Is it time for leading Threat Intelligence Platforms to support custom objects such as Wallet IDs, Cryptocurrency address for Cryptocurrency Threat Intelligence providers?

Is it time for leading Threat Intelligence Platforms to support custom objects such as Wallet IDs, Cryptocurrency address for Cryptocurrency Threat Intelligence providers?

August 23, 2021
Profile Icon

Jason Franscisco

The Financial Crimes Enforcement Network (FinCEN) has named “Cybercrime, including relevant cybersecurity and virtual currency considerations” a national priority. In June 2021, President Joe Biden issued a directive to federal agencies to prioritize efforts to confront global anti-corruption, with Cryptocurrency as a focus. The Biden administration has also unveiled its strategy to combat ransomware, which includes expanding Cryptocurrency analysis to find criminal transactions.

At Loginsoft, we work with several companies which provide Threat Intelligence Data including Cryptocurrency Intelligence with Anti-Money Laundering, Cryptocurrency Forensics, and Blockchain Threat Intelligence Solutions. The Crypto Threat intelligence provided by blockchain companies are used by banking, financial institutions and law enforcement agencies to monitor, investigate and prevent financial crimes such as Financing Terrorism, Ransomware, Bitcoin mules and Extortion that involve Cryptocurrency.

However, most of the leading Security Threat Intelligence Platforms have limitations in supporting Cryptocurrency forensics for investigators, analysts, and researchers. Due to this and government driven policies, there is an increased need for integrating the Cryptocurrency analytics from leading companies like ChainAnalysis, CipherTrace, Elliptic, Coin Path, TRM Labs into various Threat Intelligence Platforms. Most of the banks and government agencies may have already implemented Threat Intelligence Platforms to track and investigate various cyber crimes. It would be nice if some of the leading platforms can start supporting Blockchain analysis tools like Cryptocurrency investigations into their platforms. Integration of Crypto Threat Intel from Block chain companies with Threat Intelligence platforms can provide Analysts an interface as Automated search, Context based Visualization capabilities for creating crypto transaction flows, Address Identification Database. This can help Investigators to identify the destination of the cryptocurrency ransom and analyze transactions relevant to a ransomware campaign through cryptocurrency due diligence. While Threat Intelligence Platforms support integration of IOCs from network endpoints, web applications, intrusion detection & prevention systems, Firewall and so on, they should expand their support to these new custom objects, related to Cryptocurrency so that clients who have already invested in the infrastructure can easily leverage the same platform to monitor and track transactions.

Consider supporting the following Cryptocurrency Intelligence Use Cases which could help in identifying and monitoring these cyber criminalities.

  • Identifying Wallet Owners and Geographical Location
  • Transaction History that includes Incoming Transactions and Outgoing transactions
  • Transaction Risk (risky transaction characteristics include gambling sites, dark market, criminal, and mixing services)
  • Cryptocurrency address details and Risk (i.e., illicit, or criminal history associated with a Cryptocurrency address)
  • Cryptocurrency addresses association with an IP Address

The above Use cases are just a sample that could help and enable investigators, analysts, and researchers to de-anonymize Crypto transactions and obtain solid evidence on individuals who use Cryptocurrencies for various crimes. Fraud investigators can access advanced Cryptocurrency Intelligence combining millions of attribution data points from these Blockchain Intelligence Providers. It will also help facilitate visualizing actionable Cryptocurrency intelligence and help comply with Cryptocurrency regulations.

Typical Users of Cryptocurrency Intelligence:

  • Financial Crime Analysts
  • Law Enforcement Agencies
  • Dark Web Analysts
  • Ransomware Investigators

In Conclusion, as Blockchain technology continues to develop and Cybersecurity community is playing an active role in finding solutions for the challenges posed, there is an opportunity for Threat Intelligence platforms to support the most common target entity types such as Cryptocurrency Address, Transaction and Wallet at the minimum, thereby enhancing Cryptocurrency intelligence.

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 20 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media, and more have come to rely on Loginsoft as a trusted resource for technology talent. From startups, to product and enterprises rely on our services. Whether Onsite, Offsite, or Offshore, we deliver. With a track record of successful partnerships with leading technology companies globally, and specifically in the past 6 years with Cybersecurity product companies, Loginsoft offers a comprehensive range of security offerings, including Software Supply Chain, Vulnerability Management, Threat Intelligence, Cloud Security, Cybersecurity Platform Integrations, creating content packs for Cloud SIEM, Logs onboarding and more. Our commitment to innovation and expertise has positioned us as a trusted player in the cybersecurity space. Loginsoft continues to provide traditional IT services which include Software development & Support, QA automation, Data Science & AI, etc.

Expertise in Integrations with Threat Intelligence and Security Products: Built more than 200+ integrations with leading TIP, SIEM, SOAR, and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar & Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet, and so on. Loginsoft is a partner with industry leading technology vendors Palo Alto, Splunk, Elastic, IBM Security, etc.

In addition, Loginsoft offers Research as a service: We're more than just experts in cybersecurity; we're your accredited in-house research team focused on unraveling the complexities of cybersecurity and future technologies. From Application Security to Threat Research, our seasoned professionals have cultivated expertise in every facet of the field. We've earned the trust of over 20 security platform companies, who count on our research and analysis to strengthen their cybersecurity solutions.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter