With cryptocurrencies now a well-established fact within our online societies, organisations must now navigate the new threat landscape these currencies bring. The world of cryptocurrencies is already expansive and always growing – new currencies perpetually rise and fall, while the ways to use and access them are forever changing. However, one particular area in which brands are at risk is through cryptocurrency apps in the mobile ecosystem, where cybercriminals are creating all manner of cryptocurrency fakery designed to fool people out of money. So, what should organisations look out for when managing threats to their brand in this financial sphere?
Threats within the cryptocurrency app ecosystem
A glance at the cryptocurrency app ecosystem can be daunting. Users will be overwhelmed with coins, altcoins, tokens, exchanges and many other cryptocurrency apps that appear in the market every day. These apps – both legitimate and malicious – leverage the massive popularity and ‘get-rich-quick’ promise of cryptocurrency to attract new users. However, many of these apps also become the target of, or are even fronts, for hackers.
One key scam lies in the transit and trade of cryptocurrencies through illegitimate mixers and exchanges. These app services will ordinarily allow you to send currency of one kind and transfer it into another type. Even the most credible versions of these services are liable to hacking with a plethora of moving parts. Then, there are the threat actors, who exploit the nebulous nature of the ecosystem to create fake mixers and exchanges to fool people out of their money. Already, many fraudulent mixers and exchanges, often disguised as legitimate existing services, are being found and blacklisted on various app stores. However, no matter the crackdown, there will always be more to take their place.
Know your digital footprint
One of the most important steps in curtailing the success of these forgeries is by organisations that deal in cryptocurrency having perfect knowledge of their external-facing digital assets – i.e. websites, social media accounts, or anything associated with the brand online – and managing the attack surface that these assets compose. Visibility is paramount. By letting assets spread over the net unsupervised and unchecked, companies become vulnerable to impersonation and immeasurable damage can be done to their brands. Put simply, without knowing what your organisation’s internet presence is across web, mobile and social, how can you be sure where and for what purposes your brand is being used?