Cybersecurity and Cryptocurrency

Cryptocurrency Basics for Small Businesses

Cryptocurrency is big news these days. Articles appear in economic news streams, technology blogs, and retail trade publications. On the same day you might find an article about how cryptocurrency is becoming legal tender for one country and an article on how a city is placing a moratorium on cryptocurrencies.

Here are some basic findings and information on cryptocurrency to encourage more research and reflection on this dynamic topic.

Basics of Cryptocurrency Cryptocurrency is a type of exchangeable virtual currency. It uses cryptography (computerized encoding and decoding of information) for security. It historically was not issued by any government, such traditional currencies like dollars, pounds or yens are. Bitcoin, introduced in 2009 is probably the most well-known cryptocurrency. Today there are over 1,300 variations in existence and new versions are developed frequently. In early March, 2018, Marshall Islands introduced their version, the digital “Sovereign,” or SOV, which they have designated as legal tender. Venezuela launched their version, Petro, in February, 2018.

While cryptocurrency is legal in the U.S., it is not U.S. legal tender and therefore not covered by monetary regulations. It is not insured by FDIC, for example. Businesses are not required to accept any cryptocurrency. The Security Exchange Commission (SEC) maintains that cryptocurrencies are a type of security and therefore trading platforms must comply with SEC regulations. The SEC issued a SEC bulletin: Statement on Potentially Unlawful Online Platforms for Trading Digital Assets on 3/7/18 to alert investors.

Purpose Cryptocurrency is used for funding both legitimate activity and illegal activity. Some of the illegal activities include tax evasion, money laundering, contraband transactions, and extortion. One Australian research study found 44% of bitcoin transactions was for illegal activities. Cryptocurrency is frequently used on the dark web for illegal drug purchases and by hackers to pay other cybercriminals. Ransomware frequently demands payment in bitcoins.

The underlying technology of blockchain is being explored by numerous corporations for business efficiencies. The technology code can be written to carry different types of information securely or to handle a variety of data driven exchanges, transactions, or contractual arrangements. For example, companies are evaluating using it in their supplier chains to track transactions.

Impacts The mining of cryptocurrency takes massive amounts of computer processing. Miners look for super cheap electricity to power their server farms. One estimate is to mine one coin is equal to that of running the average household for 10 days. For a fascinating in-depth article about legitimate mining, read Politico’s 3/9/18 article. Cybercriminals that are on the hunt for free power frequently use a nefarious approach – crypto jacking. They take over servers and home computers for the computer processing. The latest approach is for a hacker to load a java script to a website that then activates on your server or computer when you access the site. Unbeknownst to you, your equipment’s central processing unit (CPU) is working for the criminal and you are paying the electricity for it.

With high levels of PCU usage, your server’s (or computer’s) internal fans may automatically start up, to cool down the machine. If your fans kick on and you are not using heavy CPU software (like graphics programs), chances are you have been crypto jacked. Another impact is some site owners see a revenue opportunity. They are providing site visitors that have ad blockers the option to access their site (with the ad blocker functioning) if the visitor agrees to allow his/her computer be used for mining for the duration of his/her visit. The logic is since the site owner won’t get to show ads (and earn the related revenue), the site owner will get the revenue by coin mining using the visitor’s CPU and electricity. There are also site owners that don’t tell the visitors the owners are using the visitor’s computer.

A recent study indicates that the volume of site owners using mining software increased over 700% in recent four months. The survey found that mining is occurring on low volume sites as well as high volume sites.

What you can do The cryptocurrency world is evolving rapidly. New risks are occurring that are not anticipated. Small businesses should be cognizant of the changes and not assume that cryptocurrency doesn’t impact you.  If you see sudden spikes in CPU usage, talk with your cybersecurity specialist  If your server/computer’s fans go on unexpectedly, talk with your cybersecurity specialist  Monitor your electricity bill. If you see unusual spikes, talk to your electric company and to your cybersecurity specialist

Another potential risk is theft of servers. Be sure you have strong physical security measures in place. If your servers are stolen, be sure to notify your local law enforcement agency as well as your insurance agent.

About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.