Even banks that don't embrace cryptocurrency must manage crypto risk
While an old-fashioned bank heist is still a real threat to retail banks, technological developments have opened new avenues for criminals looking for a quick cash grab. Banks must take these new threats seriously and guard against them to protect their customers’ assets.
Naturally, new threats emerge in tandem with new technologies. As cryptocurrency and the blockchain technology behind it capture the attention of the financial industry, those responsible for keeping assets safe must contemplate how these developments might alter the security landscape. While most banks do not currently offer cryptocurrency services to their clients, they nevertheless need to begin preparing for the potential security risks inherent when new technologies come into popularity.
Cryptocurrencies have been around for years but have only recently entered the mainstream. They’ve caught flak because of the anonymity they afford, which heightens their appeal to individuals seeking to purchase illegal goods, evade taxes or launder money.
Cryptocurrencies are traditionally mined when a user runs computer software that performs cryptographic calculations to help build a blockchain. In exchange for performing these complicated computations, the miner is rewarded with cryptocoins. One significant problem with this method is that so much power is required to run the software that specialized hardware is often needed. For a miner who is trying to generate cryptocoins on a standard PC, the cost of the electricity will generally outweigh the value of any coins they generate.
In order to eliminate the costs associated with mining while still reaping its benefits, hackers have developed a scheme called “cryptojacking.” Cyptojacking occurs when coins are mined on another person’s computer, without their knowledge, using someone else’s electricity to power the production of coins. The coins are then delivered to criminal accounts at no cost to the hackers. As the value of cryptocurrency continues to skyrocket, so does the threat of cryptojacking, with hackers targeting personal computers, large data centers, cloud services providers and the so-called internet of things (internet-enabled devices such as cameras and appliances). Cryptojacking is now believed to be generally more profitable than ransomware and other forms of online fraud usually perpetrated with malware, such as theft of banking credentials and credit card numbers.
Because the method of hijacking computer devices to mine cryptocoins is structurally similar to traditional malware attacks, the strategies for guarding against these threats include protections that many banks may already have in place. However, special attention must be given to the detection of crypto mining software, which, unlike ransomware and other malware, may not display any obvious signs of infection.
Additionally, cryptojacking can occur through embedded coin mining programs that operate in the background when a person accesses a particular website. The code may have been placed on the website illegally and without the knowledge of the website owners, or it may have been placed there knowingly and legally, with information about the (unwanted) cryptomining included in the often-ignored terms of service. So far, only a few commercial antivirus companies have updated their programs to block this kind of activity.
Due to the significant resources that are found at banks and other financial institutions, they remain among the most sought after targets for cryptojacking, with an ever-changing array of digital weapons available to criminals. Chief information and security officers, chief information officers and other technology leaders need to plan for these kinds of attacks, ensuring their detection and prevention measures are as attuned to the signs of cryptojacking as they are to more traditional attacks.
Whatever your opinion on the meteoric rise of cryptocurrencies, it seems they are part of the long-game of the global financial system. Considering that cryptocurrencies are designed to circumvent the banking system, banks will need to come up with creative ways to address and adapt to the technology and also to protect themselves from the evolved threats that accompany it.
Of course, regulatory bodies will play a role in guarding against these threats as well. The regulatory framework around cryptocurrencies will be a significant factor in how quickly and to what extent banks enter the cryptocurrency arena. One place that regulators might start is by updating existing rules to cover cryptocurrencies — an obvious application would include regulations designed to prevent money laundering, tax evasion and fraud.
Other policies might focus on cryptocoins themselves, including the ways they are converted, either to traditional funds or from one cryptocurrency to another. The government could also force a tag on the cryptocoins, removing some of the anonymity that makes them so attractive to bad actors. Additional regulations could include the banning of certain types of coins altogether.
While technology can open up new worlds of value, efficiency and ways to serve customers, it can also usher in new security concerns for banks. It can open up new opportunities for criminals seeking to exploit banks and their customers. With the advent of cryptocurrency falling somewhere in between, financial institutions should be receptive to the possibilities offered by the technology while remaining vigilant about the threats from those who would use it for malicious gain.