Bitcoin is dead?!

According to popular opinion, Bitcoin has died 89 times in its relatively short and notorious lifetime. Causes include failures in architecture, scalability, competition, slow adoption, mining centralization, and stagnated development, including a community civil war. However, in 2017, digital currencies will continue to grow in popularity, especially when considering their use cases for criminal activity, namely ransomware attacks.

Over the past years, some of the more spectacular failures included the security breaches of online trading exchanges and digital wallets. Every few months, new headlines, such as the MtGox exchange hack and bankruptcy, and the $72 million heist on the popular Bitfinex exchange in 2016, captured headlines.

The collapse of the darknet market Silk Road and its clones, which ran off the crypto currency, also drew international attention and caused another plunge in value. But don’t count it out yet. Bitcoin has found itself another niche. Almost all ransom payment demands against organizations who have been the victims of security breaches use Bitcoin as currency.

As the digital equivalent of cash, there is no doubt that it powers cybercrime as the main crypto currency in use and defenders must understand that it will drive new types of attacks as well as increase their volume. A survey from Censuswide, commissioned by Citrix, found companies are stockpiling Bitcoins:

  • Over one in three (36 percent) of businesses with 250-500 employees store cryptocurrencies
  • Over half (57 percent) of firms with 501-1000 employees have a stockpile of digital cash
  • Less than one in five (18 percent) businesses with more than 2,000 employees see a need for building their digital currency stockpile

 
The implications of Bitcoin for security are multifold. Digital currencies are here to stay, and with a value transfer medium that has the advantages of not being subject to regulation, traditional transport and storage challenges, and a high degree of anonymity, there will undoubtedly be a growth in the number of attacks targeting the enterprise and mid-market.

Healthcare took the brunt of ransomware attacks in 2016, and in 2017, ransomware will expand its market to more industries. Organizations will see increasingly creative attacks and the volume will continue to grow. Traditional malware used in gaining remote access systems have evolved to take advantage of digital payment methods. Attacks will be more directly monetizable, in some cases removing the middleman and data brokers.

Some examples include:

  • Ransom-demanding DDoS attacks.
  • Ransom-demanding malware continuing to move beyond consumer targets to healthcare, education, and financials.
  • Blackmail and extortion – stolen data and records, potentially personal and embarrassing and “doxing.”
  • Racketeering and protection services.
  • Funding and crowdfunding of sites that promote or facilitate attacks.

 
As ransomware outgrew its initial target base – the average home internet user – to organizations and institutions, the use of Bitcoin as a form of payment created a new norm in 2016. And in 2017, we could very well see ransomware attacks spread to critical infrastructure, finance and banking, and Internet of Things, given the success this attack strategy has yielded in the past.

As organizations start to stockpile Bitcoin as a cautionary practice in the face of security breaches, it’s clear digital currencies are not going away anytime soon, so keep an eye on this space!

(About the author: Florin Lazurca is senior technical manager for security at Citrix. He drives technical direction for solutions that enhance user experience, flexibility, and security. His background includes experience in network optimization, virtualization, and security.)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access