Downloaded 26 times
![#RSAC
Bitcoin malware trends
Malware is and will be an important tool for coin thieves against
end users
Attack wallet files or website logins
Desktop and mobile
Interest from malware authors is proportional to the Bitcoin price
and adoption in their target demographic
Dropped in 2014 along with price [Symantec]
As adoption grows, average technical savvy of user will drop](https://image.slidesharecdn.com/rsac2015htaf03bitcoinv4-150424122501-conversion-gate01/85/RSA-2015-Bitcoin-s-Future-Threats-Expert-s-Roundtable-based-on-150-Case-Studies-26-320.jpg)
Uploaded byWayne Huang
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
The panel discussion focuses on various threats to Bitcoin, emphasizing its attractiveness as a target for criminals due to insider threats, fraud, wallet theft, and remote exploitation. Participants explore potential future challenges, including scams and theft of mining resources, as well as the implications of Bitcoin on the security industry. Key topics include the risks of malware, the importance of defense strategies, and the overall adoption of Bitcoin in a changing landscape.
More Related Content
Similar to RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
RSA 2015 Bitcoin's Future Threats: Expert's Roundtable based on 150 Case Studies
- 1. SESSION ID: #RSAC MODERATOR: PANELISTS: Bitcoin'sFuture Threats: Expert's Roundtable based on 150 Case Studies HTA-F03 Wayne Huang Charlie Lee Danny Yang Fyodor Yarochkin Kristov Atlas VP Engineering Proofpoint, Inc. @waynehuang whuang@proofpoint.com wayne.armorize@gmail.com Creator, Litecoin Engineering Director, Coinbase @SatoshiLite Founder & CTO, MaiCoin, Inc. @huuep Senior Threat Researcher, VArmour, Inc. @fygrave Bitcoin Security Researcher Independent Security Researcher @kristovatlas
- 2. #RSAC The BIG question… Whyare Bitcoin targets so attractive?
- 3.
- 8. Just before orin parallel: Insider threat, Fraud & scams, Wallet theft, Crime
- 9.
- 10. #RSAC The BIG question… Whyare Bitcoin targets so attractive?
- 11. #RSAC Questions Which threatvector will impact Bitcoin’s future most? How anonymous is Bitcoin? Will we see more of CryptoLocker clones in the future demanding Bitcoin for encrypted file ransom? Which threat vector is likely under-rated? What opportunities and impact will Bitcoin bring to the security industry? How to boost Bitcoin’s wide adoption?
- 12.
- 13. #RSAC Remote exploitation ofserver-side vulnerabilities Vulns in open source Bitcoin projects 3rd party vulns Application vulns (OWASP)
- 14. #RSAC Mining resources theft Seizing pro miners, Dell: stealing $9,000 a day German police: botnet mined €700,000 bitcoins Miner botnets (ex: DVRs, cams, NAS…) University servers Hidden miners (ex: games) Android app miners (ex: wallpapers apps)
- 15. #RSAC Mining resources theft:Embedded Devices Compromises: embedded ARM, PPC, MIPS or X86 machines Attack vector: default passwords, a vuln in /cgi-bin/php Primary targets: cheap Linux-based embedded devices, ex: Dahua camera - arm AFoundry switch - mips Tera EP Wifi Broadband Switch - mips Mines MNC coin via p2pool.org
- 16. #RSAC Mining resources theft:Embedded Devices
- 17. #RSAC Mining resources theft:Embedded Devices
- 18. #RSAC Mining resources theft:Embedded Devices
- 19. #RSAC Mining resources theft:Embedded Devices
- 20. #RSAC Mining resources theft:Embedded Devices
- 21.
- 22.
- 23. #RSAC Mining resources theft Botnets - Some also have injects for bitcoin theft, i.e this Zeus modification: https://bigrc.biz/threads/%D0%BF%D1%80%D0%BE%D0%B4%D0%B0%D0%BC-botnet-evolution- %D0%B1%D0%BE%D1%82%D0%BD%D0%B5%D1%82.9505/
- 24. #RSAC Fraudulent vendors andscams Bitcoin startup scams (taking investor money) Miner scams (no shipment) Bitcoin-denominated ponzi scheme Exchange scams Bitcoin asset scams
- 25. #RSAC Wallet theft Endpointwallet stealers Dell: Nearly 150 Strains of Malware Are After Your Bitcoins Bitcoin-featured banking malware Trojaned browser plugins
- 26. #RSAC Bitcoin malware trends Malware is and will be an important tool for coin thieves against end users Attack wallet files or website logins Desktop and mobile Interest from malware authors is proportional to the Bitcoin price and adoption in their target demographic Dropped in 2014 along with price [Symantec] As adoption grows, average technical savvy of user will drop
- 27.
- 28.
- 29.
- 30. #RSAC Defending Against BitcoinMalware For now, most Bitcoin malware will simply be standard financial trojans. Use traditional methods of detection Behavioral analysis: processes scanning for ‘wallet.dat’, ‘wallet.aes.json’ or Base58Check strings all potentially suspicious Put private keys offline and into cold storage; use offline signing Security proportional to amount of funds stored, even during upward price swings Multi-stage signing protocols such as P2SH multisig, Shamir’s Secret Sharing, or threshold sigs distribute risk
- 31. #RSAC Crime and terrorism Bitcoin as gaming credits (ex: gambling) Bitcoin as payment protocol for criminal trade Bitcoin used to fund or to donate to terrorists Bitcoin as means to launder money
- 32. #RSAC Insider threat Currentoperators or employees Ex-employees Fake “compromises” US Department of Justice: US Secret Service agent "diverted" more than $800,000 in Bitcoins to his personal accounts
- 33. #RSAC Insider Threat: Sh33pMarketplace 33
- 34. #RSAC Federal Agents Accusedof Stealing SR Funds 34
- 35. #RSAC DDoS Targeted DDoSagainst exchanges Cross-exchange DDoS DDoS against Bitcoin core reference design DDoS mining pools for ransom
- 36. #RSAC Phishing Phishing emailsseemingly from blockchain wallet High click rate Spear-phising Silk Road auction enquirers Phishing Bitcoin exchange users
- 37.
- 38. #RSAC Questions Which threatvector will impact Bitcoin’s future most? How anonymous is Bitcoin? Will we see more of CryptoLocker clones in the future demanding Bitcoin for encrypted file ransom? Does cryptocurrency promote ransomware Which threat vector is likely under-rated? What opportunities does Bitcoin bring to the security industry? How will Bitcoin impact the security industry? How to boost Bitcoin’s wide adoption?
- 39.
- 40.
Editor's Notes
- #12 This question pertains to custodial services. One of the benefits of Bitcoin is that it eliminates intermediaries and counter-party risk. However, many users appreciate the convenience and potential security of custodial companies, which re-introduce some of those negative elements that Bitcoin seeks to eliminate. In some cases, this has resulted in lost coins due to mismanagement, insider threats, or fraud. Is custodial Bitcoin a good or bad thing? Will we see more or less of it in the future? How can custodial companies prove that to users that they are liquid (e.g proof of reserves)?
- #28 Keylogging, screenshot and video capture. Focused on obtaining login credentials
- #34 Usually escrow funds are in danger with these marketplaces. Other exchanges have adopted 2 of 3 multisig escrow to prevent theft of escrow funds.
- #35 Force had abused his positions as a DEA agent and compliance officer at digital currency exchange CoinMKT to freeze a customer’s account and transfer $297,000 worth of cryptocoins to his personal account Both Force and Bridges had set up front companies and associated bank accounts where illegally-acquired $820k were deposited
- #39 This question pertains to custodial services. One of the benefits of Bitcoin is that it eliminates intermediaries and counter-party risk. However, many users appreciate the convenience and potential security of custodial companies, which re-introduce some of those negative elements that Bitcoin seeks to eliminate. In some cases, this has resulted in lost coins due to mismanagement, insider threats, or fraud. Is custodial Bitcoin a good or bad thing? Will we see more or less of it in the future? How can custodial companies prove that to users that they are liquid (e.g proof of reserves)?