Massive account capture attacks represent an increasing risk for exchange houses.
From software bots, hackers are turning to cheap labor in their attacks.
Maintaining robust computer security mechanisms in cryptocurrency exchanges is a constant challenge, due to the existence of an ecosystem of fraud that is increasingly interconnected, said Lizzie Clitheroe, director of B2B marketing at Arkose Labs, on Thursday. Blockdown 2020 virtual conference.
Clitheroe, shared the virtual podium with Benji Taylor, Arkose Labs’ Senior Director of Solutions Delivery, at the conference “Protecting Cryptocurrency Exchanges from Fraud.” The executive began her presentation by describing how the cryptocurrency market , estimated at almost 270,000 million dollars, depends on these exchanges for the operation of a market that manages prices in real time.
The billions of dollars in cryptocurrencies that pass through those exchanges on a daily basis, Clitheroe claims, makes them a lucrative target for hackers and other malicious forces . “Maintaining a robust security of the exchange house is a growing challenge in the face of an ecosystem of fraud that is increasingly interconnected,” said the executive.
Hackers have evolved, Clitheroe says, and have access to a wide range of services including identity farms, with thousands of data constantly being collected and optimized; cheap-labor centers that can perform pre-programmed tasks for a massive attack, and smart technology. And with these kinds of resources in hand, malicious attacks can develop highly sophisticated attack patterns.
Raising the cost of the attack
“Every attack has a cost and even more so in the fraud ecosystem, in which there are services available such as software bots for sale, or groups of people trained to perform pre-programmed tasks, among other resources,” says Benji Taylor.
While including human intervention in an attack, Taylor says, increases its cost, this resource can produce more benefits for hackers, especially in the so-called Account Takeover (ATO) or capture of accounts of a cryptocurrency exchange.
Taylor claims that the consequences of a successful account hacking attack are wide-ranging, as once hackers access legitimate accounts they can steal funds, use the accounts to launder illegally sourced money, or make illegal credit applications.
Arkose Labs specialists agree that in the fight against fraud, it is advisable to see it as a business and consequently, cryptocurrency exchanges should focus on reducing the return on investment of hackers. This requires combining an intelligent risk assessment with increasingly complex challenges for hackers.
From an accurate risk assessment and the necessary analysis of incoming traffic, a recommended strategy is to differentiate the treatment towards possible malicious traffic and that coming from genuine clients , Clitheroe advises. The latter must encounter minimal friction in their visit to the exchange, says the specialist, while the probable traffic from malicious sources is faced with challenges of increasing complexity that use interactive technology to eliminate automated patterns.
By putting more requirements on suspicious traffic, not only will automated fraud be fought, but it would demand more time and resources from human groups, which would increase its cost.
Please read the original article by Froilan Fernández, here.