Running a business means expenses, and it is normal to seek ways to sustainably cut them. However, certain operations are sensitive to this; cybersecurity is one of them, as is the crypto industry, which has long been a honeypot for hackers.
What can go wrong
Cybersecurity professionals agree that cybersecurity attacks have been becoming more sophisticated. Traditional approaches such as malware or phishing have been enhanced by the application of machine learning and artificial intelligence.
Dr. Michelle Moore points out the key cybersecurity threats of the year:
1. Hackers use machine learning for faster and better-targeted phishing attacks.
2. The growing application of cryptocurrencies as an anonymous payment method have helped fuel the ransomware market.
3. Hackers tend to hunt people’s computer resources rather than their data to mine cryptocurrencies.
4. Personal devices (such as laptops or tablets) have become a key target for hackers, seeking not only users’ data but also control over devices. By seizing access to numerous devices, criminals can overload networks, generate havoc, or block access to controlled external equipment.
5. Social engineering – using human psychology to infringe organizations’ cybersecurity – has also been on the rise. Social media makes it even easier to gather user data for psychological manipulations.
According to Dr. Moore, the shortage of skilled cybersecurity program developers is also a major risk.
Speaking of the cryptocurrency market, there are major risks such as the theft of wallet access data, crypto exchange hacking, private key security, or vulnerabilities related to the 51% consensus mechanism.
Learn from the mistakes of others
Let us see five notorious cases from 2020 proving that businesses should not overlook the importance of hiring professionals for cybersecurity program development.
#1: Numerous DeFi cybersecurity attacks
A pioneer in automated blockchain-based finance, DeFi has become extremely successful in a short period of time. Soon after its launch in 2020, it managed to collect more than $13 billion worth of assets.
DeFi is based on an open-source code that any user can investigate via GitHub.
Unfortunately, this has been to its detriment, as major bugs and vulnerabilities have been used by hackers throughout the year. These include:
· Bugs in code;
· High reliance on composability;
· Irreversibility of blockchain transactions – which are irreversible for crypto thefts, too.
In just one example, hackers managed to drain $954,000 from bZx users by manipulating asset prices, knowing how DeFi’s composability principle connects respective protocols.
Another notorious DeFi hack involved $260 million stolen from several platforms using SharkTron.
#2: CryptoCore phishing
Cybersecurity firm ClearSky has tracked down a group of hackers known as CryptoCore, who have stolen a total of $200 million through a couple of cybersecurity attacks.
Their strategy shows how sophisticated cybersecurity attacks have become recently:
1. It starts by collecting data on employees and management.
2. Based on that, the hackers target the personal email accounts of the victims, since they are less protected and may still hold useful business data.
3. An email is then sent from the hacked employees’ accounts to senior management, with the intention to gain access to corporate passwords from crypto-wallets or other payment processors.
This approach shows that hacking strategies have become hybrid, involving multiple elements such as social engineering and/or phishing.
#3: Microsoft falls victim to a cybersecurity attack
2020 marked a unique event: one of the largest tech giants in the world was subject to cybersecurity fraud worth $10 million.
A former Microsoft software engineer was involved in developing an online retail sales platform. Over the years he had been working with the company, he had been using testing access to misappropriate digital gift cards.
Starting from his test account, he then involved other employees’ accounts to withdraw larger amounts of stolen funds. Due to this, the shadow of suspicion fell on the other colleagues, as well.
To launder the money, the hacker used a cryptocurrency mixer service. Having received funds to his banking account, he soon acquired an expensive villa and a Tesla car, which exposed him, despite the masterful tech performance he had devised.
This case has shown that the human element should not be underestimated even when a company boasts a big name and – supposedly – the highest cybersecurity standards.
#4: European supercomputers under cybersecurity attack
Germany, Switzerland, Spain, and the UK have also experienced hacker attacks on their supercomputers. Cryptocurrency mining malware was fraudulently installed on them in order to use their high-performance capabilities to generate cryptocurrency assets.
Hackers breached the login nodes, forcing the owners of the supercomputers to reset SSH passwords and put on hold certain operations until further notice.
Based on the malware samples shared by the Computer Security Incident Response Team (CSIRT), Cado Security has concluded that the cybersecurity attacks were caused by compromised SSH credentials, which belonged to university members with access to supercomputers. With the help of the stolen credentials, criminals gained root access via the CVE-2019-15666 vulnerability and set up an application to mine Monero.
This is definitely not the first case of a cyber-attack undertaken for mining purposes. In 2018, engineers from the Russian Nuclear Center were found using supercomputers to mine cryptocurrency.
#5: Crypto scams “endorsed” by celebrities
One of the largest scams of the previous year concerns GPay, a cryptocurrency platform that fooled traders by using fake endorsements from international TV celebrities. It is estimated that criminals managed to get away with $1.8 million.
MoneySavingExpert’s founder Martin Lewis even filed a court case against Facebook for allowing the fraudulent use of his image in scam adverts. As a result, the social network has committed to developing a scam reporting tool. Despite this promise, the ads had been running for some time – proving that yet another tech giant cannot fully assure cybersecurity.
Even Bill Gates had his identity used to endorse scams.  Dozens of YouTube accounts with a high user count were hacked and renamed to appear associated with Microsoft. The high subscriber count along with the live streams of “Bill Gates” convinced some users to participate in a Ponzi “giveaway”.
Don’t cut costs on cybersecurity program development for business
As we have seen from the above-mentioned cases, there are always human and tech elements behind every cybersecurity attack.
Employees can cause data breaches both intentionally and unintentionally (e.g. if they were subject to phishing). It is rather difficult to predict any of these occurrences – even Microsoft did not manage to do so.
When it comes to the tech component of cybersecurity, a professional team of software developers should be your best friend. Not only will they develop solutions to prevent major cybersecurity threats, but will also run multiple tests to find out and fix any vulnerabilities.
Consider outsourcing cybersecurity program development: there is no personal element related to employment role play. Also, there is more dedication and accountability, since a service provider depends on recurring payments.
When bad things happen, it may be too late to seek professional help. The best way to ensure proper business operations is to prevent any potential cybersecurity vulnerabilities.