Fig. 1. Digital vs. Physical Financial Theft Graphic, Jeremy Swenson, 2025.
Minneapolis—
Cryptocurrencies have revolutionized the financial landscape, offering decentralized and borderless transactions. However, the rise of crypto fraud and theft poses significant challenges to the stability and perception of digital currencies. With large-scale hacks and scams frequently making headlines, the question arises: do these fraudulent activities ultimately raise or lower the value of cryptocurrencies? This article examines the immediate and long-term effects of crypto theft on digital asset valuation, comparing these incidents with traditional cash heists and analyzing market reactions, investor psychology, and regulatory responses.
High-Profile Crypto Thefts and Their Immediate Impact:
One of the most significant incidents in recent history is the Bybit exchange hack in February 2025, where approximately $1.5 billion worth of Ethereum was stolen during a routine transfer from a cold wallet to a warm wallet. The breach led to a temporary decline in Ethereum’s value and prompted over 350,000 withdrawal requests from concerned users. Bybit’s CEO, Ben Zhou, assured clients of the company’s solvency and commitment to reimbursing affected users, highlighting the exchange’s $20 billion in assets to cover the losses.[1] Yet this is hard to believe considering the firm’s newer status. This event underscores the immediate negative impact such breaches can have on cryptocurrency values and investor confidence.
Similarly, the 2016 Bitfinex hack resulted in the theft of 119,756 Bitcoins, causing a sharp decline in Bitcoin’s price by 20%. The exchange managed to recover and reimburse affected users over time, but the incident highlighted vulnerabilities in crypto security and the potential for significant market disruptions.[2] Other major breaches, such as the infamous Mt. Gox collapse in 2014 and the Ronin Network hack of 2022, further illustrate how large-scale thefts can shake the market.[3]
Digital Heists vs. Traditional Bank Robberies:
The magnitude of the Bybit crypto heist becomes more striking when compared to traditional bank robberies. Stealing $1.5 billion in cash presents substantial logistical challenges. For instance, $1 billion in $100 bills weighs approximately 10,000 kilograms (22,046 pounds) and would occupy significant physical space.[4] Transporting such a massive amount would require meticulous planning, heavy machinery, and considerable risk of detection.
In contrast, the largest cash robbery in U.S. history, the Dunbar Armored robbery in 1997, involved the theft of $18.9 million.[5] This amount, while substantial, pales in comparison to the $1.5 billion stolen digitally from Bybit. The largest known cash heist globally was the 2005 Banco Central burglary in Brazil, where thieves stole approximately $70 million by tunneling underground to access the vault.[6] Even this record-setting crime is dwarfed by the scale and ease of execution of digital heists, which require no physical transport or direct confrontation with law enforcement.
Statistical Trends in Crypto Fraud and Theft:
The prevalence of crypto-related fraud and theft has seen a marked increase over the years. In 2022, the FBI reported that Americans lost over $2.57 billion to cryptocurrency investment fraud, a staggering 183% increase from the previous year.[7] This figure represented more than two-thirds of all internet investment scam losses reported that year. By 2023, losses had escalated to over $5.6 billion, indicating a 45% surge from 2022.[8] These statistics reflect a growing trend of illicit activities within the crypto space, which can erode investor trust and negatively impact cryptocurrency values.
Long-Term Effects on Cryptocurrency Value:
While immediate reactions to fraud and theft often result in sharp declines in cryptocurrency values, the long-term effects can vary. In some cases, the market demonstrates resilience, with values rebounding as security measures are enhanced and regulatory frameworks are strengthened. For instance, despite the significant losses from various hacks and scams, the overall market capitalization of cryptocurrencies has continued to grow over the past decade.[9]
However, persistent incidents of fraud and theft can lead to increased volatility and deter potential investors, hindering mainstream adoption. The perception of cryptocurrencies as high-risk assets may be reinforced, leading to more cautious investment approaches and potentially suppressing value growth. Large institutional investors, who could provide market stability, may hesitate to enter the crypto space due to security concerns.[10]
Regulatory Responses and Market Confidence:
Regulatory bodies worldwide are becoming increasingly vigilant in addressing crypto-related fraud and theft. Enhanced regulations aim to protect investors and ensure the integrity of the financial system. While some argue that increased regulation may stifle innovation, others believe it is essential for building trust and stability in the crypto market.[11]
For example, the U.S. government’s recovery of funds from the Bitfinex hack and the subsequent legal actions against the perpetrators demonstrate a commitment to combating crypto-related crimes. Such actions can bolster investor confidence, potentially leading to a positive impact on cryptocurrency values over time.[12] Similarly, stricter Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements for crypto exchanges have been implemented to deter illicit activities and restore trust in the industry.
Conclusion:
Crypto fraud and theft present significant challenges to the stability and perception of cryptocurrencies. While the immediate consequences often include sharp value declines and shaken investor confidence, the long-term impact hinges on the industry’s ability to strengthen security, implement effective regulations, and promote transparency. For crypto thieves and threat actors, the profitability of theft can incentivize further attacks, potentially driving up cryptocurrency values. The real question is: how much theft and insecurity can the system withstand before it collapses, or will its architects continue propping it up just long enough to cash out? As the crypto ecosystem evolves, addressing these vulnerabilities is essential for sustaining growth and maintaining public trust.
About the Author:
Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. Over 17 years, he has held progressive roles at many banks, insurance companies, retailers, healthcare organizations, and even government entities. Organizations appreciate his talent for bridging gaps, uncovering hidden risk management solutions, and simultaneously enhancing processes. He is a frequent speaker, podcaster, and a published writer – CISA Magazine and the ISSA Journal, among others. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MBA from Saint Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Cyber Security Summit Think Tank , the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale and New Hope Citizens Police Academy, and the Minneapolis FBI Citizens Academy. He also has certifications from Intel and the Department of Homeland Security.
References:
“Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever,'” The Guardian, February 23, 2025.
Fig. 1. Master Buys Recorded Future Infographic.[1]
Minneapolis—
Mastercard has long been a leader in the payments industry, known for its global network and cutting-edge financial solutions. However, in recent years, Mastercard has expanded its focus beyond traditional payments to include a broader suite of digital security, risk management, and compliance services. This shift is evident in its key acquisitions of RiskRecon, CipherTrace, and Recorded Future, each of which bolsters the company’s position in the fintech and cybersecurity ecosystems. By integrating AI, advanced analytics, blockchain, and enhanced compliance capabilities, Mastercard has emerged as a more competitive and savvy player in today’s rapidly evolving cyber and fintech landscapes.
1. RiskRecon (Acquired in December 2019):[2]
RiskRecon is a cybersecurity firm that specializes in third-party risk assessment. The company uses AI-driven analytics to help businesses understand and manage their cybersecurity exposure by continuously monitoring the cyber risk of vendors and partners.
Acquisition Details:
Date: December 2019
Cost: Undisclosed, but estimates place it around $150-200 million.
Company Size: A relatively small firm but highly influential in cybersecurity monitoring.
Strategic Value:
RiskRecon’s technology allows Mastercard to offer enhanced cyber risk management services to its business customers. The acquisition integrates AI-driven analytics to assess security risk levels, providing organizations with continuous monitoring of third-party systems, enabling early detection of vulnerabilities, and helping to avoid costly breaches.
For Mastercard, integrating RiskRecon offers:
Enhanced cybersecurity: Real-time risk assessments ensure the security of financial transactions.
Improved compliance: RiskRecon’s platform ensures businesses adhere to international regulations and frameworks for data security.
Fraud avoidance: By continuously scanning systems for vulnerabilities, Mastercard helps its customers avoid fraud or breaches stemming from third-party risks.
2. CipherTrace (Acquired in September 2021):[3]
CipherTrace is a blockchain analytics firm that helps organizations monitor and secure cryptocurrency transactions. Given the growing adoption of digital assets, CipherTrace provides tools for detecting fraud, tracing illicit transactions, and ensuring compliance with anti-money laundering (AML) regulations.
Acquisition Details:
Date: September 2021
Cost: Estimated at $250 million.
Company Size: Medium-sized firm with a specific focus on cryptocurrency compliance and fraud detection.
Strategic Value:
The acquisition of CipherTrace positions Mastercard as a key player in the emerging blockchain space. By integrating CipherTrace’s tools, Mastercard is equipped to:
Secure cryptocurrency transactions: Provide greater transparency in blockchain activities, reducing the risks of fraud, money laundering, and other illicit activities.
Enhance anti-money laundering (AML) compliance: CipherTrace’s tools help organizations comply with strict AML regulations, a significant concern with cryptocurrency.
Support blockchain adoption: As cryptocurrency becomes more mainstream, Mastercard ensures its networks are prepared to support digital asset transactions securely.
This acquisition directly ties into Mastercard’s strategy of offering fraud avoidance and enhanced compliance in the evolving digital economy. As blockchain technology continues to mature, Mastercard is well-positioned to support safe and compliant transactions in the cryptocurrency space.
3. Recorded Future (Acquired in Sept 2024):[4]
Recorded Future is an intelligence company specializing in real-time threat intelligence. By using machine learning and AI, Recorded Future aggregates and analyzes data to provide businesses with insights into potential cyber threats before they can cause damage. They currently has more than 1,900 clients, which span 75 countries, according to Mastercard. Those customers include 45 national governments as well as more than half of the companies in the Fortune 100, the payments firm said.
Acquisition Details:
Date: Sept 2024
Cost: Approximately $2.65 billion. Yet Mastercard was one of the key investors via an equity stake acquired through Insight Partners in 2021.
Company Size: Large, globally recognized threat intelligence company.
Strategic Value:
Recorded Future’s AI-driven threat intelligence adds another layer of security to Mastercard’s offerings:
Proactive cybersecurity: Recorded Future’s data and analytics can identify emerging threats before they impact Mastercard’s networks or those of its partners.
Advanced analytics and AI: Mastercard gains access to an enormous database of threat indicators, allowing the company to leverage AI to detect patterns and anticipate future threats.
Fraud prevention: Real-time threat intelligence makes it easier to stop fraud before it happens, protecting customers from financial loss.
By incorporating Recorded Future’s threat intelligence capabilities, Mastercard is enhancing its ability to prevent cyberattacks and protect the integrity of its global payments infrastructure.
Comparing Mastercard to Visa and American Express:
Mastercard’s acquisitions of RiskRecon, CipherTrace, and Recorded Future have significantly differentiated it from competitors like Visa and American Express.
Visa has also invested heavily in cybersecurity and compliance but lacks the comprehensive focus on third-party risk management (RiskRecon) and blockchain analytics (CipherTrace) that Mastercard now possesses. While Visa has ventured into cryptocurrency through partnerships and blockchain experimentation, it hasn’t yet integrated a firm like CipherTrace, which is critical for cryptocurrency compliance and fraud detection.
American Express, while focused on fraud prevention and customer experience, hasn’t made as aggressive a push into the cybersecurity and blockchain spaces as Mastercard. Amex remains a leader in traditional fraud detection and financial services but lacks the AI-driven intelligence and blockchain transparency that Mastercard has through Recorded Future and CipherTrace.
Mastercard’s comprehensive approach, combining cybersecurity (RiskRecon and Recorded Future), blockchain analytics (CipherTrace), and AI-enhanced threat intelligence, puts it ahead of both Visa and American Express in terms of securing digital transactions and ensuring regulatory compliance.
Conclusion—A Well-Rounded Competitive Advantage:
In today’s fintech landscape, the convergence of cybersecurity, compliance, AI, and blockchain is crucial for payment processors to remain competitive. Mastercard’s strategic acquisitions of RiskRecon, CipherTrace, and Recorded Future provide a holistic solution to the growing challenges of cyber threats, cryptocurrency fraud, and AML compliance. These moves not only strengthen Mastercard’s existing payment network but also position the company as a leader in digital security.
By diversifying its portfolio and incorporating advanced technologies, Mastercard has gained an edge over competitors like Visa and American Express, especially in the areas of fraud avoidance, enhanced compliance, and cryptocurrency security. This forward-thinking approach ensures that Mastercard remains at the forefront of the financial industry, well-prepared for the future of digital payments and the ongoing battle against cybercrime.
About the Author:
Jeremy A. Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and seasoned senior management tech risk and digital strategy consultant. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. He holds a certificate in Media Technology from Oxford University’s Media Policy Summer Institute, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota’s Technological Leadership Institute, an MBA from Saint Mary’s University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire. He is an alum of the Federal Reserve Secure Payment Task Force, the Crystal, Robbinsdale, and New Hope Community Police Academy (MN), and the Minneapolis FBI Citizens Academy. You can follow him on LinkedIn and Twitter.
Fig. 1. 2022 Cyber Year in Review Mashup; Stock, 2023.
The pandemic continues to be a big part of the catalyst for digital transformation in tech automation, identity and access management (IAM), big data, collaboration tools, artificial intelligence (AI), and increasingly the supply chain. Disinformation efforts morphed and grew last year with stronger crypto tie ins challenging data and culture; Twitter hype pump and dumps for example. Additionally, cryptocurrency-based money laundering, fraud, and Ponzi schemes increased partly due to weaknesses in the fintech ecosystem around compliance, coin splitting/mixing fog, and IAM complexity. This requires better blacklisting by crypto exchanges and banks to stop these illicit transactions erroring on the side of compliance, and it requires us to pay more attention to knowing and monitoring our own social media baselines.
The Costa Rican Government was forced to declare a national emergency on 05/08/22 because the Conti Ransomware intrusion had extended to most of its governmental entities. This was a more advanced and persistent ransomware with Russian gang ties (Associated Press; NBC News, 06/17/22). This highlights the need for smaller countries to better partner with private infrastructure providers and to test for worst-case scenarios.
We no longer have the same office due to mass work from home (WFH) and the mass resignation/gig economy. This infers increased automated zero-trust policies and tools for IAM with less physical badge access required. The security perimeter is now more defined by data analytics than physical/digital boundaries. Education and awareness around the review and removal of non-essential mobile apps grows as a top priority as mobile apps multiply. All the while, data breaches, and ransomware reach an all-time high while costing more to mitigate. Lastly, all these things make the Google acquisition of Mandiant more relevant and plausibly one of the most powerful security analytics and digital investigation entities in the world rivaling nation-state intelligence agencies.
Intro:
Every year I like to research and commentate on the most impactful security technology and business happenings from the prior year. This year is unique since crypto money laundering via splitting/mixing, disinformation, the pandemic, and mass resignation/gig economy continue to be a large part of the catalyst for most of these trends. All these trends are likely to significantly impact small businesses, government, education, high-tech, and large enterprise in big and small ways.
1) The Main Purpose of Cryptocurrency Mixer and/or Splitter Services is Fraud and Money Laundering.
Cryptocurrency mixer and/or splitter services serve no valid “real-world” ethical business use case considering the relevant fintech and legal options open. Even in the very rare case when you are a refugee fleeing a financially abusive government regime or a terrorist organization is seeking to steal your assets while the national currency is failing, like in Venezuela, which I wrote about in my 2014 article, “Thought$ On The Future of Digital Curren¢y For A Better World” – that is about political revolution and your personal safety more than anything else. Although cases like this give a valid reason why you might want to mix and/or split your crypto assets, that is not fully the same use case we’re talking about here with the recent uptick of ill-intended crypto mixer and/or splitter service use. Therefore, it’s only fair that we discuss the most likely and common use case, which is trending up, and not the few rare edge cases. This use case would be fraud, Ponzi schemes, and money laundering.
The evidence does not support that a regular crypto exchange is the same thing as a mixer and/or splitter service. For definition’s sake, I am not defining mixing and/or splitting cryptocurrency as the same thing as selling, buying, or converting it – all of this can be done on one or more of the crypto exchanges which is why they are called exchanges. If they are the same or even considerably similar, then why are people and orgs using the mixer and/or splitter services at all? They use them because they offer a considerably different service. Using a mixer and/or splitter service assumes you have gotten some crypto beforehand, from a separate exchange – a step or more before in the daisy chain. This can be done via legal or illegal means. Moreover, why are people paying repeated and hugely excessive fees for these services? The fees are out of line with anything possibly comparable because there is higher compliance and legal risk for the operators of them in that they could get sanctioned like Blender-IO, FTX, Coinbase, Gemini, and others.
You can still have privacy if that is what you are seeking via a semblance of legal moves such as a trust tied to a separate legal entity, family office entity, converting to real estate, and marriage entity – if you have time to do the paperwork. Legally savvy people have anonymity over their assets often to avoid fraudsters, sales reps, and just privacy for privacy’s sake – but again still not the same use case. Even when people/orgs use these legal instruments for privacy, they still have compliance reporting and tax obligations – some disclosure. Keep in mind some disclosure serves to protect you, that you in fact own the assets you say you own. Using these legal instruments with the right technical security including an encrypted VPN and multifactor authentication serves to sustain privacy, and you will then not need a crypto mixer and/or splitter.
Yet if you had cryptocurrency and wanted strong privacy to protect your assets, why would you not at least use some of the aforementioned legal instruments or the like? Mostly because any attorney worth anything would be obligated to report this blatant suspected fraud, and would not want to tarnish their name on the filings, etc. Specifically, the attorney would have to see and know where and what entities the crypto was coming from and going to, under what contexts, and that could trigger them to report or refuse to work with them – a fraudster would want to avoid getting detected.
Specifically, the use of multiple legal entities in different countries in a daisy chain of crypto coin mixing and/or splitting tends to be the pattern for persistent fraud and money laundering. That was the case in the $4.5-billion-dollar crypto theft out of NY (Crocodile of Wall Street), the Blender mixing fraud, and many other cases.
“Blended.io (Blender) is a virtual currency mixer that operates on the Bitcoin blockchain and indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties. Blender receives a variety of transactions and mixes them together before transmitting them to their ultimate destinations. While the purported purpose is to increase privacy, mixers like Blender are commonly used by illicit actors. Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017. Blender was used in the laundering process for DPRK’s Axie Infinity heist, processing over $20.5 million in illicit proceeds.”
Fig 2. U.S. Treasury Dept; Blener.io Crypto Mixer Fraud, 2022.
The question we as a society should be thinking about is tech ethics. What design feature crosses the line to enable fraud too much such that it is not pursued? For example, Silk Road crossed the line, selling illegal drugs, extortion, and other crime. Hacker networks cross the line when they breach companies and steal their credit card data and put it for sale on the dark web. Facebook crossed the line when it enabled bias and undue favor to impact policy outcomes.
Crypto mixer and/or splitter services (not mere crypto exchanges) are about as close to “money laundering as a service” as it gets – relative to anything else technically available excluding the dark web where there are far worse things available technically. Obviously, the developers, product owners, and project managers behind the crypto mixer and/or splitter services like this are serving the fraud and money laundering use case more than anything else. Some semblance of the organized crime rings is very likely giving them money and direction to this end.
If you are for and use mixer and/or splitter services then you run the risk of having your digital assets mixed with dirty digital assets, you have extortion high fees, you have zero customer service, no regulatory protection, no decedent Terms of Service and/or Privacy Policy if any, and you have no guarantee that it will even work the way you think it will.
In fact, you have so much decentralized “so-called” privacy that it could work against you. For example, imagine you pay the high fees to mix and split your crypto multiple times, and then your crypto is stolen by one of the mixing and/or splitting services. This is likely because they know many of their customers are committing fraud and money laundering; yet even if they are not these platforms are associated with that. Therefore, if the platform operators steal their crypto in this process, the victims have little incentive to speak up. Moreover, the mixing and/or splitting service companies have a nice cover to steal it, privacy. They won’t admit that they stole it but will say something like “everything is private and so we can’t see or know but you are responsible for what private assets you have or don’t have”. They will say something like “stealing it is impossible” which of course is a complete lie.
In sum, what reason do you have to trust a crypto mixing and/or splitting service with your digital assets as outlined above as they are hardly incentivized to protect them or you and operate in the shadows of antiquated non-western fintech regulation. So what really do you get besides likely fraud? What is the business rationale behind using these services as outlined above considering no solid argument or evidence can support it is privacy alone, and what net benefit do you get besides business-enabling money laundering and fraud?
Now there are valid use cases for crypto and blockchain technology generally and here are five of them:
1. Innovative tech removing the central bank for peer-to-peer exchange that is faster and more global, especially helping the underbanked countries.
2. Smart contracts can be built on blockchain.
3. Blockchain can be used for crowdfunding.
4. Blockchain can be used for decentralized storage.
5. The traditional cash and coin supply chain is burdensomely wasteful, costly, dirty, and counterfeiting is a real issue. Why do you need to carry ten dollars in quarters or a wad of twenty-dollar bills or even have that be a nation’s economic backing in today’s tech world?
Here are six tips to identify crypto-related scams:
1. With most businesses, it should be easy to find out who the key operators are. If you can’t find out who is running a cryptocurrency or exchange via LinkedIn, Medium, Twitter, a website, or the like be very cautious.
2. Whether in cash or cryptocurrency, any business opportunity promising free money is likely to be fake. If it sounds too good to be true it likely is. Multi-level marketing is one old example of this scam.
3. Never mix online dating and investment/financial advice. If you meet someone on a dating site or social media app, and then they want to show you how to invest in crypto or they ask you to send them crypto. No matter what sob story and huge return they are claiming it’s a scam (FTC).
4. Watch out for scammers who pretend to be celebrities who can multiply any cryptocurrency you send them. If you click on an unexpected link they send or send cryptocurrency to a so-called celebrity’s QR code, that money will go straight to a scammer, and it’ll be gone. Celebrities don’t have time to contact random people on social media, but they are easily impersonated (FTC).
5. Celebrities are however used to pump crypto prices via social media, so they get a windfall, and everyone else takes a hit. Watch out for crypto like Dogecoin which is heavily tied to celebrity pumps with no real-world business value. If you are lucky enough to get ahead, get out then.
6. Watch out for scammers who make big claims without details, white papers, filings, or explanations at all. No matter what the investment, find out how it works and ask questions about where your money is going. Honest investment managers or advisors want to share that information and will back it up with details in many documents and filings (FTC).
2) Disinformation Efforts Are Further Exposed:
Disinformation has not slowed down any in 2022 due to sustained advancements in communications technologies, the growth of large social media networks, and the “appification” of everything thereby increasing the ease and capability of disinformation. Disinformation is defined as incorrect information intended to mislead or disrupt, especially propaganda issued by a government organization to a rival power or the media. For example, governments creating digital hate mobs to smear key activists or journalists, suppress dissent, undermine political opponents, spread lies, and control public opinion (Shelly Banjo; Bloomberg, 05/18/2019).
Today’s disinformation war is largely digital via platforms like Facebook, Twitter, Instagram, Reddit, WhatsApp, Yelp, Tik-tok, SMS text messages, and many other lesser-known apps. Yet even state-sponsored and private news organizations are increasingly the weapon of choice, creating a false sense of validity. Undeniably, the battlefield is wherever many followers reside.
Bots and botnets are often behind the spread of disinformation, complicating efforts to trace and stop it. Further complicating this phenomenon is the number of app-to-app permissions. For example, the CNN and Twitter apps having permission to post to Facebook and then Facebook having permission to post to WordPress and then WordPress posting to Reddit, or any combination like this. Not only does this make it hard to identify the chain of custody and original source, but it also weakens privacy and security due to the many authentication permissions involved. The copied data is duplicated at each of these layers, which is an additional consideration.
We all know that false news spreads faster than real news most of the time, largely because it is sensationalized. Since most disinformation draws in viewers which drives clicks and ad revenues; it is a money-making machine. If you can significantly control what’s trending in the news and/or social media, it impacts how many people will believe it. This in turn impacts how many people will act on that belief, good or bad. This is exacerbated when combined with human bias or irrational emotion.
In 2022 there were many cases of fake crypto initial coin offerings (ICOs) and related scams including the Titanium Blockchain where investors lost at least $21 million (Dept of Justice; Press Release, 07/25/22). The Celsius’ crypto lending platform also came tumbling down largely because it was a social media-hyped Ponzi scheme (CNBC; Arjun Kharpal, 07/08/22). This negatively impacts culture by setting a misguided example of what is acceptable.
Elon Musk’s controversial purchase of Twitter for $44 billion in October 2022 resulted in a big management shakeup and strategy change (New York Times; Kate Conger and Lauren Hirsch, 10/27/22). The goal was to reduce bias and misinformation in the name of free and fair speech. To this end, the new Twitter under Musk’s direction produced “The Twitter Files” which are a set of internal Twitter, Inc documents made public beginning in December 2022. This was done with the help of independent journalists Matt Taibbi, Bari Weiss, Lee Fang, and authors Michael Shellenberger, David Zweig and Alex Berenson.
“Twitter granted great deference to government agencies and select outside organizations. While any Twitter user can report a tweet for removal, officials at the platform provided more direct and expedited channels for select organizations, raising obvious ethical questions about the government’s non-public efforts at censorship. It also captured the degree to which law enforcement requested information – from the physical location of users to foreign influence – from social platforms outside of formal court orders, raising important questions of due process and accountability.”
With the help of Twitter’s misinformation, huge swaths of confused voters and activists aligned more with speculation and emotion/hype than unbiased facts, and/or project themselves as fake commentators. This dirtied the data in terms of the election process and only begs the question – which parts of the election information process are broken? This normalizes petty policy fights, emotional reasoning, lack of unbiased intellectualism – negatively impacting western culture. All to the threat actor’s delight. Increased public-to-private partnerships, more educational rigor, and enhanced privacy protections for election and voter data are needed to combat this disinformation.
3) Identity and Access Management (IAM) Scrutiny Drives Zero Trust Orchestration:
The pandemic and mass resignation/gig economy has pushed most organizations to amass work from home (WFH) posture. Generally, this improves productivity making it likely to become the new norm. Albeit with new rules and controls. To support this, 51% of business leaders started speeding up the deployment of zero trust capabilities in 2020 (Andrew Conway; Microsoft, 08/19/20) and there is no evidence to suggest this is slowing down in 2022 but rather it is likely increasing to support zero trust orchestration.
Orchestration is enhanced automation between partner zero trust applications and data, while leaving next to no blind spots. This reduces risk and increases visibility and infrastructure control in an agile way. The quantified benefit of deploying mature zero trust capabilities including orchestration is on average $ 1.51 million dollars less in breach response costs when compared to an organization who has not rolled out zero trust capabilities (IBM Security; Cost of A Data Breach Report, 2022).
Fig. 4. Zero Trust Components to Orchestration; Microsoft, 09/17/21
Zero trust moves organizations to a need-to-know-only access mindset with inherent deny rules, all the while assuming you are compromised. This infers single sign-on at the personal device level and improved multifactor authentication. It also infers better role-based access controls (RBAC), firewalled networks, improved need-to-know policies, effective whitelisting and blacking listing of apps, group membership reviews, and state of the art privileged access management (PAM) tools for the next year. In the future more of this is likely to better automate and orchestrate (Fig. 4.) zero trust abilities so that one part does not hinder another part via complexity fog.
4) Security Perimeter is Now More Defined by Data Analytics than Physical/Digital Boundaries:
This increased WFH posture blurs the security perimeter physically and digitally. New IP addresses, internet volume, routing, geolocation, and virtual machines (VMs) exacerbate this blur. This raises the criticality of good data analytics and dashboarding to define the digital boundaries in real time. Therefore, prior audits, security controls, and policies may be ineffective. For instance, empty corporate offices are the physical byproduct of mass WFH, requiring organizations to set default disable for badge access. Extra security in or near server rooms is also required. The pandemic has also made vendor interactions more digital, so digital vendor connection points should be reduced and monitored in real time, and the related exception policies should be re-evaluated.
New data lakes and machine learning informed patterns can better define security perimeter baselines. One example of this includes knowing what percent of your remote workforce is on what internet providers and what type? For example, Google fiber, Comcast cable, CenturyLink DSL, ATT 5G, etc. There are only certain modems that can go with each of these networks and that leaves a data trail. Of course, it could be any type of router. What type of device do they connect with MAC, Apple, VM, or other, and if it is healthy – all can be determined in relation to security perimeter analytics.
5) Cyber Firm Mandiant Was Purchased by Google Spawning Private Sector Security Innovation.
Google completed its acquisition of security and incident response firm Mandiant for $5.4 billion dollars in Sept 2022 (Google Cloud; Thomas Kurian CEO – Google Cloud, 09/12/22). This acquisition positions the search and advertising leader with better cloud security infrastructure, better market appeal, and more diversification. With a more advanced and integrated security foundation, Google Cloud can compete better against market leader Amazon Web Services (AWS) and runner-up Microsoft Azure. They will do this on more than price because features will likely grow to leverage their differentiating machine learning and analytical abilities via clients throughout the industry.
Other benefits of integrating Mandiant include improved automated breach response logic. This is because security teams can now gather the required data and then share it across Google customers to help analyze ransomware threat variants. Many of Google’s security related products will also be enhanced by Mandiant’s threat intelligence and incident response capabilities. Some of these products include Google’s security orchestration, automation and response (SOAR) tool which is described this way, “Part of Chronicle Security Operations, Chronicle SOAR enables modern, fast and effective response to cyber threats by combining playbook automation, case management and integrated threat intelligence in one cloud-native, intuitive experience” (Google; Google Cloud, 01/16/23).
According to Dave Cundiff, CISO at Cyvatar, “if Google, as one of the leaders in data science, can progress and move forward the ability to prevent the unknown vectors of attack before they happen based upon the mountains of data available from previous breaches investigated by Mandiant, there could truly be a significant advancement in cybersecurity for its cloud customers” (SC Media; Steve Zurier, 04/15/22). This results in a strong focus on prevention vs. response, which is greatly needed. Lastly, since AWS and Microsoft will be unlikely to hire Mandiant directly because Google owns them, they will likely look to acquire another security services player soon.
6) Data Breaches Have Increased in Number and Cost but Are Generally Identified Faster.
The pandemic has continued to be a part of the catalyst for increased lawlessness including fraud, ransomware, data theft, and other types of profitable hacking. Cybercriminals are more aggressively taking advantage of geopolitical conflict and legal standing gaps. For example, almost all hacking operations are in countries that do not have friendly geopolitical relations with the United States or its allies – and all their many proxy hops would stay consistent with this. These proxy hops are how they hide their true location and identity.
Moreover, with local police departments extremely overworked and understaffed with their number one priority being responding to the huge uptick in violent crime in most major cities, white-collar cybercrimes remain a low priority. Additionally, local police departments have few cyber response capabilities depending on the size of their precinct. Often, they must sheepishly defer to the FBI, CISA, and the Secret Service, or their delegates for help. Yet not unsurprisingly, there is a backlog for that as well with preference going to large companies of national concern that fall clearly into one of the 16 critical infrastructures. That is if turf fights and bureaucratic roadblocks don’t make things worse. Thus, many mid and small-sized businesses are left in the cold to fend for themselves which often results in them paying ransomware, and then being a victim a second time all the while their insurance carrier denes their claims, raises their rate, and/or drops them.
Further complicating this is lack of clarity on data breach and business interruption insurance coverage and terms. Keep in mind most general business liability insurance policies and terms were drafted before hacking was invented so they are by default behind the technology. Most often general liability business insurance covers bodily injuries and property damage resulting from your products, services, or operations. Please see my related article “10 Things IT Executives Must Know About Cyber Insurance” to understand incident response and to reduce the risk of inadequate coverage and/or claims denials.
Data breaches are more expensive than ever. IBM’s 2022 Annual Cost of a Date Breach Report revealed increased costs associated with the average data breach at an estimated $4.35 million per organization. This is a $110,000 year-over-year increase at 2.6% and the highest in the reports history (Fig. 5). However, the average time to identify and contain a data breach decreased both decreased by 5 days (Fig 6). This is a total decrease of 10 days or 3.5%. Yet this is for general data breaches and not ransomware attacks.
Fig 5. Cost of A Data Breach Increases 2021 to 2022 (IBM Security, 2022).
Fig. 6. Average Time To Identify and Contain a Data Breaches Decreases 2021 to 2022, (IBM Security, 2022).
Lastly, this is a lot of money for an organization to spend on a breach. Yet this amount could be higher when you factor in other long-term consequence costs such as increased risk of a second breach, brand damage, and/or delayed regulatory penalties that were below the surface – all of which differs by industry. In sum, it is cheaper and more risk prudent to spend even $4.35 million or a relative percentage at your organization on preventative zero trust capabilities than to deal with the cluster of a data breach.
7) The Costa Rican Government was Heavily Hacked and Encrypted by the Conti Ransomware.
The Costa Rican Government was forced to declare a national emergency on 05/08/22 because the Conti Ransomware intrusion had extended to most of its governmental entities. Conti is an advanced and persistent ransomware as a service attack platform. The attackers are believed to the Russian cybercrime gang Wizard Spider (Associated Press; NBC News, 06/17/22). “The threat actor entry point was a system belonging to Costa Rica’s Ministry of Finance, to which a member of the group referred to as ‘MemberX’ gained access over a VPN connection using compromised credentials” (Bleeping Computer; Ionut Ilascu, 07/21/22). Phishing is a common way to get in to monitor for said credentials but in this case it was done “Using the Mimikatz post-exploitation tool for exfiltrating credentials, the adversary collected the logon passwords and NTDS hashes for the local users, thus getting “plaintext and bruteable local admin, domain and enterprise administrator hashes” (Bleeping Computer; Ionut Ilascu, 07/21/22).
Fig. 7. Costa Rica Conti Ransomware Attack Architecture; AdvIntel via (Bleeping Computer; Ionut Ilascu, 07/21/22).
This resulted in 672GB of data leaked and dumped or 97% of what was stolen (Bleeping Computer; Ionut Ilascu, 07/21/22). Some believe Costa Rica was targeted because they supported Ukraine against Russia. This highlights the need for smaller countries to better partner with private infrastructure providers and to test for worst-case scenarios.
Take-Aways:
The pandemic remains a catalyst for digital transformation in tech automation, IAM, big data, collaboration tools, and AI. We no longer have the same office and thus less badge access is needed. The growth and acceptability of mass WFH combined with the mass resignation/gig economy remind employers that great pay and culture alone are not enough to keep top talent. Signing bonuses and personalized treatment are likely needed. Single sign-on (SSO) will expand to personal devices and smartphones/watches. Geolocation-based authentication is here to stay with double biometrics likely. The security perimeter is now more defined by data analytics than physical/digital boundaries, and we should dashboard this with machine learning and AI tools.
Education and awareness around the review and removal of non-essential mobile apps is a top priority. Especially for mobile devices used separately or jointly for work purposes. This requires a better understanding of geolocation, QR code scanning, couponing, digital signage, in-text ads, micropayments, Bluetooth, geofencing, e-readers, HTML5, etc. A bring your own device (BYOD) policy needs to be written, followed, and updated often informed by need-to-know and role-based access (RBAC) principles. Organizations should consider forming a mobile ecosystem security committee to make sure this unique risk is not overlooked or overly merged with traditional web/IT risk. Mapping the mobile ecosystem components in detail is a must.
IT and security professionals need to realize that alleviating disinformation is about security before politics. We should not be afraid to talk about it because if we are then our organizations will stay weak and insecure and we will be plied by the same political bias that we fear confronting. As security professionals, we are patriots and defenders of wherever we live and work. We need to know what our social media baseline is across platforms. More social media training is needed as many security professionals still think it is mostly an external marketing thing. Public-to-private partnerships need to improve and app to app permissions need to be scrutinized. Enhanced privacy protections for election and voter data are needed. Everyone does not need to be a journalist, but everyone can have the common sense to identify malware-inspired fake news. We must report undue bias in big tech from an IT, compliance, media, and a security perspective.
Cloud infra will continue to grow fast creating perimeter and compliance complexity/fog. Organizations should preconfigure cloud-scale options and spend more on cloud-trained staff. They should also make sure that they are selecting more than two or three cloud providers, all separate from one another. This helps staff get cross-trained on different cloud platforms and add-ons. It also mitigates risk and makes vendors bid more competitively.
In regard to cryptocurrency, NFTs, ICOs, and related exchanges – watch out for scammers who make big claims without details, white papers, filings, or explanations at all. No matter what the investment, find out how it works and ask questions about where your money is going. Honest investment managers or advisors want to share that information and will back it up with details in many documents and filings (FTC).
Moreover, better blacklisting by crypto exchanges and banks is needed to stop these illicit transactions erroring on the side of compliance, and it requires us to pay more attention to knowing and monitoring our own social media baselines. If you are for and use crypto mixer and/or splitter services then you run the risk of having your digital assets mixed with dirty digital assets, you have extortion high fees, you have zero customer service, no regulatory protection, no decent Terms of Service and/or Privacy Policy if any, and you have no guarantee that it will even work the way you think it will.
About the Author:
Jeremy Swenson is a disruptive-thinking security entrepreneur, futurist/researcher, and senior management tech risk consultant. Over 17 years he has held progressive roles at many banks, insurance companies, retailers, healthcare orgs, and even governments including being a member of the Federal Reserve Secure Payment Task Force. Organizations relish in his ability to bridge gaps and flesh out hidden risk management solutions while at the same time improving processes. He is a frequent speaker, published writer, podcaster, and even does some pro bono consulting in these areas. As a futurist, his writings on digital currency, the Target data breach, and Google combining Google + video chat with Google Hangouts video chat have been validated by many. He holds an MBA from St. Mary’s University of MN, an MSST (Master of Science in Security Technologies) degree from the University of Minnesota, and a BA in political science from the University of Wisconsin Eau Claire.
Abstract Forward Consulting 
