Is it time for leading Threat Intelligence Platforms to support custom objects such as Wallet IDs, Cryptocurrency address for Cryptocurrency Threat Intelligence providers?

August 23, 2021

The Financial Crimes Enforcement Network (FinCEN) has named “Cybercrime, including relevant cybersecurity and virtual currency considerations” a national priority. In June 2021, President Joe Biden issued a directive to federal agencies to prioritize efforts to confront global anti-corruption, with Cryptocurrency as a focus. The Biden administration has also unveiled its strategy to combat ransomware, which includes expanding Cryptocurrency analysis to find criminal transactions.

At Loginsoft, we work with several companies which provide Threat Intelligence Data including Cryptocurrency Intelligence with Anti-Money Laundering, Cryptocurrency Forensics, and Blockchain Threat Intelligence Solutions. The Crypto Threat intelligence provided by blockchain companies are used by banking, financial institutions and law enforcement agencies to monitor, investigate and prevent financial crimes such as Financing Terrorism, Ransomware, Bitcoin mules and Extortion that involve Cryptocurrency.

However, most of the leading Security Threat Intelligence Platforms have limitations in supporting Cryptocurrency forensics for investigators, analysts, and researchers. Due to this and government driven policies, there is an increased need for integrating the Cryptocurrency analytics from leading companies like ChainAnalysis, CipherTrace, Elliptic, Coin Path, TRM Labs into various Threat Intelligence Platforms. Most of the banks and government agencies may have already implemented Threat Intelligence Platforms to track and investigate various cyber crimes. It would be nice if some of the leading platforms can start supporting Blockchain analysis tools like Cryptocurrency investigations into their platforms. Integration of Crypto Threat Intel from Block chain companies with Threat Intelligence platforms can provide Analysts an interface as Automated search, Context based Visualization capabilities for creating crypto transaction flows, Address Identification Database. This can help Investigators to identify the destination of the cryptocurrency ransom and analyze transactions relevant to a ransomware campaign through cryptocurrency due diligence. While Threat Intelligence Platforms support integration of IOCs from network endpoints, web applications, intrusion detection & prevention systems, Firewall and so on, they should expand their support to these new custom objects, related to Cryptocurrency so that clients who have already invested in the infrastructure can easily leverage the same platform to monitor and track transactions.

Consider supporting the following Cryptocurrency Intelligence Use Cases which could help in identifying and monitoring these cyber criminalities.

The above Use cases are just a sample that could help and enable investigators, analysts, and researchers to de-anonymize Crypto transactions and obtain solid evidence on individuals who use Cryptocurrencies for various crimes. Fraud investigators can access advanced Cryptocurrency Intelligence combining millions of attribution data points from these Blockchain Intelligence Providers. It will also help facilitate visualizing actionable Cryptocurrency intelligence and help comply with Cryptocurrency regulations.

Typical Users of Cryptocurrency Intelligence:

In Conclusion, as Blockchain technology continues to develop and Cybersecurity community is playing an active role in finding solutions for the challenges posed, there is an opportunity for Threat Intelligence platforms to support the most common target entity types such as Cryptocurrency Address, Transaction and Wallet at the minimum, thereby enhancing Cryptocurrency intelligence.

Get notified

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

BLOGS AND RESOURCES

Latest Articles

RansomHub Revealed: Threats, Tools, and Tactics

December 9, 2024

The Rise of INTERLOCK Ransomware

November 13, 2024

Fortifying the Cloud: A Guide to Securing Vulnerable Cloud Environments

October 23, 2024