How Facebook’s New Cryptocurrency Affects Your Cybersecurity
With Libra, Facebook has taken the latest step in making cryptocurrency more ubiquitous, and now your enterprise data is more valuable to hackers than ever. Here’s how you can defend your networks.
Facebook, already one of the wealthiest companies in the world, has recently created a new cryptocurrency. It’s called Libra, and Facebook aims to make it a ubiquitous global currency.
It’s understandable why the most successful social media company in the world would want to dive into the crypto space. Cryptocurrency has been turning heads since it first emerged on the public’s radar several years ago, with popular (and volatile) currencies like Bitcoin reaching valuations of $20,000 per coin during peak trading times.
As a refresher, cryptocurrencies leverage blockchain technology to drive financial transactions that are decentralized, transparent, and immutable. Most cryptocurrencies are not controlled by any central authority, making them theoretically immune to government tampering (which crypto supporters believe devalues money and makes global trading less lucrative).
In this case, however, Libra has been donned a “stablecoin” due to its links to diversified currencies and low-risk bonds. What’s more, Facebook is connecting a consortium of enterprises — PayPal, eBay, Uber, Visa, and more — to back Libra, which allows them to achieve a stability that other cryptos have failed to attain. Facebook promises that their currency will be able to scale to billions of accounts while remaining secure and flexible.
Although Libra seems poised to finally legitimize the mainstream adoption of cryptocurrency, enterprises and the public should proceed with caution. There are very real risks associated with a ubiquitous cryptocurrency, and even if your enterprise isn’t actively using Libra, Bitcoin, Etherium, or one of the other emerging consortiums, you could still very well be in the blast radius of the security risks they pose.
Cryptocurrency and the Rise of Ransomware
In the past, collecting ransom money was a risky endeavor. Because physical money can be marked and wire transfers can be tracked, criminals must go to great lengths to launder and clean the money they exfiltrate.
Conversely, the anonymous nature of cryptocurrency is appealing to criminals who want to steal money without leaving a paper trail. A cybercriminal can easily create a crypto wallet and make transactions that are fully independent of their real-world identity. Of course, converting that digital money into fiat currency requires a bank account (which is inherently tied to a real-world identity), but criminals can simply pass their money through a series of different digital currencies to obscure their trail.
This helps explain why in 2018, losses from cryptocurrency-related crimes amounted to over $1.7 billion. In fact, Coveware’s quarterly report found that the average ransom increased by a whopping 89 percent — from $6,733 in Q4 of 2018 to $12,762 in Q1 of 2019.
This is not to say the rise of cybercrime is directly related to cryptocurrency — a myriad of factors play into the rise of cybercrime. However, there is no doubt cryptocurrency’s anonymity and ease of use have, at the very least, made it easier for ransomware to flourish.
Cryptocurrency’s Built-In Defense is Not Enough
The consortiums behind the most popular cryptocurrencies are not blind to the risks their currencies pose to enterprises and cities. For example, Facebook and its partners in the Libra currency are making investments in securing their cryptocurrency, promising to refund any money lost due to a Libra-wallet breach.
But these promises are not enough to eliminate the risks associated with cryptocurrency. Often, cyberattacks are not hacks of the currency itself, but rather breaches in the security protocols of the institutions and people using digital currency. What’s more, it doesn’t matter if an enterprise is using a cryptocurrency or not — their data becomes significantly more valuable to hackers when cryptocurrency is mainstreamed.
As the rise of cryptocurrency makes ransomware attacks increasingly lucrative, hackers are developing more advanced methods of exfiltrating enterprise data. One of these methods is AI malware. Traditionally, human hackers attempt to avoid detection by mimicking normal behavior on a network as they spread malware across an organization’s machines and programs. They then use command-and-control (C2) servers to receive stolen data from their target. With the use of machine learning, however, AI can now autonomously mimic normal behavior while extracting valuable data. And since AI malware doesn’t need C2, it’s nearly impossible to detect.
Another rising cybercrime tactic utilizing emerging technology is smart phishing, which is also deployed with the use of AI. Although phishing attempts can usually be foiled with internal IT training and basic cybersecurity best practices, smart phishing is harder to defend against. Hackers use machine learning to auto-create messages that understand the context of a targeted email chain. These messages are then inserted into ongoing email conversations to make smart phishing look completely legitimate. This can even fool trained IT professionals.
Cryptocurrency puts more at stake for enterprises, which subsequently drives cybercriminals to come up with more creative and effective ways to access valuable data. In this era of heightened risks, it’s essential for enterprises to gear up for the incoming cyberattacks that are bound to come their way.
New Cyberdefense in the Crypto-Climate
Regardless of its risks, cryptocurrency is here to stay. With Libra aiming to take digital currency into the mainstream, we can only expect that cybercriminals will continue to develop more sophisticated data exfiltration techniques. Enterprises must be prepared to defend against the onslaught of AI malware, smart phishing, and other emerging cyber tactics. Luckily, we at Turn-key Technologies, Inc. (TTI) are here to help.
With nearly three decades of experience designing ultra-secure enterprise networks, we have the resources and expertise necessary to ensure that your data remains secure. Enterprises of all stripes and colors are in need of cybersecurity expertise now more than ever, and in this regard, there’s no better partner than TTI.
By Craig Badrick