Crypto-attacks are rising in Asia – and cybersecurity AI may be the best way to fight the threat: Darktrace

Cybersecurity company Darktrace says crypto-attackers have turned to more sophisticated and highly personalised methods to siphon tokens from victims.

In the realm of cryptocurrency, the dangers of clandestine cyber attacks that target and siphon valuable assets may not always be clear – but they are present.

Worryingly, it has become increasingly apparent that traditional tools to counter these threats are struggling to keep up in a constantly evolving landscape. Early detection of attacks is more necessary.

From January to May this year, Darktrace, a cybersecurity company with headquarters in the UK and US, detected a 78 per cent growth in the frequency of under-radar crypto-jacking threats and a total of 1,313 crypto-mining incidents across the world.

Moreover, it observed a rise in crypto-mining attacks in the Asia-Pacific (Apac) region – particularly in Singapore, Hong Kong and Australia, where cryptocurrency mining malware encounters were 17 per cent more than the global average.

Darktrace said that deploying artificial intelligence (AI) might be the likely answer to safeguarding blockchain resources and pinpointing problems before they erupt.

Business Insider spoke with Darktrace’s head of threat analysis in Apac – Sean Pea – to find out more about the crypto-jacking crisis and how AI can play a mitigating role.

How cryptocurrency is stolen

Pea said crypto-thieves are often on the lookout for data such as wallet keys – private keys used to authorise transactions – and credentials for accessing online wallets.

They often evolve their attack methods to evade traditional means of detection, resulting in each attack looking significantly different from previous ones.

However, there are two predominant types of attacks that crypto-thieves conduct – social engineering and malware infections.

Pea noted that phishing attacks are usually carried out by deceiving victims into entering their wallet keys or online wallet credentials into a cloned website.

This is done through social engineering, whereby the perpetrator uses sophisticated and highly personalised methods to dupe targets into voluntarily sending coins or downloading malware that steals sensitive data.

Alternatively, attackers may use “clipboard hijacking” malware that detects cryptocurrency transactions and replaces the intended recipient’s wallet address with their own, allowing the coins to be diverted to the attacker instead.

Cryptocurrency exchanges suffer devastating impacts

Due to the large volumes of coins they hold, Pea said cryptocurrency exchanges tend to be the most affected by attacks.

He added that successfully compromising such exchanges would give cyber-criminals a “significantly higher paycheck”.

The impact to organisations has been devastating.

For instance, exchanges in the past had to close down or file for bankruptcy after attackers infiltrated their systems and stole large volumes of coins that were worth up to millions or billions of dollars.

Difficulty of tracing criminals makes cryptocurrencies vulnerable

When Facebook signed up over a dozen companies in June this year to back its new cryptocurrency Libra – slated to launch in 2020 – stakeholders expressed concerns about its vulnerability to profit-seeking crypto-jackers, Darktrace said.

And they had the right to be worried.

Cryptocurrency has long been sought after by cyber-criminals due to the ease of performing transactions and the difficulty of tracing them, according to Pea.

“Whereas past hackers used to demand real money as ransom, now they demand virtual money – the exchange of money is seamless, efficient, and keeps the criminals anonymous,” he said.

With cryptocurrency becoming increasingly popular, hackers continue to target it as their preferred form of payment.

Pea also noted that crypto-attackers have turned to different methodologies and schemes.

Instead of attacking with trojans – a type of malware that misleads users into letting hackers control their computers – threat-actors would focus on infecting individuals, stealing their wallet keys and transferring cryptocurrency out of their hands.

Because of its stealthiness and highly personalised nature, the method makes it difficult for authorities and legacy security technologies to track down criminals.

“Facebook pushing for Libra simply expands the attack surface for users and makes it an attractive market for hackers,” Pea added.

Cryptocurrency has long been sought after by cyber-criminals due to the ease of performing transactions and the difficulty of tracing them.

Cryptocurrency exchanges not as protected as banks

For the most part, banks are governed by regulations that make it mandatory for them to implement stringent measures adapted from industry standards to protect their assets, Pea said.

Banks are also often audited to ensure compliance and failure to do so would lead to penalties.

Cryptocurrency exchanges, on the contrary, are not subject to such legal and financial obligations to enforce adequate protections over their digital assets, he noted.

Nonetheless, no organisation is impervious to attacks, as cyber-criminals can access even the most well-established of companies that have large security teams and pools of resources.

Pea said: “Defenders are tasked with keeping up with an ever-evolving adversary, meaning it’s crucial that we adopt equally intelligent technologies that can neutralise threats on our behalf.”

Singapore a prime target for crypto-attacks

Given Singapore’s status as a leading information hub, having topped the Asian Digital Transformation Index, the nation has become one of the most vulnerable targets.

Furthermore, the millions of connected devices used in the country increase the “attack surface” exponentially, presenting more opportunities for attackers to infiltrate systems, Pea said.

But Pea noted that crypto-theft remains one of the largest risks to organisations around the world, as it continues to become widespread and indiscriminate.

He added: “Attackers will launch automated attacks that can strike multiple organisations at once and operate at machine speed. It’s for this reason that we see corporations of all sizes, in Singapore and beyond, arming up with cyber AI to help fight back against this new age in cyber warfare.”

With the complexity of businesses and the rapid pace of digital transformation, AI has been recognised as a necessity in cyber security and enabling companies to stay ahead of unpredictable threats.

Human effort alone is insufficient to detect the subtle and unusual behavioural characteristic of stealthy hackers, Pea said, especially when networks are too big and complex to handle.

“There is therefore phenomenal demand for AI to cut through the noise and identify genuine threats to empower human professionals,” he added.

Singapore’s status as a leading information hub makes it one of the most vulnerable targets to crypto-attackers.

How does cybersecurity AI work?

Although firewalls and “patching” are important to maintaining robust cyber hygiene, Pea said patching is inherently “retrospective” as it requires security teams to constantly make updates when a vulnerability is uncovered.

Furthermore, the method’s dependence on historical data about known threats makes it inadequate in protecting organisations from future attacks.

In contrast, AI is able to secure networks “from the inside out” and is capable of learning what is normal and abnormal for digital businesses on an evolving basis, without having to rely on prior knowledge of threats.

AI can also recognise anomalies indicative of a threat and use “Autonomous Response AI” – a technology developed by Darktrace – to neutralise it in a matter of seconds.

As such, organisations have turned to AI to augment human security teams by identifying and eradicating threats in real time whenever it happens.

Regardless, Pea said it does not make IT professionals redundant as it serves as a “force multiplier” for existing security teams. He explained that the technology adds value by merely doing the heavy-lifting, autonomously responding on behalf of humans to isolate threats before they spread.

Varying levels of challenge for different organisations

Pea added that small and medium-sized enterprises (SMEs) are particularly affected by the challenge of defending against this new age threat.

Contrary to popular belief that SMEs are too small to be lucrative targets, cyber-criminals are in actuality “keenly aware” that such organisations have limited budgets and resources to spend on beefing up their cyber defences.

Banks and international corporations are much more difficult to infiltrate as attackers often require more “sophistication and subtlety” to bypass multi-layered security stacks and well-resourced security teams, he said.

Yet, both large organisations and SMEs will still need to face the “inherent” challenges that come about from a lack of skilled professionals, Pea noted.

Should the layman be concerned?

Despite organisations being more favourable targets for crypto-attacks, Pea advised non-experts in cryptocurrency to also step up efforts to protect themselves from attacks.

Possible ways for them to improve personal cyber hygiene include:

  • Timely updating of operating systems and software on devices
  • Good password management through strong passwords and proper storage
  • Using multi-factor authentication
  • Using trusted security networks and avoid connecting to public Wi-Fi
  • Education and mindfulness of phishing email and cloned websites

Read also: