Security Market Segment LS
Tuesday, 21 May 2019 13:10

Could behavioural analytics have stopped the Binance crypto hack?

By
Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks? Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks?

A recent, sophisticated attack on the popular Binance cryptocurrency trading platform saw users’ accounts compromised and simultaneous withdrawals made to the tune of 7000 Bitcoins (worth $40m at the time).

Users unwittingly had two-factor authentication codes (2FA) compromised via malware and phishing attempts along with API keys that were used to automate trading. It highlights the problems of relying on security credentials that can be compromised. In recent weeks we’ve been talking to Forcepoint, a security company that adds behavioural analysis to the mix, in order to understand whether this level of security would have helped stop the exfiltration of data which, in this case, meant Bitcoins.

According to Binance, the nature of the user behaviour didn’t raise any flags and security only kicked in once the Bitcoins had left the site.

iTWire spoke to Nico Fischbach, Forcepoint chief technology officer, to find out how better behavioural analysis could have helped. He pointed us to a case study of Metro Bank in the UK whereby the bank uses Forcepoint’s CASB (Cloud Access Security Broker) software to “analyse and enforce appropriate controls for SaaS and production applications.” The bank integrated it with their online banking application. It analysed workflows and user behavioural analytics – going beyond a traditional Web Application Firewall (WAF) – to scan for behaviours that were uncommon. He said, “It could be infections, compromised browsers, it could be users trying to do weird things and all of that… [all while] billions of transactions were running through the system.”

He said that the question for financial institutions (especially those dealing with things like Bitcoin should be, “Can behavioural analytics help reduce fraud? Zero fraud doesn’t exist. CASB and UBA (User Beahavioural Analytics) help you further reduce that risk by sitting in-between the user and the transactions without being yet another security bump in the road. Because that’s what people don’t like – they want to be agile and do their transactions. There has to be a cap [on things like 2FA]. You can’t be disruptive on the customer journey but still must have security value.”

Fischbach also emphasised the importance of using analytics in the back-end for “insider threat monitoring.” He said, “This is another angle that is super important.” It was a core focus of the investigation into the major New Zealand Cryptopia exchange hack which, just days ago, went into liquidation having lost huge amounts of customer funds. There were also concerns regarding the QuadrigaCX exchange collapse, whereby access to all wallets was lost when a single employee “went missing.” If this was an exit scam, behavioural analytics could potentially have raised alarms beforehand.

However, the crux of the Binance problem is that alarms only sounded once the Bitcoins had been withdrawn (especially as many went to just several address). While it’s not clear exactly what security layers were in place, it’s not unreasonable to assume that many users suddenly wanting to transfer coins to the same unusual addresses should have flagged security BEFORE being transferred.

Fischbach surmises “Would another security layer of defence that uses CASB and analytics have raised a risk score or a flag earlier for somebody to look into? We can only speculate.”

Whatever the truth is behind the hack, behavioural analytics is looking like a reasonable minimum security standard in a world where online currency transactions is only exploding.

The writer attended the Forcepoint conference in Malaysia as a guest of the company

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Nick Ross

Nick Ross is a veteran technology journalist who has contributed to many of Australia's top technology titles and edited several of them. He was the launch editor of the Australian Broadcasting Corporation online Technology section.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments