Episode 268 – The Emerging Role of Bitcoin in Spreading Malware


Jane Lo, Singapore Correspndent interviews Professor Dr. Christian Doerr, Professor of Cyber Security and Enterprise Security, Director of the Cyber Threat Intelligence Lab, Hasso Plattner Institute (Potsdam, Germany).

Professor Dr. Christian Doerr, is the Professor of Cyber Security and Enterprise Security, and Director of the Cyber Threat Intelligence Lab, Hasso Plattner Institute in Potsdam, Germany.

He works in the broad area of network security and critical infrastructure protection, with a research focus on designing resilient network systems, localizing and estimating current threats through real-time situational awareness in networks as well as conducting threat intelligence on adversaries.   While most of his work focuses on technology, he also integrates socio-technical aspects of cyber security in his research.

Professor Doerr  received his Ph.D. in Computer Science and Cognitive Science from the University of Colorado, USA.

In this podcast, Professor Doerr discussed the investigation by his team into the emerging role of Bitcoin in powering advance malware, and shared insights into threat actors’ use of Bitcoin blockchain to signal the locations of the Command and Control (C&C) Infrastructure.

He highlighted key developments of the C&C evolution in the cat-and-mouse game between the cyber defenders and the threat actors. With attractive characteristics such as immutability, open-access, and high adoption rates, he pointed out how blockchain holds certain advantages over existing designs for threat actors.

While the research team was able to execute a temporary take-over of the infrastructure that cost the adversaries approximately $2 million, the threat actors, however, were able to adapt quickly and resume their malicious activities.

As detection of covert communication patterns in a blockchain is still in its infancy, Prof Doerr predicted that threat actors will increasingly blend their malicious activities with normal services using the blockchain infrastructure.  Faced with such a scenario, he advised cyber defenders to bolster basic mitigation measures,  including addressing the weakest link by raising user awareness.

Recorded 26th May 2021 Singapore 5.15pm/ Germany 11.15am.

Professor Doerr spoke at BlackHat Asia 2021 – MySecurity Media were media partners to the event.