Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

6/12/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Bitcoin & Other Cryptocurrency Prices in Flux Following Hack

A hack of a South Korean cryptocurrency exchange over the weekend sent the price of Bitcoin and other cryptocurrencies into flux on Monday, upsetting an already volatile market.

The weekend hack of a cryptocurrency exchange in South Korea made itself felt across the globe on Monday, with a ripple effect that included a significant fluctuation in the price of Bitcoin and other virtual currencies.

The exchange, Coinrail, announced on its website Sunday that it had been attacked, although it's not clear what exactly happened or who might have been behind the incident. This particular exchange isn't as large as some of the other ones on the market, and the total loss of value is estimated at $40 million, according to Yahoo News and other published reports.

The exchange has since moved its other virtual currency to a so-called cold wallet -- a platform not connected to the wider Internet.

However, the attack made itself felt around the globe as cryptocurrency fluctuated throughout the day.

Bitcoin, the most popular of the various cryptocurrencies, saw its price drop from an opening high of $6,816 to a low of $6,652 at one point during the day on June 11. The price did recover somewhat later in the trading day, according to Coindesk. Another cryptocurrency, Ethereum, also saw a significant drop.

Overall, Bloomberg estimated that worldwide cryptocurrency lost about $42 billion in market value over the last three days, although there are more factors at play than a cyberattack at a small South Korean exchange, including possible regulations in China.

Still, this latest incident shows how volatile cryptocurrency has become, especially as attackers have turned more of their attention to installing crypto mining malware or engaging in crypto jacking.

In their recent Global Threat Index, Check Point security researchers found that crypto mining and crypto jacking have overtaken ransomware as the most lucrative schemes for cybercriminals. It's a trend that shows no sign of slowing down. (See Cryptomining Malware, Cryptojacking Remain Top Security Threats.)

"Cryptocurrency exchanges are largely in their infancy, and therefore do not have the historical checks, balances, processes, infrastructure and skills that an established financial institution will have," Peter Alexander, the CMO of Check Point, wrote in an email to Security Now. "Big money can flow unchecked in microseconds, and the alarm bells won't start ringing until It's too late. And of course, cryptocurrency can be traded anonymously on a global basis."


Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

The incident in South Korea is one of several attacks that have targeted these exchanges, which security experts believe is a combination of cybercriminals, as well as some nation states looking to disrupt other countries. (See Cryptocurrency Crime: The Internet's New Wild West.)

Brajesh Goyal, the vice president of engineering at cybersecurity firm Cavirin, noted in an email to Security Now that these types of hacks should have these exchanges re-examining their entire cybersecurity plans, especially in such a volatile market.

"Once again, the need for security in depth to protect one's cyber posture," Goyal wrote. "You can't only protect the perimeter. Assume the hackers are already inside and deploy tools that offer continuous assessment and immediate alerting if security posture drift is detected. The tools exist. In this case, the regulators must mandate that exchanges including Conrail implement best practices."

At the same time, the speculation around Bitcoin and other cryptocurrencies, along with various cybercriminal schemes, have had a significant effect on this market. At the end of December, Bitcoin traded at over $19,000 and had plunged to below $7,000 since then.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16192
PUBLISHED: 2020-08-05
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
CVE-2020-17364
PUBLISHED: 2020-08-05
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
CVE-2020-4481
PUBLISHED: 2020-08-05
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
CVE-2020-5608
PUBLISHED: 2020-08-05
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered c...
CVE-2020-5609
PUBLISHED: 2020-08-05
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to cre...