News Insights: Attackers breach web analytics service, go on to target Bitcoin platform

Cybersecurity experts from Juniper Networks and Panorays commented on this week’s discovery of a hack that placed malicious code that hijacks any Bitcoin transactions made through the web interface of the Gate.io cryptocurrency exchange. Hackers breached StatCounter, one of the Internet’s largest web analytics platforms: https://www.welivesecurity.com/2018/11/06/supply-chain-attack-cryptocurrency-exchange-gate-io/

Nick Bilogorskiy, cybersecurity strategist at Juniper Networks:

Cryptocurrency exchanges are like the banks of the bitcoin era in that they are the entities most attacked by cybercriminals because it’s “where the money is”. This year alone breached crypto exchanges included Coincheck, Zaif, BitGrail and BitThumb.

What’s interesting about this particular attack is that bitcoin hackers are now adopting the same technique that is popular in enterprise cyber breaches – third party vendor exploitation. Gate.io exchange used the StatCounter script on their site and was breached through it. Vendor and contractor systems are often the weakest link in the chain, as demonstrated by the Best Buy, Scottrade, Target and Walmart breaches, as well as many others. These are also sometimes called supply chain attacks.

To best address this threat, companies should audit all third party code that they use and use continuous threat monitoring to discover breaches internally and respond to them quickly.”

Matan Or-El, CEO, Panorays:

“The recent StatCounter breach is an example of a classic targeted attack on one company through third-party suppliers, rather than the industrialized nature of the Magecart attacks. The technique, dubbed ‘island hopping,’ is just one of multiple third-party and supply chain threats faced by organizations today.

The complex matrix of data ownership and processing by third parties, particularly in this age of the GDPR regulation, requires that organizations put in place systems to help assess and track the cyber risk stemming from supply chain and third parties.”