Tracing Cryptocurrency Payments and the Role of Threat Intelligence, with Jackie Burns Koven

07/31/23 • 30 min

This month we welcome Jackie Burns Koven as a special guest on the Cyber Insider podcast. Jackie is the Head of Cyber Threat Intelligence at Chainalysis, leading the team tracking cybercriminals and nation state actors stealing, scamming, and extorting cryptocurrency. She is also a member of the Ransomware Task Force, which unites key stakeholders across industry, government, and civil society to innovate new solutions countering the ransomware threat. Prior to joining Chainalysis, she served in the U.S. Intelligence Community.

One of the key aspects of blockchain technology is its transparency. Unlike traditional bank transfers, cryptocurrency transactions are visible to anyone on the network.
Threat actors typically rely on cryptocurrency exchanges or services to convert their funds into currency or stablecoins. However, Jackie notes that the number of exchanges used by threat actors has consolidated rapidly due to increased scrutiny and the detection of illicit activity:
“Because of this steady and unpredictable takedown and action against these exchanges that were providing laundering services for ransomware actors, ransomware actors have less and less options and places to put their funds. So in addition to exchanges, we're actually seeing more threat actors that are just holding on to the fund, just sitting on it in private wallets, whether that's because they're paranoid or unsure of trusting their funds into centralized services because of the risk of the funds getting frozen or the full service getting taken down.”
When discussing potential solutions to the ransomware problem, our guest emphasizes the need for a concerted effort from governments, private sector entities, and the cybersecurity community. Jackie acknowledges the progress made in preventing bad actors from cashing out and the increased sharing of information through public advisories:
"And I think there's been great gains made by global governments on making it harder for bad actors to cash out, on identifying centers of gravity, figuring out ways to notify victims in advance, helping private and public sector entities harden their defenses, get the training they need, getting back."
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.

Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.

Send us a text

Previous Episode

Ransomware Gangs, MSP security, and Cyber Predictions, with Dmitry Smilyanets

Send us a text

In this episode we’re excited to host Dmitry Smilyanets, the Director of Product Management at threat intel company Recorded Future. Prior to that Dmitry was a Russia-based hacker who was indicted and extradited to the United States for his role in a cybercrime scheme – he was the manager of the largest hacking group ever prosecuted in the United States. Having been both a black hat and a white hat, he has fascinating perspectives which we uncover during this month’s release of the Cyber Insider.

When asked about his unique background, Dmitry had this to say: "I think that my background gives me a unique perspective on the world of cybercrime. I understand the motivations and tactics of hackers in a way that many cybersecurity experts do not. At the same time, I have seen the consequences of these actions firsthand and know how important it is to protect against them."
One of the most surprising things about the world of cybercrime is how organized and business-like it can be. Dmitry described some of the groups he encountered as having entire offices, complete with marketing teams, HR departments, and money laundering operations. This level of organization makes it all the more difficult to track and prosecute cybercriminals.

When it comes to cybercrime, the role of governments can be complex and varied. Some governments actively encourage hacking groups, while others turn a blind eye. Dmitry noted that in Russia, the government is unlikely to actively protect cybercriminals, but will prosecute them if they commit crimes within the country: "Russia will not prosecute you if you hit America, but if you accidentally use Russian infrastructure or stole some credit cards from Russians or even used stolen credit cards in Russia, they'll have enough to prosecute you, put you for two, three years in pretrial detention."

All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.

Next Episode

Threat Intelligence, AI, and Thinking like a Threat Actor, with Sherrod DeGrippo

Send us a text

This month we welcome Sherrod DeGrippo on the Cyber Insider podcast’s latest episode. Sherrod is Director of Threat Intelligence Strategy at Microsoft. She was selected as Cybersecurity woman of the year in 2022 and Cybersecurity PR Spokesperson of the year for 2021. Previously, she was VP of Threat Research and Detection at Proofpoint, where she led a global team of threat researchers, malware reverse engineers and threat intelligence analysts. Her career in cybersecurity spans 19 years with prior roles including leading Red Team Services at Nexum, senior solutions engineer for Symantec, senior security consultant for Secureworks, and senior network security analyst for the National Nuclear Security Administration (NNSA). She is a frequently cited threat intelligence expert in media including televised appearances on the BBC news, and commentary in the Wall Street Journal, CNN, New York Times, and more. Having presented at Black Hat, RSA conference, RMISC, BrunchCon, and others, Sherrod is a well-known public speaker. In her personal time, Sherrod spends time with her rescue dog Boris Karloff.
Threat intelligence can provide insights into the tactics, techniques, and procedures used by threat actors, allowing organizations to better protect themselves. However, the use of threat intelligence varies depending on an organization's maturity level and ability to effectively utilize the information. Sherrod highlights the role of threat actor psychology in understanding their motives and objectives. She discusses the evolving nature of threat intelligence and the need for organizations to evaluate its value and determine how it can be used to enhance their security posture. Additionally, this episode explores emerging trends such as the potential use of AI by threat actors and the increasing involvement of CFOs in security decision-making.

All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.

The Cyber Insider - Tracing Cryptocurrency Payments and the Role of Threat Intelligence, with Jackie Burns Koven

Transcript

0:00:03

Luke Connolly

Welcome to the Cyber Insider, Emsisoft's podcast all about cybersecurity. Your hosts today are Brett Callow, threat analyst here at Emsisoft. And I'm Luke Connolly, partner manager. We're very excited to have Jackie Burns Coven with us today.

0:00:29

Luke Connolly

Jackie is the head of Cyber Threat Intel At Chainalysis, a blockchain intelligence company that provides cryptocurrency investigation and complianc