Cyber crooks, nation-state backed and otherwise, are eyeing blockchain implementations with traditional tactics such as social engineering, malware, and ransomware but also tapping newer tools including cryptojacking and mining, a new McAfee report said.
Because blockchain technology is attracting a lot of interest for solving various business needs beyond decentralized payments, bad actors were bound to look there at some point. Where there’s financial opportunity, there’s bad actors and security risk, McAfee said in its Blockchain Threat Report.
The document is as much a detailed description of associated attack types as it is a warning to industry about oncoming cyber assaults that “could threaten this revolutionary technology’s rapid growth and its quickly expanding pool of adopters.”
McAfee reasons that while we’re seeing more and more blockchain technology in government, finance, retail, healthcare, and automotive segments -- prodding expectations for the global market to balloon to nearly $10 billion by 2024 from the paltry $216 million in 2016, according to researcher Esticast -- we're also fomenting security exposure.
In particular, McAfee’s report points to cryptocurrency-related cybersecurity incidents, where blockchain technology is in wide use. A barrage of high profile attacks have hit cryptocurrency exchanges--the main commercial adopters of blockchain. In the most recent event on June 10, cyber gangsters stole about 30 percent of the virtual currency of a below-the-radar South Korean exchange called Coinrail, quickly erasing $30 billion from the trading value of bitcoin and other digital currencies.
Blockchain and Cryptocurrency Security Risks
McAfee had this to say about the primary attack vectors hitting blockchain cryptocurrency:
Phishing scams. The most familiar blockchain attacks owing to their prevalence and success rate. For example, McAfee described a 2017 cryptocurrency phishing scam in which a cybercriminal set up a fraudulent cryptocurrency “wallet” service. After collecting authentication information from the service’s users over the course of six months, the thief drained $4 million from unsuspecting customers’ accounts.
Ransomware. In 2017, ransomware developers began experimenting with various alternative cybercurrencies, also known as altcoins.
Cryptojacking. Mirroring ransomware, cryptojacking campaigns, characterized by hijacking a browser to mine virtual currency, experimented with altcoins. For example, in late 2017, the Archive Poster plug-in for the Chrome browser was found to be mining Monero coins without consent. More than 100,000 people had downloaded the miner before anyone noticed that something was amiss.
Mining. Benefitted from an explosive resurgence in late 2017 and early 2018. New miners appeared quickly and old malware was retooled with mining capabilities. Along those lines, findings from RiskIQ’s Q1 2018 Mobile Threat Landscape showed that mobile threat actors are reaping pay days by taking advantage of the popularity and volatility of the cryptocurrency landscape. In March, an app called Calendar 2 in Apple’s App Store began mining Monero digital currency on user devices. The developers had set mining as the app's default option.
“Like so many other new robust technologies, blockchain can have a revolutionary impact in solving very real business problems, but only so long as security does not fall victim to urgency in the rush to adopt the technology,” said Raj Samani, chief scientist at McAfee. “Given blockchain’s potential for creating value, and the tremendous enthusiasm to implement it, cybercriminals will seek every opportunity to strike at all available technical and human vulnerabilities in the emerging blockchain ecosystem,” he said.