Special Feature
Part of a ZDNet Special Feature: 2017: The Year's Best Tech for Work and Play

Cyberwar: A guide to the frightening future of online conflict

Updated: With the arrival of cyberwarfare, every device had become a battleground. Here's everything you need to know.

player version2.5.3
stream typeHLS
playback state1
current time6.19
buffer length0.00
average dropped (fps)0.00
playback framerate (fps)30.00
switching modeauto
transition statecomplete
start index bitrate (B/s)-0.00k
current index bitrate (B/s)4.94M
current bandwidth (B/s)17.69M

What is cyberwar?

At its core, cyberwarfare is the use of digital attacks by one country or nation to disrupt the computer systems of another with the aim of create significant damage, death or destruction.

What does cyberwarfare look like?

Cyberwar is still an emerging concept, but many experts are concerned that it is likely to be a significant component of any future conflicts. As well as troops using conventional weapons like guns and missiles, future wars will also be fought by hackers using computer code to attack an enemy's infrastructure.

Governments and nation states are now officially training for cyberwarfare: An inside look

Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and TechRepublic takes you inside.

Read More

Governments and intelligence agencies worry that digital attacks against vital infrastructure -- like banking systems or power grids -- will give attackers a way of bypassing a country's traditional defences.

And unlike standard military attacks, a cyberattack can be launched instantaneously from any distance, with little obvious evidence in the build-up, and it is often extremely hard to trace such an attack back to its originators. Modern economies, underpinned by computer networks that run everything from sanitation to food distribution and communications, are particularly vulnerable to such attacks, especially as these systems are in the main poorly designed and protected.

The head of the US National Security Agency (NSA) Admiral Michael Rogers said his worst case cyberattack scenario would involve "outright destructive attacks", focused on some aspects of critical US infrastructure and coupled with data manipulation "on a massive scale". Shutting down the power supply or scrambling bank records could easily do major damage to any economy. And some experts warn it's a case of when, not if.

What is the definition of cyberwarfare?

Whether an attack should be considered to be an act of cyberwarfare depends on a number of factors. These can include the identity of the attacker, what they are doing, how they do it -- and how much damage they inflict.

Like other forms of war, cyberwarfare is usually defined as a conflict between states, not individuals. Many countries are now building up military cyberwarfare capabilities, both to defend against other nations and also to attack if necessary.

Attacks by individual hackers, or even groups of hackers, would not usually be considered to be cyberwarfare, unless they were being aided and directed by a state.


Nation states' conflict is increasingly moving online.

Getty Images/iStockphoto

For example, cyber-crooks who crash a bank's computer systems while trying to steal money would not be considered to be perpetrating an act of cyberwarfare, even if they came from a rival nation. But state-backed hackers doing the same thing to destabilise a rival state's economy might well be considered so.

The nature and scale of the targets attacked is another indicator: defacing a company website is unlikely to be considered an act of cyberwarfare, whereas disabling the missile defence system at an airbase would certainly come close. And the weapons used are important too: cyberwar refers to digital attacks on computer systems: firing a missile at a data center would not be considered cyberwarfare. Similarly using hackers to spy or even to steal data - cyberespionage - would not in itself be considered an act of cyberwarfare but might be one of the tools used.

Cyberwarfare and the use of force

How these factors combine matters because they can help determine what kind of response a country can make to a cyberattack.

There is one key definition of cyberwarfare, which is a digital attack that is so serious it can be seen as the equivalent of a physical attack.

To reach this threshold, an attack on computer systems would have to lead to significant destruction or disruption, even loss of life. This is a significant threshold because under international law states are permitted to use force to defend themselves against an armed attack.

It follows then that, if a country were hit by a cyberattack of significant scale, they would be within their rights to strike back using their standard military arsenal: to respond to hacking with missile strikes. So far this has never happened -- indeed it's not entirely clear if any attack has ever reached that threshold. That doesn't mean that attacks which fail to reach that level are irrelevant or should be ignored: it just means that the country under attack can't justify resorting to military force to defend itself. There are plenty of other ways of responding to a cyberattack, from sanctions and expelling diplomats, to responding in kind, although calibrating the right response to an attack is often hard.

What is the Tallinn Manual?

One reason that definitions of cyberwarfare have been blurred is that there is no international law that covers cyberwar, which is what really matters here, because it is such a new concept. That doesn't mean that cyberwarfare isn't covered by the law, it's just that the relevant law is piecemeal, scattered, and often open to interpretation.

special feature

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Read More

This lack of legal framework has resulted in a grey area: in the past some states have used the opportunity to test out cyberwar techniques in the knowledge that other states would be uncertain about how they could react under international law.

More recently that grey area has begun to shrink. A group of law scholars has spent years working to explain how international law can be applied to digital warfare. This work has formed the basis of the Tallinn Manual, a textbook prepared by the group and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCDCoE) based in the Estonian capital of Tallinn, from which the manual takes its name.

The first version of the manual looked at the rare but most serious cyberattacks, which rose to the level of the use of force; the second edition released earlier this year looked at the legal framework around cyberattacks, which do not reach the threshold of the use of force, but which take place on a daily basis.

Aimed at legal advisers to governments, military, and intelligence agencies, the Tallinn Manual sets out when an attack is a violation of international law in cyberspace, and when and how states can respond to such assaults.

The manual consists of a set of guidelines -- 154 rules -- which set out how the lawyers think international law can be applied to cyberwarfare, covering everything from the use of cyber-mercenaries to the targeting of medical units' computer systems.

The idea is that by making the law around cyberwarfare clearer, there is less risk of an attack escalating, because escalation often occurs when the rules are not clear and leaders overreact.

Which countries are preparing for cyberwar?

According to US intelligence chiefs, more than 30 countries are developing offensive cyberattack capabilities, although most of these government hacking programmes are shrouded in secrecy.

The US intelligence briefing lists Russia, China, Iran, and North Korea as the major "cyber threat actors" to worry about. Russia has a " highly advanced offensive cyber program" and has "conducted damaging and/or disruptive cyber-attacks including attacks on critical infrastructure networks", it warns.

China has also "selectively used cyber attacks against foreign targets" and continues to "integrate and streamline its cyber operations and capabilities", said the report, which also said Iran has already used its cyber capabilities directly against the US with a distributed denial of service attacks targeting the US financial sector in 2012-3. The report also notes that when it comes to North Korea: "Pyongyang remains capable of launching disruptive or destructive cyber attacks to support its political objectives."

US cyberwarfare capabilities

However, it's likely that the US has the most significant cyberdefence and cyberattack capabilities. Speaking last year, President Obama said: "we're moving into a new era here, where a number of countries have significant capacities. And frankly we've got more capacity than anybody, both offensively and defensively."

Much of this capability comes from US Cyber Command, lead by Admiral Rogers who also leads the NSA, which has a dual mission: to protect US Department of Defence networks but also to conduct "full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries".

Admiral Michael Rogers, director of the US National Security Agency and head of US Cyber Command

Image: Siim Teder/Estonian Defence Forces

Cyber Command is made up of a number of what it calls Cyber Mission Force teams.

The Cyber National Mission Force teams defend the US by monitoring adversary activity, blocking attacks, and manoeuvring to defeat them.

Cyber Combat Mission Force teams conduct military cyber operations to support military commanders, while the Cyber Protection Force teams defend the Department of Defense information networks.

By the end of fiscal year 2018, the goal is for the force to grow to nearly 6,200 and for all 133 teams to be fully operational. The US is believed to have used various forms of cyber weapons against the Iranian nuclear programme, the North Korean missile tests and the so-called Islamic State, with mixed results.

Reflecting the increased priority the US is putting on cyberwarfare capabilities in August 2017 President Donald Trump upgraded Cyber Command to the status of a Unified Combatant Command, which puts on the same level as groups such as the US Pacific Command and US Central Command. At the same time the Department of Defense said it was also considering separating Cyber Command from the NSA: Admiral Rogers currently heads both organisations and they share staff and resources. Other US agencies like the CIA and NSA have cyberespionage capabilities and have in the past been involved with building cyberweapons - such as the famous Stuxnet worm (see below).

The UK has also publicly stated that is working on cyberdefence and offence projects, and has vowed to strike back if attacked in this manner.

What do cyberweapons look like?

The tools of cyberwarfare can vary from the incredibly sophisticated to the utterly basic. It depends on the effect the attacker is trying to create. Many are part of the standard hacker toolkit, and a series of different tools could be used in concert as part of a cyberattack. For example, a Distributed Denial of Service attack was at the core of the attacks on Estonia in 2007.

Ransomware, which has been a constant source of trouble for businesses and consumers may also have been used not just to raise money but also to cause chaos. There is some evidence to suggest that the recent Petya ransomware attack which originated in Ukraine but rapidly spread across the world may have looked like ransomware but was being deployed to effectively destroy data by encrypting it with no possibility of unlocking it.

Other standard hacker techniques are likely to form part of a cyberattack; phishing emails to trick users into handing over passwords or other data which can allow attackers further access to networks, for example. Malware and viruses could form part of an attack like the Shamoon virus, which wiped the hard drives of 30,000 PCs at Saudi Aramco in 2012.

According to the Washington Post, after revelations about Russian meddling in the run up to the 2016 US Presidential elections, President Obama authorised the planting cyber-weapons in Russia's infrastructure. "The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race," the report said.

Cyberwarfare and zero-day attack stockpiles

Zero-day vulnerabilities are bugs or flaws in code which can give attackers access to or control over systems, but which have not yet been discovered and fixed by software companies. These flaws are particularly prized because there will likely be no way to stop hackers exploiting them. There is a thriving trade in zero-day exploits that allow hackers to sidestep security: very handy for nations looking to build unstoppable cyber weapons. It is believed that many nations have stock piles of zero day exploits to use for either cyber espionage or as part of elaborate cyber weapons. Zero day exploits formed a key part of the Stuxnet cyberweapon (see below).

One issue with cyberweapons, particularly those using zero-day exploits is that -- unlike a conventional bomb or missile -- a cyberweapon can be analysed and even potentially repurposed and re-used by the country or group it was used against.

One good example of this is shown by the WannaCry ransomware attack which caused chaos in May 2017. The ransomware proved so virulent because it was supercharged with a zero-day vulnerability which had been stockpiled by the NSA, presumably to use in cyberespionage. But the tool was somehow acquired by the Shadow Brokers hacking group which then leaked it online, after which the ransomware writers incorporated it into their software, making it vastly more powerful.

This risk of unexpected consequences mean that cyberweapons and tools have to be handled - and deployed - with great care. There is also the further risk that thanks to the hyper-connected world we live in that these weapons can spread much also cause much greater chaos than planned, which is what may have happened in the case of the Ukrainian Petya ransomware attack.

What is Stuxnet?

Image: Getty Images/iStockphoto

Stuxnet is a computer worm that targets industrial control systems, but is most famous for most likely being the first genuine cyber-weapon, in that it was designed to inflict physical damage.

It was developed by the US and Israel (although they have never confirmed this) to target the Iranian nuclear programme. The worm, first spotted in 2010, targeted specific Siemens industrial control systems, and seemed to be targeting the systems controlling the centrifuges in the Iranian uranium enrichment project -- apparently damaging 1,000 of these centrifuges and delaying the project, although the overall impact on the programme is not clear.

Stuxnet was a complicated worm, using four different zero-day exploits and likely took millions of dollars of research and months or years of work to create.

Is cyberwarfare escalation a concern?

There is a definite risk that we are at the early stages of a cyberwar arms race: as countries realise that having a cyberwarfare strategy is necessary they will increase spending and start to stockpile weapons, just like any other arms race. That means there could be more nations stockpiling zero-day attacks, which means more holes in software not being patched, which makes us all less secure. And countries with stockpiles of cyberweapons may mean cyberconflicts are able to escalate quicker. One of the big problems is that these programmes tend to be developed in secret with very little oversight and accountability and with mirky rules of engagement.

What are the targets in cyberwar?

Military systems are an obvious target: preventing commanders from communicating with their troops or seeing where the enemy is would give an attacker a major advantage.

Special report: Cyberwar and future of cybersecurity

You can download our full special report as a PDF in magazine format. It's free to registered ZDNet and TechRepublic members.

Read More

However, because most developed economies rely on computerised systems for everything from power to food and transport many governments are very worried that rival states may target critical national infrastructure. Supervisory control and data acquisition (SCADA) systems, or industrial control systems, which run factories, power stations and other industrial processes are a big target, as Stuxnet showed.

These systems can be decades old and were rarely designed with security as a priority, but are increasingly being connected to the internet to make them more efficient or easy to monitor. But this also makes these systems more vulnerable to attack, and security is rarely upgraded because the organisations operating them do not consider themselves to be a target.

A short history of cyberwar

For many people 2007 was when cyberwar went from the theoretical to the actual.

When the government of the eastern European state of Estonia announced plans to move a Soviet war memorial, it found itself under a furious digital bombardment that knocked banks and government services offline (the attack is generally considered to have been Russian hackers; Russian authorities denied any knowledge). However, the DDoS attacks on Estonia did not create physical damage and, while a significant event, were not considered to have risen to the level of actual cyberwarfare.

Another cyberwarfare milestone was hit the same year, however, when the Idaho National Laboratory proved, via the Aurora Generator Test, that a digital attack could be used to destroy physical objects -- in this case a generator.

The Stuxnet malware attack took place in 2010, which proved that malware could impact the physical world.

Since then there has been a steady stream of stories: in 2013 the NSA said it had stopped a plot by an unnamed nation -- believed to be China -- to attack the BIOS chip in PCs, rendering them unusable. In 2014 there was the attack on Sony Pictures Entertainment, blamed by many on North Korea, which showed that it was not just government systems and data that could be targeted by state-backed hackers.

Perhaps most seriously, just before Christmas in 2015 hackers managed to disrupt the power supply in parts of Ukraine, by using a well-known Trojan called BlackEnergy. In March 2016 seven Iranian hackers were accused of trying to shut down a New York dam in a federal grand jury indictment.

Nations are rapidly building cyberdefence and offence capabilities and NATO in 2014 took the important step of confirming that a cyberattack on one of its members would be enough to allow them to invoke Article 5, the collective defence mechanism at the heart of the alliance. In 2016 it then defined cyberspace as an "operational domain" -- an area in which conflict can occur: the internet had officially become a battlefield.

Cyberwar and the Internet of Things

Big industrial control systems or military networks are often considered the main targets in cyberwarfare but one consequence of the rise of the Internet of Things may be to bring the battlefield into our homes.

"Our adversaries have capabilities to hold at risk US critical infrastructure as well as the broader ecosystem of connected consumer and industrial devices known as the Internet of Things," said a US intelligence community briefing from January 2017. Connected thermostats, cameras, and cookers could all be used either to spy on citizens of another country, or to cause havoc if they were hacked.

How do you defend against cyberwarfare?

The same cybersecurity practices that will protect against everyday hackers and cyber-crooks will provide some protection against state-backed cyberattackers, who use many of the same techniques. That means covering the basics: changing default passwords and making passwords hard to crack, not using the same password for different systems, making sure that all systems are patched and up-to-date (including the use of antivirus software), ensuring that systems are only connected to the internet if necessary and making sure that essential data is backed up securely. This may be enough to stop some attackers or at least give them enough extra work to do that they switch to an easier target.

Recognising that your organisation can be a target is an important step: even if your organisation is not an obvious target for hackers motivated by greed (who would hack a sewage works for money?) you may be a priority for hackers looking to create chaos.

However, for particularly high-value targets this is unlikely to be enough: these attacks are called 'advanced and persistent'. In this case it may be hard to stop them at the boundary and additional cybersecurity investments will be needed: strong encryption, multi-factor authentication and advanced network monitoring. It may well be that you cannot stop them penetrating your network, but you may be able to stop them doing any damage.

At a higher level, nations and groups of states are developing their own cyber-defence strategies. The European Union recently announced plans to work on a cyber-defence plan which it will invoke if it faces a major, cross-border cyber-attack, and plans to work with NATO on cyber-defence exercises. However, not all nations consider such planning to be a particularly high priority.

What is cyberespionage?

Closely related but separate to cyberwarfare is cyberespionage, whereby hackers infiltrate computer systems and networks to steal data and often intellectual property. There have been plenty of examples of this in recent years: for example the hack on the US Office of Personnel Management, which saw the records of 21 million US citizens stolen, including five million sets of fingerprints, was most likely carried out by Chinese state-backed hackers.

Perhaps even more infamous: the hacking attacks in the run up to the 2016 US Presidential elections and the theft of emails from the Democratic National Committee: US intelligence said that Russia was behind the attacks. The aim of cyberespionage is to steal, not to do damage, but it's arguable that such attacks can also have a bigger impact. Law scholars are, for example, split on whether the hacks on the DNC and the subsequent leaking of the emails could be illegal under international law.

Some argue that it mounts up to meddling in the affairs of another state and therefore some kind of response, such as hacking back, would have been justified; others argue that it was just below the threshold required. As such the line between cyberwarfare and cyberespionage is a blurred one: certainly the behaviour necessary is similar for both -- sneaking into networks, looking for flaws in software -- but only the outcome is different; stealing rather than destroying. For defenders it's especially hard to tell the difference between an enemy probing a network looking for flaws to exploit and an enemy probing a network to find secrets.

"Infiltrations in US critical infrastructure -- when viewed in the light of incidents like these -- can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests," NSA chief Rogers said in testimony to the US Senate.

Cyberwarfare and information warfare

Closely related to cyberwarfare is the concept of information warfare; that is, the use of disinformation and propaganda in order to influence others -- like the citizens of another state. This disinformation might use documents stolen by hackers and published -- either complete or modified by the attackers to suit their purpose. It may also see the use of social media (and broader media) to share incorrect stories. While Western strategists tend to see cyberwarfare and hybrid information warfare as separate entities, some analysts say that Chinese and Russia military theorists see the two as closely linked. Indeed it is possible that Western military strategists have been planning for the wrong type of cyberwar.

When will cyberwar take place?

It's highly unlikely that a pure cyberwar will ever take place; already the concept has become absorbed into the broader set of military options that exist, just like other technologies including submarines and aircraft before it. That doesn't mean it is irrelevant, rather that some kinds of cyber capabilities are likely to be involved in pretty much every military engagement. Indeed, cyber weapons may well become a more common feature of low intensity skirmishes between nations because they are capable of causing confusion and chaos but not (too) much damage. But the idea of nations fighting purely with digital weapons is unlikely. That's because cyber weapons are hard and expensive to build and can only hit a limited set of targets. And they are only effective against enemies that have relatively sophisticated systems to attack in the first place.

What are cyber wargames?


A member of the Locked Shields Green Team during the cyber defence exercise.

Image: NATO​

One of ways countries are preparing to defend against cyberwarfare is with giant cyberdefence wargames, which pit a 'red team' of attackers against a 'blue team' of defenders.

Some of biggest international cyberdefence exercises, like the NATO-backed Locked Shields event, can see as many as 900 cybersecurity experts sharpening their skills. In Locked Shields the defending teams have to protect small, fictional, NATO member state Berylia from mounting cyberattacks by rival nation Crimsonia.

It's not just the technical aspects of cyberwarfare that are tested out; in September 2017 European Union defence ministers also took place in a table-top exercise called EU Cybrid, designed to test their strategy and decision making in the face of a major cyber attack on the European Union military organisations. The game aimed to help develop guidelines to be used in such a real-life crisis, and was the first exercise to involve politicians at such a senior level.

Read more on cyberwarfare


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All

More Resources

Part of a ZDNet Special Feature: 2017: The Year's Best Tech for Work and Play

The risky business of bitcoin: High-profile cryptocurrency catastrophes of 2017

As Bitcoin lurches toward mainstream acceptance, ZDNet reviews the high-profile disasters, data breaches, vulnerabilities, and criminal cases that shook up digital currency in 2017.

Video: Why rising bitcoin prices are not all good news for ransomware writers

In the last few months, the cryptocurrency industry has exploded with investor interest appearing to be at an all-time high.

The price of Bitcoin alone has surged thousands of dollars in the past few weeks, topping $16,500 at the time of writing, and while some investors plea caution and anticipate a crash, the rise has highlighted just how much interest there is in digital coins and alternative payment methods.

Over the course of the past year, traditional financial institutions have begun exploring cryptocurrency and its backbone infrastructure, digital ledger technologies known as blockchain, with some banks going so far as to offer their clients cryptocurrency-supporting trading accounts and options.

This month, Venezuelan President Nicolas Maduro went as far as to announce a plan to create "Petro," a sovereign virtual currency which he claims can be used to help dig the country out of its current economic crisis.

On TechRepublic: 18 new IT jobs created by Bitcoin and blockchain

Blockchain and cryptocurrency certainly have its benefits. The blockchain has garnered interest in the technology field and beyond as a secure method to share, store, and record data transparently -- with IBM one of many now offering blockchain-based business solutions -- while cryptocurrency, when bought early, has proved to be a lucrative investment.

That is, when security issues do not rear up and smash investor dreams to pieces.

Regulators in the UK and US are both scrambling to control this industry, of which many investors are failing to declare cryptocurrency profits, but on the other side of the spectrum, some are losing cash due to poorly managed Initial Coin Offerings (ICOs), vulnerabilities, malware, and more.

See also: Bitcoin futures begin trading | Ransomware's bitcoin problem: How price surge means a headache for crooks | JPMorgan calls Bitcoin 'fraud' only for use by criminals and North Koreans | TechRepublic: Why more companies will be betting on Bitcoin in 2018

It was back in 2014 with the abrupt closure of Bitcoin trading platform Mt. Gox which signaled all may not be well in the industry when it came to security. Investors are highly unlikely to ever get their money back and the former CEO, Mark Karpeles, faces charges of embezzlement.

Since then, cryptocurrency interest has increased, but so has the security issues surrounding investment.

special report

Download the Blockchain Guide

You can read this executive guide as a PDF (free registration required).

Read More

2017 was an interesting year for the industry, with hacks, vulnerabilities, and data breaches a constant theme.

January was a quiet month as we all recovered from the holiday season, but in February, programmers were left shamefaced after a simple typing error caused the loss of Zcoins worth $585,000 at the time.

According to Zcoin, a "typographical error on a single additional character" in the Zerocoin source code allowed an attacker to generate additional Zcoins during a single transaction, leading to the theft of roughly 370,000 Zcoins.

Little of note took place in March, but in April, OneCoin representatives were in the middle of a sales pitch related to cryptocurrency when law enforcement raided the company, jailing 18 employees and freezing roughly $2 million in investor funds.

Local Delhi police said the company only accepted cash for cryptocurrency and did not issue receipts in order to cover its tracks, therefore suggesting the entire scheme was a scam. (However, this is not to be confused with the China-based Xunlei's OneCoin.)

Little of note happened in May, but in June, the US Securities and Exchange Commission (SEC) won a court case against the now-defunct GAW Miners and Zen Miners, both of which were accused of running Bitcoin Ponzi schemes which defrauded investors with "the lure of quick riches from virtual currency."

July was a busy month with ICOs being targeted for investor funds and cyberattackers running amok.

During the much-awaited CoinDash ICO, hackers used a disarmingly simple tactic to capitalize on investor enthusiasm and steal roughly $7.4 million in Ethereum (ETH).

The unknown hacker or group compromised the CoinDash website and simply changed a wallet address intended for investors during the ICO to a wallet they owned.

It took only minutes before CoinDash realized what had occurred, but the damage was done.

Just a week after, Veritaseum's ICO met a similar fate. In total, 36,000 VERI tokens were stolen by hackers during the event, worth nearly $8 million at the time. The tokens, however, belonged to the company and not investors.

South Korean exchange Bithumb, the fourth largest exchange worldwide, also became a victim in July as thieves managed to steal a database of user information from an employee's personal PC to compromise user accounts, resulting in the theft of information and Bitcoin worth billions of won.

In the same month, the Parity wallet was compromised by an attacker who slinked away with over $30 million in Ethereum.

At least three wallets were compromised through the exploit of a vulnerability in the wallet, with Edgeless Casino, Aeternity, and Swarm City named as victims.

To prevent more wallets being drained, white hats took charge and drained user wallets themselves to hold them until the bug was fixed.

In August, hackers used a simple trick to swindle investors on the Ethereum platform Enigma.

As the marketplace was gearing up for its ICO, potential traders were sent "very convincing" emails announcing a "pre-sale" of tokens and inviting them to participate.

While some users recognized the emails as a scam, others did not, parting with close to $500,000 in Ethereum. It appears that the user details were gained through the compromise of the Enigma Slack channel and email lists.

In September, the US Commodity Futures Trading Commission (CFTC) filed a court case against Nicholas Gelfman and Gelfman Blueprint, alleging that the company scammed roughly 80 investors out of $600,000 through a Ponzi scheme.

The victims were reportedly actually involved in an exit scheme and were told the "Jigsaw" trading platform had been hacked.

South Korea made the headlines at this time, too, by outlawing ICOs due to the risk of scams.

In October, Alexander Vinnik became the source of a fight between the US and Russia -- both of which want to charge him with suspected Bitcoin laundering. The Russian national allegedly was the mastermind behind BTC-e, which "washed" funds without taking customer information, allowing for laundering to take place.

BTC-e was given a $110 million fine.

Vancouver-based Etherparty had to temporarily shut down its FUEL token sale after 45 minutes into the event in the same month after a cyberattacker switched the firm's wallet address with one they owned in an attempt to steal user funds.

Impacted investors were compensated.

Perhaps due to the risks some ICOs represented to investors, China took the same stance as South Korea, banning ICOs as "illegal" in the same month.

November was a terrible month for Tether, a start-up used to exchange cryptocurrency backed by traditional cash. The company revealed that cybercriminals managed to compromise its treasury wallet and steal $30,950,010 USDT -- a token linked to the US dollar -- before sending the tokens to an unauthorized wallet.

Tether said that the company is working to recover the lost funds.

This was a strange month in the cryptocurrency space. An Ethereum user, poking around the Parity wallet -- used to store and trade Ethereum -- accidentally exploited a major vulnerability hidden within the library of the standard multi-sig contract.

The user was able to make himself an owner of a contract and at the same time wiped out a critical element of library code which locked other users out of their wallets.

The actions of the user resulted in $160 million in funds being frozen.

A solution is yet to be found, although a hard fork has been proposed as a potential solution.

While companies grappled with the aftermath of theft and data breaches, a 47-year-old pastor in New Jersey was sentenced to over five years in prison for accepting bribes through the unlicensed, illegal Coin.mx Bitcoin exchange through his community church.

It may be the season for holiday cheer, but few NiceHash users are going to have a good season. In December, the company admitted that $68 million in investor funds had been stolen from the NiceHash wallet, resulting in suspended operations. The full extent of the breach is still not yet known.

SEC took on another cryptocurrency outfit in the same month, filing charges against PlexCorps for allegedly conducting ICO fraud. The company raised up to $15 million by promising investors a 13-fold profit within weeks.

Read more: Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets

Data breaches and successful hacks are not the only concerns in the cryptocurrency industry, however, with some threat actors embracing new variants of malware to steal user funds and compromise wallets.

While reports suggest North Korea is secretly using malware to enslave PCs for the purposes of cryptocurrency mining, the concept was also brought closer to home this year.

Users of The Pirate Bay reported CPU problems in October when visiting the torrent search website, which was later revealed to be due to a Monero mining pilot, implemented without user consent.

See also: 500 million PCs are being used for stealth cryptocurrency mining online | Hackers hijack Coinhive cryptocurrency miner through an old password | How much does The Pirate Bay's cryptocurrency miner make? | Android security: Coin miners show up in apps and sites to wear out your CPU

Cloudflare is now blocking websites which use such software without user permission, and while lending CPU power in return for ad-free browsing may be a possible future, consent is key.

In the meantime, Trend Micro says that Google Play is littered with mining apps masquerading as legitimate software.

Ransomware which demands cryptocurrency, botnets, and malware designed to infiltrate wallets stored offline on user PCs are also a growing problem.

With the increased popularity of cryptocurrency and growing interest of attackers keen to cash in through malware, phishing, and attacking trader events such as ICOs, investors need to be careful.

Cryptocurrency has a future in finance and investment, but cybersecurity will remain a challenge in 2018.

Previous and related coverage

    500 million PCs are being used for stealth cryptocurrency mining online

    Your PC may be used to find cryptocurrency when you visit websites, with or without your consent.

    Hackers hijack Coinhive cryptocurrency miner through an old password

    Yet another lesson in how not to secure your network.

    Falcon bank offers clients Bitcoin, cryptocurrency trade accounts

    Banking customers will now be able to hold and buy Bitcoin, but what does this mean for anonymity?


      You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
      See All
      See All