Forex

Google Ad

Bitcoin is currently the leading worldwide cryptocurrency and it is quickly becoming a popular alternative form of payment electronically. Be informed of the risks and how to counter them.

Bitcoin Mining

The SANS Internet Storm Center shares an awareness of the risks associated with trusting a decentralized currency system that is based more on technology than human controls (e.g., there is no official government entity to help back currency valuations or protect against unauthorized access)

So how are bad guys abusing this system?

1 - Crypto Pick Pockets

A wallet is a secret key, and the key itself is a file that can be copied (stolen) just like any other file. Various pieces of malware have also started stealing cryptocurrency wallets just like they steal credit card numbers.


2 - Rogue Crypto Currency Miners

The problem with mining cryptocurrencies is that it is a computationally expensive process. The miscreant will compromise systems, and install mining software on them. The victim is stuck with the power bill, and the miscreant will earn the cryptocurrency.


3 - Cryptojacking Javascript Miners

An exploit-free option, that has become quite popular recently is the use of Javascript miners.


4 - Phishing

Good old phishing is often used to extract credentials for currency exchanges from users. These phishing attacks have become quite sophisticated and in some cases exceed the quality of an average online banking phish.


5 - Attacks Against Mining Equipment

If an attacker has access to the equipment via SSH, they can use the username and password to take over the equipment and have it mine for the new owner.


6 - Attacking APIs

Ethereum nodes have an optional RPC interface that can be used to control the node without any authentication.


7 - Weak Random Numbers

As mentioned above, the security of your bitcoin wallet depends on a secret key. If this secret key is not random, then an attacker is able to guess it and take over your wallet without ever touching your system.


8 - Stealing Power

You got a high-end cryptocurrency mining rig, but the power bill is eating all your profits? Use someone else's power. For example, having a mining rig under a work desk to use company power.


9 - Don't make backups

It is your sole responsibility to guard the wallet. If the wallet is ever lost (for example a crashed hard drive), then you will have no way to recover your money. One common way is to create a "paper wallet" (print the key, typically in the form of a QR code). Only keep the money you currently need in electronic form. It is easy to copy the paper wallet. But again: Make sure you don't let other's see the code.


10  - No Insurance

With cryptocurrencies, there are no bank or other institutions or regulations that will cover you in case of a loss. If a bitcoin exchange goes under, or if it turns out to be fraudulent, then there is very little you can do to get your money back.


As they say: With great freedom comes great responsibility.

Source: isc.sans.edu/forums/diary/9+Fast+and+Eas...+Crypto+Coins/23071/

Log in to comment

Google ads