Unlike the traditional means where you have to go to the bank and provide some sort of assurance, cryptocurrency mining just needs your computational power from the machine and devices to contribute as a node. The difficulty arises from the fact that the devices may not be secure, many a times without the conscience of the user. Going by the recent predictions, India will have approximately 500 million mobile users in 2018. Those are the sheer numbers apart from the desktops and laptops that everybody carries in their offices and homes.
Akamai has been developing various forms of threat mitigation over the last several years, and have built out an entire threat research team to study the behaviour of these hazards, in addition to take an algorithmic approach to identifying the anomalies in behaviour for various DNS lookups. Therefore, in an exclusive interaction, Aseem Ahmed, Sr Product Manager, Cloud Security, APAC, Akamai Technologies took Sarabjeet Kaur, BW CIO, through the basics of Cryptocurrency, his views and opinions surrounding the ongoing trends and also how Akamai is dealing with the challenges involved. Excerpts:
BW CIO: What is coin mining and what are the different techniques through which it is done?
Aseem Ahmed: Crypto mining is a process of generating coins. They can be achieved through various means, one of them being crypto jacking. Now crypto jacking is a technique to hijack the user browsers or machines to mine crypto currency usually without user consent. The users don’t get to know that they are impacted by it or that they are contributing to crypto mining. The users or the machines become the nodes in generating crypto currency. One way of doing this is by using the crypto mining malware such as fake apps or malware based apps that are very prominent across different app stores. The malicious actors or authors create those apps just for one sole purpose but are disguised as something else. The underlying method is going to be using crypto jacking based on malware.
BW CIO: Does this mean that crypto currency trading platforms are actually safe but it is actually the means through which they reach the platform that we should be concerned about?
Aseem Ahmed: At this point, I would say that it is not fully validated. The security threats predominantly are not very different from what other organisations face. The key thing is, since it is all virtual currency, it may also depend on the country you are in. Since virtual currency is not regulated nor accepted by all countries, by law. There are some crypto currency exchanges that fall under the purview of the laws of the land in different countries, but there are also many which do not accept cryptocurrency as a valid currency. I would say that, based on the incidents in the last two years, it is not that cryptocurrency platforms are not vulnerable. In fact, cryptocurrency exchanges have been hacked and filed for bankruptcy. Security becomes an integral part of not only the platform but also for any website owner as well. Attention should be paid towards anybody trying to compromise their website and upload the crypto mining malware or script on that.
BW CIO: What difference are you noticing now in advance trading? Are people backing out, especially after the recent RBI announcement?
Aseem Ahmed: We specifically don’t look into the cryptocurrency data as such but I am aware that different government bodies have their own stance right now on cryptocurrency. We have seen RBI and NASSCOM coming up with their stance. It is something that we will have to wait and watch, within the Indian geography. There has been an incident with the crypto currency exchange in India getting hacked. Recently bitcoins worth INR 20 crores were stolen. What we do know is that there are a lot of crypto miners based out of India. If you look at the recent reports, the number of crypto miners or nodes participating in India has significantly increased to more than 4000%.
At Akamai, we keep monitoring the different domains based on our DNS algorithms- the crypto mining domains. There has been a significant rise not only in India alone but globally as well. Definitely, crypto mining is on the rise. Now whether the new regulations will have an impact on people participating in it on an intentional basis is something we will have to wait and watch. What we do know is that majority of the people who end up participating in crypto mining don’t do that intentionally anyway. It is mostly compromised machines and devices.
BW CIO: Is that why India is so vulnerable as a country? In the beginning of 2018, India ranked 2nd in increased crypto miners percentage globally. Does this call for a possibly friendly environment for the hackers?
Aseem Ahmed: It does mean so, in the sense that the internet hygiene in India is something that we need to collectively work on. Two key things: how users use the internet in the first place and how aware are they about the threats. While the organisations will have their own awareness programs and work towards it, overall, we still need the policies and structures to make the common user aware of different sorts of threats like crypto mining. Also, to make them understand the importance of internet hygiene.
In the case of devices connecting to the internet exploding on a daily basis, we are 2nd in the world with the highest number of internet devices and close to 500 million users in 2018. That will further complicate the situation. By the sheer number of internet users, it is a significant challenge to have all the users be aware of how to use the internet, which sites can be accessed etc. They need to keep their anti-virus software updated to make sure that if they go to a site that serves the coin mining malware there, the anti-virus security catches that.
BW CIO: How does Akamai help its customers in preventing their digital businesses from being at risk?
Aseem Ahmed: We have our cloud security solutions that work to provide seamless user experience and security. We build the platform and our products that work hand in hand. We are able to deliver the content securely on any device in any part of the world as our cloud security solutions use web application protection technologies, because of which the attackers cannot code injections onto the sites. Vulnerabilities like cross site scripting that can be used to plant a coin mining malware or even coin mining script on the website can be protected using the Akamai Kona site defender product. It protects from a variety of web application threats. We have our Enterprise Threat Protector using which we are able to detect the coin mining malwares on the user machines. Finally using our Enterprise Application Access we provide secure access for users using the zero trust concept. We verify each and every transaction from the user and ensure only the legitimate user gets access to the application without getting access to the whole network.
BW CIO: What role does the Akamai cloud platform play in mitigation of digital threats?
Aseem Ahmed: The whole Akamai platform is cloud based. On top of that, we have built a whole layer of security solutions such as Kona Site Defender, Bot Manager for bot management, they run on the cloud and are all integrated within the cloud delivery platform. This gives customers or organisations an unprecedented scale. We are the largest to absorb the attacks.
Earlier this year we mitigated the largest attack the internet has seen, which was 1.3tbs of Memchached attack. It was targeted against one of our customers. We as a company have built the platform which is much ahead of the highest velocity attacks that we have seen on the internet. Our solutions are fully integrated to the cloud on our platform and our key differentiator is that we provide customers with a single platform to improve their security quotient and to develop their security strategy. On the same platform you can plug different security modules.
BW CIO: What differentiates Akamai from its competitors in this space?
Aseem Ahmed: Akamai is the global leader, in terms of content delivery for customers, providing them the superior digital experience, with the consistency, quality and security at the same time. What separates us is that our platform provides a single platform approach on top of which you can build your digital performance and security in a strategy. Meaning there are different products, modules and features that gets plugged into the largest cloud delivery platform. Using which you can achieve that superior online experience and security. We provide a single platform strategy instead of a multi-vendor approach, like a one point solution, where we can provide customers with a variety of solutions for their digital transformation journey as well as their digital initiatives.