A new McAfee report on blockchain threats shows cryptomining malware grew more than 600% in the first quarter this...
McAfee's "Blockchain Threat Report" details the massive increase in
"We've seen an explosion in cryptocurrency value recently," Povolny said. "Hundreds of them were created in a very short time, and now we're seeing threat actors trying to capitalize on that value."
While attackers have learned to adopt different attack methods that target both consumers and businesses, according to McAfee researchers, the four major attack vectors include familiar threats like phishing, malware, implementation vulnerabilities
Technology attacks, as explained by the researchers, are threats like dictionary attacks that are used against cryptocurrency private keys. Lastly, implementation vulnerabilities refer to flawed deployments of blockchain technology; the report cites examples such as the 2017 attack on blockchain startup Iota, where attackers exploited cryptographic vulnerabilities to create hash collisions and forged signatures, which enabled the hackers to steal coins from users' digital wallets. Povolny stressed these vulnerabilities are not flaws with blockchain itself, which has proved to be secure so far.
The "Blockchain Threat Report" states, "In most cases, the consumers of blockchain technology are the easiest targets. Due to a widespread start-up mentality, in which security often takes a backseat to growth, cryptocurrency companies often fall in this category."
Povolny said the issue of security within cryptocurrency and blockchain creates a two-sided problem. The first side revolves around the companies that initially rushed to capitalize on cryptocurrency but didn't complete basic security checks and risk assessments; those shortcomings, which include a lack of proper access controls,
The report also notes that "recovering from cryptocurrency theft is more difficult and complicated than with most other currencies due to their decentralized nature." In order to secure a network, a tailored risk assessment should be conducted.
As industries begin to implement their own blockchain technology, users should prepare for continued development of new technologies by cybercriminals to further compromise them, McAfee researchers wrote. However, since there is not a clear understanding of where these risks are,
Despite the increase in threats, Povolny said the surge in cryptocurrency startups and blockchain deployments is expected to continue.