Crypto Crash Rattles Cybercriminals, Pushing Them Beyond Ransomware

Please fol­low and like us:
Pin Share

What’s happening

Cryp­to prices con­tin­ue to plunge, but cyber­crim­i­nals still need the cur­ren­cies for ran­somware attacks. 

Why it matters

Some experts say the price drops might be push­ing cyber­crim­i­nals away from ran­somware and toward oth­er kinds of cyber­crime that involve steal­ing tra­di­tion­al money.

The col­lapse of cryp­tocur­ren­cies is rip­pling through the world of ran­somware, secu­ri­ty researchers say, even though bit­coin, ether and oth­er dig­i­tal tokens remain the pay­ment of choice for cyber­crim­i­nals lock­ing up cor­po­rate com­put­er systems.

Over the past few months, the val­ue of cryp­tocur­ren­cies has plum­met­ed amid ris­ing infla­tion, eco­nom­ic shocks caused by the war in Ukraine and falling glob­al stock mar­kets. Hun­dreds of bil­lions of dol­lars in val­ue has been wiped out over that peri­od, which is start­ing to be known as cryp­to win­ter. On one day alone, more than $200 bil­lion in val­ue was wiped from the broad cryp­to market.

The wide­spread fall has forced cyber­crim­i­nals to recal­cu­late their ran­soms, secu­ri­ty pro­fes­sion­als say, and has pushed out of busi­ness some of the ser­vices that han­dle their ill-got­ten gains, such as dark web cryp­to-swap­ping mar­ket­places. It’s also accel­er­at­ing a pre­ex­ist­ing shift toward crimes such as mal­ware attacks and cor­po­rate phish­ing scams that tar­get actu­al dol­lars, rather than crypto.

 Mark Lance, vice pres­i­dent of cyberde­fense and a ran­somware nego­tia­tor at Guide­Point Secu­ri­ty, notes that ran­somware demands are gen­er­al­ly based on US dol­lar amounts, so cyber­crim­i­nals are sim­ply doing the math and ask­ing for greater amounts of cryp­to. That makes the bit­coin demand look larg­er, even though ran­soms haven’t changed much in dol­lar terms. 

Lance says many ran­somware attacks fly under the radar these days because the attacks aren’t as nov­el as they once were. Many ran­soms get lit­tle atten­tion unless they have the type of con­sumer fall­out that last year’s head­line-grab­bing attack on Colo­nial Pipeline did.

“Ran­somware is still as preva­lent as it ever was,” Lance said, “and still mak­ing a ton of mon­ey.” 

Busi­ness isn’t as good at the large­ly shady cryp­to exchanges that cater to small-time cyber­crim­i­nals. Many of those orga­ni­za­tions are feel­ing the chill of cryp­to winter.

Last year, a team of researchers at Cyber­sixgill, an Israel-based threat intel­li­gence firm, watched the activ­i­ties of rough­ly 30 small dark web exchanges for sev­er­al months. The exchanges, which the com­pa­ny did­n’t specif­i­cal­ly name, have all been shut down since April.

The rea­son: Cyber­crim­i­nals act a lot like many investors. When the val­ues of assets start to tum­ble, they pan­ic and cash out as fast as pos­si­ble in hopes of cut­ting their losses. 

“It’s just like what we see when there are bank runs,” said Dov Lern­er, who runs Cyber­sixgill’s secu­ri­ty research. He says the peo­ple behind the exchanges are still active in cyber­crime even though the exchanges have “just vanished.”

Some observers say cryp­to win­ter has put a per­ma­nent chill on ran­somware attacks. 

Not that long ago, cyber­crim­i­nals could demand $1 mil­lion to $3 mil­lion in pay­ment after lock­ing up a cor­po­rate com­put­er sys­tem, notes Sher­rod DeGrip­po, vice pres­i­dent of threat research at Proof­point, an email secu­ri­ty company.

“But I think those hey­days might be over,” she said, not­ing that crim­i­nals aren’t see­ing the same suc­cess they once did. She notes that many orga­ni­za­tions, along with the US gov­ern­ment, have stepped up their ran­somware defens­es recent­ly, push­ing cyber­crim­i­nals toward oth­er activities.

Her com­pa­ny has seen upticks in attacks involv­ing remote-bank­ing tro­jans, mal­ware designed to steal cre­den­tials or access to finan­cial accounts, along with phish­ing attacks that scam com­pa­ny offi­cials into pay­ing fake invoic­es or oth­er­wise send crim­i­nals real mon­ey. There’s even been an uptick in the har­vest­ing of cred­it card numbers. 

With any of those crimes, the crim­i­nals make off with con­ven­tion­al cur­ren­cy, rather than crypto. 

Crim­i­nals also like tro­jans because the mal­ware can sit on sys­tems qui­et­ly siphon­ing mon­ey over­time. For exam­ple, an attack­er might be able to scam a com­pa­ny into pay­ing a fake invoice month after month, or a bank­ing tro­jan could con­tin­ue to har­vest access to finan­cial accounts over time with­out the com­pa­ny knowing.

“Get­ting an orga­ni­za­tion’s pay­roll, pen­sions and retire­ment makes for a mas­sive pay­day,” DeGrip­po said. “It’s a lot big­ger, qui­eter and eas­i­er than ransomware.”

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *