SlideShare a Scribd company logo

NormShield Crypto Currency Report 2018

NormShield
NormShield

"NormShield Crypto Currency Report 2018" @Normshield - Is Your Money Safer in Cryptocurrency Exchange Markets than Banks?

Technology
1 of 10
1 Is Your Money Safer in Cryptocurrency Exchange Markets than Banks? www.normshield.com +1 571 335 02 22
2 Is Your Money Safer in Cryptocurrency Exchange Markets than Banks? April 2018 Crypto coins are the new mean of investment and shopping and their exchange volume increases exponentially. There are many exchange markets handles these investments. However, the question of resiliency of these markets is on the rise with recent attacks. In 2014, one of the largest crypto coin exchange market, Mt. Gox which was handling 70% of all bitcoin transactions back then, was hacked and lost $473 million resulting its closure and most dramatic fells in BTC. In 2016, Bitfinex suffered due to a cyber attack resulted in 120,000 BTC (≈$72 million back then). In January 2018, as the biggest cryptocurrency hack, more than half billion dollars was stolen from Coincheck. Very recently (on March 2018), Binance got reports from its customers about hijacked accounts. Binance reported that “a massive, well-coordinated phishing attempt” accumulated user accounts beginning from January. There were some fraudulent domains posed as Binance domains may have been a major part in this scam. Methodology of Research In March 2018, NormShield leveraged its proprietary Cyber Risk Scorecard platform to gather data on top 25 cryptocurrency markets (with respect to their volume), to analyze their cyber risk and security postures in 20 categories, and to compare the results in 12 selected categories. More information on our grading methodology and full list of our categories can be found here. “The attacks on cryptocurrency markets create not only stolen money, but also manipulation on market price of crypto coins.”
3 A Glance at Cryptocurrency Markets The snapshot on overall grades of top cryptocurrency markets shows an acceptable level of security posture. Based on NormShield Risk Scorecard letter gradings, many markets receive B+ and B grade (ten in B and ten in B+). Only one of 25 markets could go as high as A- and one performs poorly and receives C+. Compared to banking companies, grades of cryptocurrency markets are higher. This is mainly because number of assets (domains, subdomains, IPs, e-mails, employees) of banks are much larger than cryptocurrency exchange markets. Another very important factor is third-party risk that banks possess. The large number of third-party vendors of banks introduces invisible cyber risk to banking systems, which lowers the security ratings. On the other side, cryptocurrency markets are quite new and possess less number of assets that limits the attack surface for hackers. With the increasing interest on crypto coins, cryptocurrency markets’ websites and resources are visited for transactions and monitoring more often than ever. With these increased attention, we can expect increase in malicious users scans to find a vulnerability to exploit in these websites and resources. “Top 25 Cryptocurrency exchange markets receive overall scores between 79 and 80 (C+ and A- as counterpart letter grades).” * Each bubble shows number of exchange markets for a certain risk score.
4 Looking at the detail grades reveals some important risk factors of cryptocurrency markets and shows that these markets are vulnerable to similar types of attacks designed for financial institutions. Low grades on CDN security (security and reputation of external links), fraudulent domains (domains that can be used for scams and phishing attacks), and credential management (leaked and shared credentials) are three examples of risk factors that is common for financial services. Cybercriminals desires to hijack user and employee accounts to empty wallets of crypto coin investors. * Letter grades of each market for selected categories.
5 Why cryptocurrency markets are trending targets in the hacker community? The short answer is money. Cryptocoins, once stolen, are difficult to trace back and cyber criminals take advantage of this criminal luxury. The high market value of some crypto coins such as Bitcoin (BTC) makes it very attractive for hackers. Capturing low amount of BTC may result in high amount of US dollars in hackers hands. Since the exchange markets are quite new to finance industry, lack of security experience makes them more attractive and vulnerable targets for cyber criminals. Manipulating currency exchange values may create huge rippling effects with the result of intentional value loss on some currencies. The financial effect makes them appealing for hacktivists whose objective is to harm certain financial institution for political reasons. [Industry Insights] While individual company performance ranged from A to F, no industry group received higher than a C grade when measured across all categories. NormShield Cyber Security Risk Brief 2018
6 Top Three Risk Factors Companies and corporations in all industries encounter different cyber risks every day and experience difficulties while mitigating them. Cryptocurrency exchange markets perform poorly in CDN Security, Fraudulent Domains, and Credential Management. CDN Security A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet. Companies use a CDN for online libraries like JQuery. Normshield analyzes the CDN content to detect possible vulnerabilities. Ensuring the security of files obtained from a CDN ultimately requires a layered set of controls -- including malware scanning, content filtering, and threat intelligence -- that can analyze and block malicious code when it's detected. * CDN Security scores for each market. “We observe that 9 out of 25 exchange markets perform very poorly in CDN security”
7 Fraudulent Domains Domain name scams are types of Intellectual property scams or confidence scams in which unscrupulous domain name registrars attempt to generate revenue by tricking businesses into buying, selling, listing or converting a domain name. Fraudulent or scam domains are frequently used by phishing attacks those targeting either a company's employees or customers. Potential phishing domains can be searched by one of NormShield free services here. NormShield extracts fraudulent domains and subdomains from the domain registration database. The registered domains database holds more than 300M records. “NormShield scorecard found more than 800 potential fraudulent domains (possibility over 75%).” * Fraudulent Domain scores for each market.
8 Credential Management There are more than 5 billion hacked email / password available on the internet and underground forums. NormShield finds and shows the leaked or hacked emails & passwords. In the simplest form, email list of employees can be used for phishing attack. Most of internet users use same passwords for different web application accounts. In this search, NormShield found 27 leaked credentials for a specific exchange market (marked as Market 10) shared in last 90 days. * Credential Management scores for each market.
9 Conclusion Cryptocurrency exchange markets must vigorously mitigate cyber risks to reduce exposure to cyber attacks, improve incident response time, continue use of necessary security services, and proactively take measurements against potential cyber threats. Considering the impact of cyber attacks against those markets, exchange markets should discover possible attacks in advance to avoid huge financial and reputational loss. Some on-site security services might not be sufficient to identify some threats such as phishing attacks by using fraudulent domains. If credentials of legitimate users are leaked and shared in hacker forums, it might be too late to avoid the loss when the attack is detected. Cryptocurrency exchange markets can leverage use of an external risk management product such as NormShield Risk Scorecard to detect such threats and proactively mitigate the risk raised by these threat actors.
10 About NormShield We provide Cyber Risk Scorecard for companies just like FICO score. Cyber security is on every Board’s agenda, and the average total cost of a data breach has risen to $4 million (Ponemon/IBM). NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber- attacks. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized. Unified Threat & Vulnerability Orchestration Platform and Cyber Risk Scorecard. To learn your company’s risk score, please visit https://www.normshield.com/ and click on Learn Now. www.normshield.com 1 (571) 335 02 22 info@normshield.com NormShield HQ 8200 Greensboro Drive Suite 900 McLean, VA 22102 There are five main reasons to find your organization’s risk scores. - Provide Intelligence for Decision-Making - Help Determine ROI - Justify Cyber Budgets - Manage Vendor Risk - Evaluate Cyber Insurance Subscribers

Recommended

2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...Ken Lam
 
ThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
 
ThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureKen Lam
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
Event Guide V8
Event Guide V8Event Guide V8
Event Guide V8ThreatMetrix
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 

Recommended

2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)
2019 06-05-dalakova-kateryna-mkm-mmt-pov-assignment (1)Kate Dalakova
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...
ThreatMetrix Minimizes Payment Fraud Reduce Fraud and Protect Revenue Without...Ken Lam
 
ThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganThreatMetrix ARRC 2016 presentation by Ted Egan
ThreatMetrix ARRC 2016 presentation by Ted EganKen Lam
 
ThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureKen Lam
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
Event Guide V8
Event Guide V8Event Guide V8
Event Guide V8ThreatMetrix
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take OverLaurent Pacalin
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.CA Priyadarshan Behera
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyChukwunonso Okoro, CFE, CAMS, CRISC
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES- Mark - Fullbright
 
Security
SecuritySecurity
SecurityDick Pirozzolo, APR
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoVictor Oluwajuwon Badejo
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Shortkevinjoy
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Challenge Accepted
Challenge AcceptedChallenge Accepted
Challenge AcceptedEdward Jackson
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Business of Hacking
Business of HackingBusiness of Hacking
Business of HackingDaniel Ross
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019Omar Bshara
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 

More Related Content

What's hot

Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take OverLaurent Pacalin
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB'sGuise Bule
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud ManagementManish Desai
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Shortkevinjoy
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 

What's hot (18)

Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take Over
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
Requirement of PCI DSS in India.
Requirement of PCI DSS in India.Requirement of PCI DSS in India.
Requirement of PCI DSS in India.
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
BLURRING BOUNDARIES
BLURRING BOUNDARIESBLURRING BOUNDARIES
BLURRING BOUNDARIES
 
Security
SecuritySecurity
Security
 
Cyber Defense For SMB's
Cyber Defense For SMB'sCyber Defense For SMB's
Cyber Defense For SMB's
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud Management
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel Hijackers
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Bp Corp Pres Short
Bp Corp Pres ShortBp Corp Pres Short
Bp Corp Pres Short
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
Challenge Accepted
Challenge AcceptedChallenge Accepted
Challenge Accepted
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 

Similar to NormShield Crypto Currency Report 2018

Business of Hacking
Business of HackingBusiness of Hacking
Business of HackingDaniel Ross
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019Omar Bshara
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyFirst Atlantic Commerce
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Anil Jain
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
Research paper on crypto currencies 7 papers excluding title and ref.docx
Research paper on crypto currencies 7 papers excluding title and ref.docxResearch paper on crypto currencies 7 papers excluding title and ref.docx
Research paper on crypto currencies 7 papers excluding title and ref.docxdaynamckernon
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017malvvv
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...eraser Juan José Calderón
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Fernando Romero
 
Ransomware
RansomwareRansomware
RansomwareG Prachi
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33Felipe Prado
 

Similar to NormShield Crypto Currency Report 2018 (20)

Business of Hacking
Business of HackingBusiness of Hacking
Business of Hacking
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019
 
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your EnemyDriving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
ihegc012
ihegc012ihegc012
ihegc012
 
Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacksRansomware-as-a-Service: The business of distributing cyber attacks
Ransomware-as-a-Service: The business of distributing cyber attacks
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber Crime
 
Research paper on crypto currencies 7 papers excluding title and ref.docx
Research paper on crypto currencies 7 papers excluding title and ref.docxResearch paper on crypto currencies 7 papers excluding title and ref.docx
Research paper on crypto currencies 7 papers excluding title and ref.docx
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017Kaspersky lab financial_cyberthreats_in_2017
Kaspersky lab financial_cyberthreats_in_2017
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted...
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1
 
Ransomware
RansomwareRansomware
Ransomware
 
INSECURE Magazine - 33
INSECURE Magazine - 33INSECURE Magazine - 33
INSECURE Magazine - 33
 

More from NormShield

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUNormShield
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018NormShield
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormShield
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?NormShield
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in RegulationsNormShield
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsNormShield
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018NormShield
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 

More from NormShield (10)

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing Report
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management Infographic
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in Regulations
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 

NormShield Crypto Currency Report 2018

  • 1. 1 Is Your Money Safer in Cryptocurrency Exchange Markets than Banks? www.normshield.com +1 571 335 02 22
  • 2. 2 Is Your Money Safer in Cryptocurrency Exchange Markets than Banks? April 2018 Crypto coins are the new mean of investment and shopping and their exchange volume increases exponentially. There are many exchange markets handles these investments. However, the question of resiliency of these markets is on the rise with recent attacks. In 2014, one of the largest crypto coin exchange market, Mt. Gox which was handling 70% of all bitcoin transactions back then, was hacked and lost $473 million resulting its closure and most dramatic fells in BTC. In 2016, Bitfinex suffered due to a cyber attack resulted in 120,000 BTC (≈$72 million back then). In January 2018, as the biggest cryptocurrency hack, more than half billion dollars was stolen from Coincheck. Very recently (on March 2018), Binance got reports from its customers about hijacked accounts. Binance reported that “a massive, well-coordinated phishing attempt” accumulated user accounts beginning from January. There were some fraudulent domains posed as Binance domains may have been a major part in this scam. Methodology of Research In March 2018, NormShield leveraged its proprietary Cyber Risk Scorecard platform to gather data on top 25 cryptocurrency markets (with respect to their volume), to analyze their cyber risk and security postures in 20 categories, and to compare the results in 12 selected categories. More information on our grading methodology and full list of our categories can be found here. “The attacks on cryptocurrency markets create not only stolen money, but also manipulation on market price of crypto coins.”
  • 3. 3 A Glance at Cryptocurrency Markets The snapshot on overall grades of top cryptocurrency markets shows an acceptable level of security posture. Based on NormShield Risk Scorecard letter gradings, many markets receive B+ and B grade (ten in B and ten in B+). Only one of 25 markets could go as high as A- and one performs poorly and receives C+. Compared to banking companies, grades of cryptocurrency markets are higher. This is mainly because number of assets (domains, subdomains, IPs, e-mails, employees) of banks are much larger than cryptocurrency exchange markets. Another very important factor is third-party risk that banks possess. The large number of third-party vendors of banks introduces invisible cyber risk to banking systems, which lowers the security ratings. On the other side, cryptocurrency markets are quite new and possess less number of assets that limits the attack surface for hackers. With the increasing interest on crypto coins, cryptocurrency markets’ websites and resources are visited for transactions and monitoring more often than ever. With these increased attention, we can expect increase in malicious users scans to find a vulnerability to exploit in these websites and resources. “Top 25 Cryptocurrency exchange markets receive overall scores between 79 and 80 (C+ and A- as counterpart letter grades).” * Each bubble shows number of exchange markets for a certain risk score.
  • 4. 4 Looking at the detail grades reveals some important risk factors of cryptocurrency markets and shows that these markets are vulnerable to similar types of attacks designed for financial institutions. Low grades on CDN security (security and reputation of external links), fraudulent domains (domains that can be used for scams and phishing attacks), and credential management (leaked and shared credentials) are three examples of risk factors that is common for financial services. Cybercriminals desires to hijack user and employee accounts to empty wallets of crypto coin investors. * Letter grades of each market for selected categories.
  • 5. 5 Why cryptocurrency markets are trending targets in the hacker community? The short answer is money. Cryptocoins, once stolen, are difficult to trace back and cyber criminals take advantage of this criminal luxury. The high market value of some crypto coins such as Bitcoin (BTC) makes it very attractive for hackers. Capturing low amount of BTC may result in high amount of US dollars in hackers hands. Since the exchange markets are quite new to finance industry, lack of security experience makes them more attractive and vulnerable targets for cyber criminals. Manipulating currency exchange values may create huge rippling effects with the result of intentional value loss on some currencies. The financial effect makes them appealing for hacktivists whose objective is to harm certain financial institution for political reasons. [Industry Insights] While individual company performance ranged from A to F, no industry group received higher than a C grade when measured across all categories. NormShield Cyber Security Risk Brief 2018
  • 6. 6 Top Three Risk Factors Companies and corporations in all industries encounter different cyber risks every day and experience difficulties while mitigating them. Cryptocurrency exchange markets perform poorly in CDN Security, Fraudulent Domains, and Credential Management. CDN Security A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet. Companies use a CDN for online libraries like JQuery. Normshield analyzes the CDN content to detect possible vulnerabilities. Ensuring the security of files obtained from a CDN ultimately requires a layered set of controls -- including malware scanning, content filtering, and threat intelligence -- that can analyze and block malicious code when it's detected. * CDN Security scores for each market. “We observe that 9 out of 25 exchange markets perform very poorly in CDN security”
  • 7. 7 Fraudulent Domains Domain name scams are types of Intellectual property scams or confidence scams in which unscrupulous domain name registrars attempt to generate revenue by tricking businesses into buying, selling, listing or converting a domain name. Fraudulent or scam domains are frequently used by phishing attacks those targeting either a company's employees or customers. Potential phishing domains can be searched by one of NormShield free services here. NormShield extracts fraudulent domains and subdomains from the domain registration database. The registered domains database holds more than 300M records. “NormShield scorecard found more than 800 potential fraudulent domains (possibility over 75%).” * Fraudulent Domain scores for each market.
  • 8. 8 Credential Management There are more than 5 billion hacked email / password available on the internet and underground forums. NormShield finds and shows the leaked or hacked emails & passwords. In the simplest form, email list of employees can be used for phishing attack. Most of internet users use same passwords for different web application accounts. In this search, NormShield found 27 leaked credentials for a specific exchange market (marked as Market 10) shared in last 90 days. * Credential Management scores for each market.
  • 9. 9 Conclusion Cryptocurrency exchange markets must vigorously mitigate cyber risks to reduce exposure to cyber attacks, improve incident response time, continue use of necessary security services, and proactively take measurements against potential cyber threats. Considering the impact of cyber attacks against those markets, exchange markets should discover possible attacks in advance to avoid huge financial and reputational loss. Some on-site security services might not be sufficient to identify some threats such as phishing attacks by using fraudulent domains. If credentials of legitimate users are leaked and shared in hacker forums, it might be too late to avoid the loss when the attack is detected. Cryptocurrency exchange markets can leverage use of an external risk management product such as NormShield Risk Scorecard to detect such threats and proactively mitigate the risk raised by these threat actors.
  • 10. 10 About NormShield We provide Cyber Risk Scorecard for companies just like FICO score. Cyber security is on every Board’s agenda, and the average total cost of a data breach has risen to $4 million (Ponemon/IBM). NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber- attacks. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized. Unified Threat & Vulnerability Orchestration Platform and Cyber Risk Scorecard. To learn your company’s risk score, please visit https://www.normshield.com/ and click on Learn Now. www.normshield.com 1 (571) 335 02 22 info@normshield.com NormShield HQ 8200 Greensboro Drive Suite 900 McLean, VA 22102 There are five main reasons to find your organization’s risk scores. - Provide Intelligence for Decision-Making - Help Determine ROI - Justify Cyber Budgets - Manage Vendor Risk - Evaluate Cyber Insurance Subscribers