Modern Two-Factor: Could It Have Prevented Bitcoin Breaches?
A SecurityWatch blog, How Thieves Steal Your Bitcoins, details the variety of malware families (over 100 different types) targeting cryptocurrency exchanges and wallets - the majority of which aren’t technically sophisticated at all, as the article denotes. Wallet and credential-stealing malware as well as man-in-the-browser attacks appear to be the most popular.
Wallet-stealing malware searches for wallet.dat and other common filenames on a user’s computer, then transfers files to a remote server. Credential-stealing malware is more intended for exchange break-ins, as this type of malware intercepts credentials as the user attempts to login.
Predator Pain is one type of credential and file-stealing Trojan (referred to as a keylogger in an online forum) that steals users’ logins to many different applications and online services, including Bitcoin, World of Warcraft and Microsoft Outlook, according to TechWeekEurope.
Findings of these cryptocurrency malware families come from Dell SecureWorks researchers, Joe Stewart and Pat Litke, who presented their work, Cryptocurrency-Stealing Malware Landscape, at this year’s RSA Conference in San Francisco. They report that even some types of two-factor authentication that users may enable to protect against these types of credential-stealing attacks can be bypassed:
Many exchanges have implemented two-factor authentication using one-time PINs to combat unauthorized logins. However, more advanced malware can easily bypass OTP-based 2FA, by intercepting the OTP as it is used and creating a second hidden browser window in order to log the thief into the account from the user's own computer. - DarkReading.com, More Than 100 Flavors of Malware Are Stealing Bitcoins
Additionally, man-in-the browser malware can intercept transactions and change the send address before it’s signed - the malware checks and intercepts any transaction that contains a valid Bitcoin address.
So how do you protect against credential-stealing malware on not only your cryptocurrency accounts, but also your webmail, cloud apps, and other accounts? A modern two-factor authentication solution can solve the problem.
Using an out-of-band authentication method designed to protect against man-in-the-browser attacks, as well as other credential theft attacks can bring down the success rate of these attacks. Instead of using a one-time password or pin, modern two-factor solutions allow you to authenticate via push notifications on your smartphone.
Additionally, the design of the security solution matters - your users’ phones and your modern two-factor provider’s servers should be set up to validate each other to prevent network-level attacks against the authentication process.
Two-factor authentication via push notification can be leveraged to protect online banking accounts as well. As I wrote about in a previous article, The Current State of Online and Mobile Banking Security, attackers can use phishing attacks to install a Trojan on user computers to steal their banking credentials and log in remotely.
One way to protect against this type of attack is to implement transaction-level two-factor authentication that requires verification via a user’s phone before transferring or making any type of transaction on their account.
There are many ways to protect your cryptocurrency exchange account logins and online banking logins, but not every two-factor authentication solution is created equal. Find out more about modern two-factor authentication and push notifications.