Brands under threat in the cryptocurrency app ecosystem

With cryptocurrencies now a well-established fact within our online societies, organisations must now navigate the new threat landscape these currencies bring. The world of cryptocurrencies is already expansive and always growing – new currencies perpetually rise and fall, while the ways to use and access them are forever changing. However, one particular area in which brands are at risk is through cryptocurrency apps in the mobile ecosystem, where cybercriminals are creating all manner of cryptocurrency fakery designed to fool people out of money. So, what should organisations look out for when managing threats to their brand in this financial sphere?

Threats within the cryptocurrency app ecosystem

A glance at the cryptocurrency app ecosystem can be daunting. Users will be overwhelmed with coins, altcoins, tokens, exchanges and many other cryptocurrency apps that appear in the market every day. These apps – both legitimate and malicious – leverage the massive popularity and ‘get-rich-quick’ promise of cryptocurrency to attract new users. However, many of these apps also become the target of, or are even fronts, for hackers.

One key scam lies in the transit and trade of cryptocurrencies through illegitimate mixers and exchanges. These app services will ordinarily allow you to send currency of one kind and transfer it into another type. Even the most credible versions of these services are liable to hacking with a plethora of moving parts. Then, there are the threat actors, who exploit the nebulous nature of the ecosystem to create fake mixers and exchanges to fool people out of their money. Already, many fraudulent mixers and exchanges, often disguised as legitimate existing services, are being found and blacklisted on various app stores. However, no matter the crackdown, there will always be more to take their place.

Know your digital footprint

One of the most important steps in curtailing the success of these forgeries is by organisations that deal in cryptocurrency having perfect knowledge of their external-facing digital assets – i.e. websites, social media accounts, or anything associated with the brand online  – and managing the attack surface that these assets compose. Visibility is paramount. By letting assets spread over the net unsupervised and unchecked, companies become vulnerable to impersonation and immeasurable damage can be done to their brands. Put simply, without knowing what your organisation’s internet presence is across web, mobile and social, how can you be sure where and for what purposes your brand is being used?

About the author: Fabian Libeau

Fabian Libeau currently serves as VP EMEA for RiskIQ and is responsible for RiskIQ’s sales and support operations in EMEA. Prior to this role he was EMEA Technical Director for RiskIQ, working closely with customers to maximise the value they receive from the RiskIQ solution set. Before joining RiskIQ Fabian was with ArcSight and after the acquisition by HP, with HP Enterprise Security Products for 9 years in different technical roles where he worked closely with enterprise customers to implement Log Management solutions and next generation SOCs. Fabian is a frequent speaker at conferences and is CISSP certified. He holds a masters degree in Physics.