Threat Report

CTC’s March 2019 Threat Report

Perhaps to underscore that no single technology is effective against hackers, a wave of recent news related to cryptocurrency has hit.

It includes an executive who passed away and took with him the password to about $190 million in cryptocurrency and a successful social engineering attack, among other topics.  

Blockchains Under Attack

It wasn’t too long ago that blockchain entered the public consciousness. Reports touted it as hacker-proof and industries began examining and even implementing blockchain into their security protocols.

Recent news of an attempted theft of cryptocurrency Ethereum Classic, however, underscores blockchain’s vulnerabilities. One such vulnerability, called a 51% attack, requires a remarkable amount of computing power to work — power that at one time did not seem accessible to bad actors.

(To understand how much power it takes to achieve a 51% attack, consider that a one-hour assault against the world’s most prominent cryptocurrency, Bitcoin, would cost nearly $270,000 in rented mining power.)

As its name suggests, a 51% attack becomes possible when hackers take control of more than 50% of a blockchain’s computing power. Hackers can then manipulate cryptocurrency transactions to their own ends.

And manipulate them they have. From Technology Review: “In total, hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly.”

IT pros understand that no single security measure is 100% effective. It’s now clearer to a broader audience that blockchain is also fallible. The best defense is a thoughtfully designed and executed strategy developed with dedicated cybersecurity experts that employ multiple tactics to keep hackers at bay.

Social Engineering Attack in the News

Cryptocurrency made headlines in a different way recently when a social engineering attack against a blockchain company executive netted thieves $30,000 in cryptocurrency. We offer several tips to protect yourself against social engineering attacks.

Launching an Offensive Against Attackers

Perhaps cryptocurrencies should take a page out of the U.S. military’s playbook and strike first.

To protect voters against undue influence by foreign efforts, the U.S. military during the 2018 midterms launched an offensive against a Russian troll farm that saw the farm lose internet access — and, therefore, the ability to engage the election process with discord and disinformation.

From The Washington Post: “Whether the impact … will be long-lasting remains to be seen. Russia’s tactics are evolving, and some analysts were skeptical that the strike would deter the Russian troll factory or Putin, who, according to U.S. intelligence officials, ordered an ‘influence’ campaign in 2016 to undermine faith in U.S. democracy.”

Irrespective of the long-term consequences of such an attack, it highlights a change in cybersecurity engagement concerning state actors, one that could see expansion into corporate networks as the theater of such a conflict expands.

It also highlights the effectiveness of acting before a strike. New and growing AI capabilities of popular security software take a similar approach, identifying and neutralizing threats before they have a chance to impact the network. We recently reviewed endpoint security tools that utilize this approach and recommend you check them out.