2017 to early 2018, some malware authors have migrated from deploying ransomware to cryptomining, using open-source code such as XMRig for system-based mining and the mining service Coinhive.
Implementation vulnerabilities are the flaws introduced when new technologies and tools are built on top of blockchain. In mid-July 2017, Iota suffered an attack that essentially enabled attackers to steal from any wallet. Another currency, Verge, was found with numerous vulnerabilities. Attackers exploiting these vulnerabilities were able to generate coins without spending any mining power.
Blockchain may be a relatively new technology but that does not mean that old attacks cannot work. Mostly due to insecure user behaviour, dictionary attacks can leverage some implementations of blockchain. Brain wallets, or wallets based on weak passwords are insecure and are routinely stolen.
The biggest players and targets in blockchain are cryptocurrency exchanges. Cryptocurrency exchanges can be thought of as banks in which users create accounts, manage finances and trade currencies. Earlier this year, Coincheck, one of Japan’s most popular exchanges, lost $532 million, affecting 260,000 investors. The company survived this attack and began reimbursing victims for their losses in March 2018.
However, not all companies fared so well. An attack against Mt. Gox between 2011 and 2014 resulted in $450 million of Bitcoin stolen and led to the liquidation and closure of the company.
New stats on malware mining were also included in the report. Total coin miner malware grew 629% in Q1 2018 to more than 2.9 million samples.
Blockchain technologies and its users are heavily targeted by profit-driven cybercriminals. Current attackers are changing their tactics and new groups are entering the space.
Despite the promise of Blockchain technologies to bring better security to online transactions and business processes, its rapid growth and adoption is bringing new cyber risks with equal force that will likely evolve with continued success.