Cryptocracy rattles cybercriminals and pushes them beyond ransomware
What’s up
Cryptocurrencies continue to fall, but cybercriminals still need the currencies for ransom attacks.
Why it matters
Some experts say the fall in prices could push cybercriminals away from ransomware and other types of cybercrime involving stealing traditional money.
The collapse of cryptocurrencies is rippling through the world of ransomware, say security researchers, although bitcoin, ether and other digital tokens are still the payment of choice for cybercriminals who lock in corporate computer systems.
In recent months, the value of cryptocurrencies has fallen sharply rising inflationeconomic shock caused by war in Ukraine and falling global stock markets. Hundreds of billions of dollars in value has been wiped out during that period, which is beginning to become known as crypto winter. In just one day, more than $ 200 billion in value was erased from the broad crypto market.
The widespread fall has forced cybercriminals to recalculate ransom, say security experts, and have pushed out of the business some of the services that handle their bad profits, such as marketplaces that swap cryptocurrencies in dark networks. It also accelerates an existing shift toward crime such as malware attacks and phishing scams for companies targeting actual dollars, rather than crypto.
Mark Lance, vice president of cyber defense and ransomware retailer at GuidePoint Security, notes that ransomware The requirements are usually based on US dollar amounts, so cybercriminals simply calculate and ask for larger amounts of crypto. This makes bitcoin demand look bigger, even though ransom has not changed much in dollars.
Lance says many ransomware attacks are flying under the radar these days because the attacks are not as new as they once were. Many ransoms receive little attention unless they have the type of consumer fallout that last year’s headline-grabbing attacks on Colonial pipeline did.
“Ransomware is still as widespread as it has ever been,” Lance said, “and still makes lots of money.”
Business is not as good on the mostly shady crypto exchanges that target small cybercriminals. Many of these organizations feel the cold of the crypto winter.
Last year, a team of researchers at Cybersixgill, an Israel-based threat intelligence company, looked at the activities of about 30 small dark web exchanges for several months. The exchanges, which the company has not specifically named, have all been closed since April.
The reason: Cybercriminals behave much like many investors. When the values of assets begin to fall, they panic and withdraw as quickly as possible in the hope of reducing losses.
“It’s just like what we see when it’s bankrolls,” said Dov Lerner, who runs Cybersixgill’s security research. He says that the people behind the exchanges are still active in cybercrime, even though the exchanges “have just disappeared”.
Some observers say that the crypto winter has put a permanent cooling on ransomware attacks.
Not so long ago, cybercriminals could demand $ 1 to $ 3 million in payments after locking a corporate computer system, notes Sherrod DeGrippo, vice president of threat research at Proofpoint, an e-mail security company.
“But I think these heydays may be over,” she said, noting that criminals do not see the same success as they once did. She notes that many organizations, along with US authoritieshas stepped up the ransom defense recently, and pressured cybercriminals against other activities.
Her company has seen increases in attacks involving Trojans from external banking services, malicious software designed to steal credentials or access to financial accounts, along with phishing attacks that trick corporate officials into paying fake invoices or otherwise sending criminals real money. There has even been an increase in the collection of credit card numbers.
With some of these crimes, criminals get away with conventional currency, instead of crypto.
Criminals also like Trojans because malicious software can sit on systems in silence and suck money overtime. For example, an attacker may be able to trick a company into paying a fake invoice month after month, or a bank trojan may continue to gain access to financial accounts over time without the company knowing.
“Getting an organization’s salary, pensions and retirement provides a huge salary,” said DeGrippo. “It’s much bigger, quieter and simpler than ransomware.”