Bitcoin rises the -10.000 $- 15.000 / coin, are wallets protected ? Who care about Crypto-Money hacking or abuse via the internal ICT of company?
In a financial institution, but not just, I bet some traders and some ICT geeks have a strong Bitcoin / Ethereum wallet and consult it during business hours on their company PC. Profits is there, easy money is also possible.
- Scenario 1 : A consultant or an IT engineer screens the access from the users to the crypto-money portals (Coinbase, Blockchain …). List the targets, then theft the coins of the user(s) via the internal IT tools – or later when credentials captured. As we know, some companies sniff their staff SSL traffic … and ICT can dump it. Some ICT guys have Admin access on users sessions, and TeamViewer and other remote controls tools are common tools, idem for keyboard keyloggers
- Scenario 2: ICT guys targeted by a malware (pdf, job offer, ) and bang ! Hacker has now the keys of the kingdom, their computer can play scenario 1.
- Scenario 3: ICT guys or manager in SME install a RIG (mining computer) in the Datacenter (doesn’t pay the electricity for the mining) … all benefits for him. Or run mining softwares on servers where GPU is strong enough. Company electricity bill is concerned. Electricity is now a new way to generate money
In fact, it is:
- easy to do for technical guys,
- hard to track (poor logs, hardware keyloggers, no evidences, some actions can be play later or outside the company, blockchain is almost anonymous),
- hard to protect from,
That make it one of the next risks to follow and to protect from, not just for the company, but for the users.
1) Solutions ? Yes, there are some responses:
Segregate roles and networks, enforce policies, inform users, remove the ICT all the powers on the users machines (when not required), remove ADMIN accounts to the ICT when not needed, separate controls from the ICT (2nd line of controls), 4 eyes principles when accessing on sensitive data and logs ( Waf, firewalls, SSL decryptors …). And the best one … access to firewalls, security tools and servers … only via a dedicated, monitored and secure host.
Control the electricity bill, and check the access to the mining pool from inside the company.
What do you think ?