• Marc Wilczek, Managing Director at Link11


• 06.05.2022 01:45 pm
#cybersecurity

The financial industry as a whole, and crypto exchanges in particular, are increasingly falling victim to hacker attacks, mostly through so-called distributed denial-of-service (DDoS) attacks. What can corporate IT managers do to successfully fend off such hacks? 

Two-fold task between investigating authorities and CIOs/CISOs

On the one hand, the German investigative authorities are acting very vigorously and, for example, recently took the illegal darknet marketplace "Hydra Market" out of play. A coup in which several hundred Bitcoins worth 23 million euros were seized. On the other hand, cybercrime is a billion-dollar market with more and more focus on the financial sector. That is why, in addition to the investigating authorities, those responsible for IT security in companies have a distinct responsibility.

For IT and security managers, it is a well-known fact that no other industry is as strongly affected by cyber attacks as the financial sector. Although extremely complex firewalls, strong passwords created with the help of proprietary password management systems, and special access authorizations are used here, professional hackers succeed time and again in outwitting the IT periphery. As a consequence, once hackers have penetrated the IT infrastructure, even using DDoS attacks as a diversionary tactic, the damage has already been done.

Causes and effects of cyberattacks on crypto exchanges.

The cyberattacks on platforms within the financial sector show the disadvantages of the ecosystem in which cryptocurrencies are traded, for example. The reason for this is the fact that exchanges and platforms are developed in a very short time when a trend emerges and so-called smart contracts are written under time pressure. There are often neither the time nor resources available to build the necessary security structures. In addition, rational decisions play a role. The prevailing thinking is that the damage caused by entering a rapidly developing market too late is greater than the losses incurred by successful cyberattacks.

Even in the very early stages, the impact of hacking attacks on crypto exchanges is horrendous financial losses BitMart, for example, lost $150 million in RTH and BSC during a hack. The hack was made possible by the theft of an admin key that gave the hacker access to two hot wallets. One impact of such attacks that should not be underestimated is the loss of reputation for the platforms that become victims of cyberattacks.

The current IT threat level from cyberattacks for the crypto world.

Methods of exploiting network or application vulnerabilities are becoming increasingly sophisticated. In addition to DDoS attacks, ransomware, Trojans or even phishing attacks are used very frequently. Cryptocurrencies are not only considered an option for anonymous payment transactions, but also extremely secure. Theft with the help of social engineering or zero-day exploits does not cast a good light on the cybersecurity of the trading platforms concerned. Cryptojacking attacks are still a fairly new attack variant. In order to remain undetected as a hacker during the attack, people use botnets, for example, to be able to mine Bitcoin without being noticed.

Other hackers use bots such as the Mirai bot or the Satori bot to update malware with code that they then use to exploit vulnerabilities in devices. These can be smart whiteboards, routers or even NAS devices. They are then used to carry out the DDoS attacks already mentioned and can be easily controlled to launch mining codes for cryptocurrencies, for example.

Necessary protection mechanisms for companies

The most important task for cybersecurity managers is to develop and constantly optimize a comprehensive IT security architecture. Only with an optimally protected IT infrastructure can cyberattacks be efficiently thwarted. So-called penetration tests to identify vulnerabilities should also be part of the standard here. 

In addition to an ISMS, companies in the financial sector need to have the highest possible level of cyber resilience. By this, experts mean the ability to maintain business operations and processes in the company even when cyber threats or other crisis situations arise, such as failed software updates or problems created by human error. Cyber resilience is a complex concept that combines concepts such as information security, organizational resilience and business continuity, thus going even beyond IT security.

An important keyword in the field of DDoS defense is the combination of artificial intelligence as well as strict automation. Not all tasks, but especially those that are largely based on pattern recognition, should be performed by machines. In times of scarce resources, such systems should be used exactly where precision and speed equate to money and at the same time human resources can be used more effectively elsewhere.