WELCOME TO THE CRYPTO CRIME VAULT
The Most Comprehensive Crypto Crime Resource
Resources to improve security controls and prepare your organization for the future of crypto crime.
A copy of the full length presentation, slides, notes, and an audio version to follow along.
Resources for leadership to understand the importance of the future of crypto crime and the impact it will have on your organization.
The Future Of Crypto Crime and the Impact it Will Have on Organizational Security
Listen To The Presentation
Good afternoon everyone. My name is Charles Stockwell, and I’ve come from The Security Stronghold to talk about something pretty cool today. We’re going to explore crypto crime and find out how it will impact your organization in the future. I also know everyone came here to have a good time, so I’m going to try and entertain you as much as possible, which usually means buckle up and get ready for the bad jokes.
How Many of you have kids or interact with children? Go Ahead, let me see some hands. Should be almost everyone. For those of you who do, this will make sense, as for everyone else, hang in there. Crypto crime and crypto related attacks are nothing new, but nevertheless, crypto crime is still in its youth.
Parents like to classify the behavior of their children in different stages as they grow up: the terrible twos, the fantastic fives, the sensitive sevens. And I like to think of crypto crime in the same way.
The first six months of a child’s life has been referred to as the ‘Is This All You Do?’ first six months. We will get to it soon, but I like to think of the first ransomware attack as that point in crypto crime’s life. After that, ‘The Wounded Walking Ones’ stage; where crypto crime grew but was sparse and ineffective. Next comes the ‘Terrible Twos’. I believe this is when Bitcoin enabled ransomware to thrive. Children in the terrible twos stage thrive on destroying things. Once you have a 2-year-old, the home’s terror threat level is permanently on high. Eventually the “Threenager’ stage came along; a sort of lull as crypto crime wasn’t as erratic circa 2012. The threenager stage has all the attitude and eye-rolling of a teen, minus the moments when teens remember to be nice. Now, where I think crypto crime is currently, the ‘Eff You Fours”. More is available to the child in life at this stage, and the child views life through an ‘eff you and everything else” lens. Crypto crime has evolved with emerging technologies and is being nasty again. This certainly isn’t the end of crypto crime’s life, however, as we still have quite a bit of growing up to do. But we will save that for the future part of this presentation.
Today you are going to join me on an expedition to explore crypto crime. First, we are going to visit the past to help us better understand the future. Then we will talk about the threats organizations are currently facing and how we as an industry are dealing with that. Finally we’re all going to hop on my jet, because we don’t have a lot of time, and we’re going to fly to my city of the future where there is no crypto crime.
I call my city Cryptopia. There has never been a successful crypto crime. Furthermore, the city runs completely on blockchain and artificial intelligence. And that’s not even the best part, next week is our initial coin offering for “crypto coin cryptocurrency”. I like to call it the world’s most redundant cryptocurrency.
There certainly isn’t a shortage of threats organizations face today, However for this presentation, I wanted to focus on threats that relate to crypto. Crypto is a hot topic right now and it seemed fitting. Just so we are all on the same page, I decided to define crypto crime as “criminal activities carried out by means of systems or programs related to cryptography”.
Ransomware always gets the attention, but it’s not even that cool. The threats we will talk about today include ransomware, cryptojacking, crypto phishing, ICO scams, crypto theft, and money laundering. Just a note: I want to give cryptographic attacks an honorable mention because they are attacks on cryptography, but we won’t be talking about them today.
Some of the attacks we do talk about will have a bigger impact on an organization and some of these attacks will have a bigger impact on the individual. However, it goes to say that individuals make up an organization so everything we can do to protect both organizations and individuals will help the individual run organization stay more secure.
To help us better understand the threats we will face tomorrow, we have to first understand where they came from.
It’s easy for us to sit here and clearly see where we went wrong in the past and how we could have better defended our organizations. However, in In the heat of the moment it can be extremely difficult to see the bigger picture and emerging trends. We need to keep this in mind as we look at the attacks we face now, in order to best predict what we will face in the future. I say predict because we can never be 100% sure, but we can make intelligent decisions by carefully considering what has happened and what is happening.
I’m sure some of you have, at one point or another, seen this first graph. It is Moore’s law, specifically, that states every year, or if you want to get technical every 18 months, the number of transistors that you can fit on an integrated circuit doubles. Many also consider this graph to show the trend for all technological advancements. A gradual start followed by exponential growth. Optimistic thinking but I think we are missing a piece.
Now I know some of you have seen this second graph: Gartner’s hype cycle. I like to think of it as the second half of Moore’s Law. We all know it would be impossible for technology to indefinitely grow exponentially.
By combining these two graphs into the third picture, I think we get a better picture of what is really going on. This recurring trend can be seen across almost every technology new and old used by attackers or defenders. The development and use of technology starts a bit slow, but there is a rapid increase as it becomes more popular. Then there is the letdown, followed by a short period of stagnation. Finally, the technology begins to grow and aligns with its realistic use. I wanted to mention this because it helps us see how these various attacks mature. By identifying where each attack is in the cycle, we can better predict its future.
The original ransomware. The first known attack was initiated in 1989 by Joseph Popp, PhD, an AIDS researcher, who carried out the attack by distributing 20,000 floppy disks to AIDS researchers spanning more than 90 countries, claiming that the disks contained a program that analyzed an individual’s risk of acquiring AIDS through the use of a questionnaire. However, the disk also contained a malware program that initially remained dormant in computers, only activating after a computer was powered on 90 times. After the 90-start threshold was reached, the malware displayed a message demanding a payment by mail of $189 for a software lease. This ransomware attack became known as the AIDS Trojan, or the PC Cyborg.
Due to the current state of technology at the time, there wasn’t a serious impact. Aside from some system damages and financial losses the only notable impact here is that for the first time, a ransomware attack was carried out; it may not have been successful in terms of financial gain, but it set in motion events that created what we, as organizations and individuals, now face today.
At the time, the mitigation strategies were…the same…as they are…today…hmmm. Antivirus was used to detect attacks, updates helped fix vulnerabilities, and backups ensured that in the event of an attack you didn’t lose your data. Keep that in mind as we continue our journey.
Since the emergence of pseudo-anonymous crypto currencies and related technologies, ransomware has exploded, and criminals have found new ways to obtain money, data, and wreak havoc. Not only have the threats themselves become more numerous, but the threat surface and opportunity for malicious actors is growing every day. We, as an industry, have done a fairly good job to combat this, yet we still fail to execute even the most simple defensive strategies. We’re going to look at the present state of crypto crime and grow our understanding, so that we can be better prepared as we move forward. First, so that everyone gets most out of the section, I want to pause our journey and make a point.
This point is the importance of understanding your adversary. Before you can accurately understand the environment and the risks you face, you need to understand who you are trying to protect yourself against. For the sake of this presentation, and to best understand crypto crime, we’re going to focus on two threat actors.
Nation states or nation backed groups, which I considered to be well funded and have a fair number of resources at their disposal. And the other threat actor group, criminals. The important thing to keep in mind when looking at these two groups is the driving force behind their actions. Nation state groups are typically looking to cause damage and disrupt the environment they are attacking; whereas criminals are more concerned about the money that they can make by carrying out these attacks.
We’re going to start off with ransomware again, and as I mentioned earlier, I think ransomware is in the “EEF YOU” four year old stage.
After the first ransomware attack, there weren’t many others like it. Later on in 2005 Archivus was the first ransomware to use asymmetric encryption and required users make purchases from websites to obtain the passwords to decrypt files. Once again, ransomware was fairly quiet…and then bitcoin was released. Soon afterwards ransomware began to get nasty. Throughout this time frame ransomware has continued to evolve to take advantage of new vulnerabilities, overcome new defenses, and become more effective at making users pay to get their data back.
Some of these adaptations that have become prevalent in today’s strains of ransomware include new ways of infecting systems, new communication and encryption methods, and creative extortion.
Ransomware has been delivered via drive-by-downloads in the past, but now it’s more common to see ransomware payloads in files such as a pdf, jpg, or using macros in Microsoft Office to run.
Ransomware is also using different techniques when communicating and encrypting device files. Some ransomware authors have spread out the encryption process so that files are encrypted much slower, potentially bypassing anti-virus detection. On the other hand, some ransomware spawns multiple child processes to accelerate the encryption process and make it difficult to stop. Another technique is randomizing the encryption process which helps bypass anti-ransomware tools that look for a more linear pattern of encryption.
Ransomware has also been seen to target the master boot record, holding computers hostage without having to encrypt every file. Most of us also know that ransomware is finding new ways to move laterally across a network and access more valuable targets. Finally, some ransomware attacks are delayed. The machines are infected, the malware spreads, but only later on is the attack launched.
As far as extortion goes, crypto criminals are messing with human psychology to get better results. Just look at the Popcorn Time ransomware, where victims had a choice: pay the ransom, lose your data, or infect two other people in exchange for the decryption key. Perhaps more well-known, the Jigsaw ransomware which deletes files every so often if the ransom isn’t paid. Quite nefarious but entertaining.
Powerware is a family of ransomware that was built around using Powershell to carry out its attacks.
Ryuk ransomware is different because it’s not sent out via massive spam campaigns or used with an exploit kit, it’s used for targeted attacks. Ryuk’s encryption scheme is built for small operations, only the encryption of critical assets and resources on a network. Even the ransom notes have been customized to fit the target. some people think Ryuk ransomware is related to the Hermes ransomware and the Lazarus group.
Cerber is a ransomware as a service product that caters to criminals looking to get in on the ransomware party. There are many options for customization including: blacklisting countries by language, variable file names, optional environment checks, different encryption settings, and different ransom notes to choose from. Cerber ransomware can also successfully complete an attack with or without talking to its command-and-control server.
GrandCrab ransomware has infected users a couple different ways: remote desktop connections, phishing emails with malicious attachments, exploit kits, or through trojans. Newer versions of GrandCrab ransomware use the salsa20 algorithm to encrypt files because it’s quick and small. If GrandCrab detects languages such as Russian or others from the former Soviet Union, it will not drop its payload. This ransomware also doesn’t have a list of files to encrypt; rather a list of files that it doesn’t encrypt, and it encrypts all files not on that list.
Finally, Bad Rabbit ransomware. This ransomware is based on petya/notpetya, it’s spread mostly via a fake Flash update, it has capabilities to move laterally across networks, and there seems to be no discrimination when it comes to who it infects. An interesting fact about this one is that there are Game of Thrones references in the code. This has been a small sample of ransomware for you.
Today’s ransomware attacks have a much greater impact than those in the past. Not only can you face loss of data or loss of money, but companies are facing major disruptions in operations and harm to their company’s reputation. Whether it is the data you are holding or the factory line that needs to continue operating 24/7, attackers will find a way to exploit this in an attempt to make money or cause chaos. We’ve all heard the stories of the company who paid thousands and even hundreds of thousands to get their files back, so it’s clear to see that the financial impact has grown. Finally, companies have faced damage to their reputation because of these attacks. Now I’m not saying that reputation isn’t damaged by other attacks, but ransomware can compromise data and disrupt operations; a one-two punch to the company’s reputation and performance.
There isn’t any secret when it comes to mitigation. It’s about the fundamentals of good security and consistently applying them. Make sure you have backups and backups of your backups; make sure they are air-gapped. Make sure your network is designed correctly and not full of vulnerabilities and misconfigurations. Train your users. They don’t have to be a liability, they can be your best defense if you invest in them. And finally, be ready when an attack does happen because as cliche as it sounds, an attack will happen. You need to be ready.
Cryptojacking is a fairly recent attack where bad actors download software or run malicious scripts on your machine to mine for certain cryptocurrencies. For those of you who who aren’t very familiar with cryptocurrency, mining is a process in which new crypto coins are released or a transaction of a cryptocurrency is verified and added to the blockchain ledger; this process involves solving computationally difficult puzzles. Anyways…
Since this summer, we have seen an explosion in the occurrence of cryptojacking. Most likely because as I mentioned before with my technology cycle, cryptojacking is fairly new, and right now criminals view it as a way to make more money with less risk than ransomware. Because cryptojacking scripts go unnoticed often times, it’s less likely they will be detected, and in the event they are, it’s extremely hard to trace back to the source. Some crypto criminals also consider it a better business model because you are, in the right environment, essentially making predictable recurring revenue. It’s also much easier to install a cryptojacking script on a website than it is to successfully launch a ransomware campaign.
FaceXworm is a malicious Chrome extension that uses Facebook Messenger to infect computers. Initially it delivered adware, but there has been a strain that targeted cryptocurrency exchanges and delivered cryptomining code. It still uses Facebook Messenger to deliver malicious links, but it can also steal web accounts and credentials, allowing it to inject cryptojacking code into those web pages.
WinStarnssmMiner has a scorched-earth policy. This crypto miner spreads quickly and is effective. Furthermore, anyone who tries to remove it gets a nasty surprise. Their computer crashes. WinStarnssmMiner cryptojacking malware does this by injecting code into an svchost.exe process and setting its attribute to ‘Critical Process’. Once the process is removed, the computer crashes.
Finally, some clever people were taking legitimate projects on GitHub, forking them, and then hiding cryptojacking malware in the directory structure of that project. The crypto criminals would then entice people to download that malware via typical techniques.
The impacts of a cryptojacking attacks include decreased performance because your machine is using all of its resources to mine cryptocurrency. Likewise, electricity use increases because of the power required to run these complex computations. And finally, dangerous levels of heat can be produced when some machines are forced to mine cryptocurrency by these scripts. Not the end of the world if a stray device gets infected, but when entire sections of your network are compromised you will definitely see an impact.
Basic mitigation of cryptojacking attacks include having some level of resource monitoring of your machines, and if not all of them then at least critical ones. There are also some effective ad blocking and anti-cryptomining solutions out there. Finally, once again security awareness training will help prevent some of these attacks from happening in the first place.
Crypto phishing is yet another sub-group of phishing attacks. Driven by an easier to process monetary target, attackers are turning to crypto phishing more and more.
Attackers are using social media to create fake cryptocurrency community pages from which phishing messages are sent to members of the real community. This is just another way of increasing the likelihood of a successful phishing attempt. The goal here is usually to direct the victim to a fake version of their crypto wallet in order to harvest their credentials. There are also some attacks that attempt to get the victim to download malware that will launch an attack mid-transaction of some other crypto wallet software. Attackers are also running ads on Google because of the very lucrative nature of compromising crypto accounts; they have direct access to the money. Now there’s no guarantee the wallet won’t be worthless, but there is also the possibility that the wallet is worth tens of thousands if not more. Finally crypto phishers have started using chat and SMS just like conventional phishing attacks in an attempt to increase their success rate.
A good example is attackers using Facebook Groups to target specific users of a cryptocurrency, resulting in better click-through rates for their attack. There are also many attackers buying domain names related to current crypto sites. They harvest the credentials of users who mistakenly navigate to the fake site; a targeted new twist on an old attack. Finally, some malware has been shown to switch the receiving address of a crypto transaction just before the victim authorizes it. If Alicia wants to pay Robert some Etherium, she will use Robert’s wallet address to send him the money. This malware will then switch Robert’s address to the attacker’s address just as Alicia authorizes the payment.
Crypto phishing doesn’t have a tremendous impact on most organizations. What you are looking at here is an individual’s loss of money, system compromise, or loss of sensitive information. Unless your organization has assets in cryptocurrency, you are not at a huge risk.
At the same time, it’s good practice to combat these attacks. Make sure you’re navigating to the right places. Make sure you and your employees know how to identify phishing emails…and if “100freebitcoins.com” says you will get 100 Bitcoins added to your wallet by completing a survey about your favorite ice cream flavor, well you better tell them you like chocolate. Because then at least when you are depressed that all of your Bitcoins have been stolen, there is the off chance they might send you some chocolate ice cream.
This is the best part. We’re hitting up the casino on our way to my city, Cryptopia. For those of you who don’t know how an ICO scam works it’s basically this:
A company decides it wants to do something, and it realizes it needs money to do that. For example I’m from Wisconsin, and I want to start a cheese sculpting business. Which is actually a thing, stiff competition let me tell you. So I’m going to need lots of money to buy lots of cheese and pay lots of people to sculpt our cheese. We need money and what better way to do this than to make some cheese coins. All of you can buy cheese coins from me, and then I can use your money to run my cheese sculpting business. In a couple of months, your cheese coins will be worth 100 times what you bought them for because we have sold so many cheese statues. You can trade your cheese coins and make some money off of the increase in value, or if you want, you can redeem them for a cheese sculpture that would look perfect on the mantle above your fireplace.
That’s an ICO scam except when you give me the money for the cheese coins I give you a worthless token and use your money to buy a submarine so I can get to my private island that I bought with the rest of your money.
Now there’s been a lot of debate about whether or not what people consider an ICO scam was really intended to be a scam. This is because there have been many ICOs that failed and were classified as scams. But in the case of crypto crime, we are talking about actual ICO scams. My cheese coin ploy is different than a company, for example, who wanted to make the best tasting cheese ever and sold tasty coins; but they couldn’t figure it out and never made any money, resulting in a worthless or dead tastycoin. Lately ICO scams have been preying on the fear of missing out, “Buy our worthless coin now or else in a week you will have missed out on the opportunity to make millions”. These fake companies are also trying to establish themselves as an industry “authority” creating fake personas and fake company leaders. Even going so far as to write white papers about their “project”. Finally, crypto criminals are taking advantage of more anonymous cryptocurrencies, so it is more likely they will escape with your money.,
Supposedly 80% of ICO projects by number of shares were identified as scams. The same research says that 4% of ICOs fail and 3% die. Note: this is only 11% of funding by monetary value that goes to scams, but it is still quite a bit. There isn’t a sure way to tell if these figures are correct, but I would say they are close. The Plexcoin ICO was stopped by the SEC. Investors complained that the founder, Dominic LaCroix, was defrauding them. Lecroix advertised a return of 13,504% which the SEC deemed was infeasible. Lacroix was jailed, the SEC froze all the 15 million gathered by the ICO and the Plexcoin parent company was fined $100,000. Sadly, most ICOs do not have a happy ending for the consumer like this one.
Benebit claimed to use blockchain to unify customer loyalty programs such as frequent flyer miles. The ICO had a budget for marketing of over $500,000; and the classic seal the deal white paper. Investors bought in, but someone noticed that photos of the team running the operation were actually from a school for boys in the UK; the founder’s details were fake. Once they realized they had been found out, the team behind the scam began to shut everything down. Reportedly the scammers got away with at least 2.7 million and maybe as much as 4 million.
Finally, and yes I know what you’re thinking, “Who would fall for an ICO scam under the name Ponzicoin?” but plenty of people did. There have been two Ponzicoin projects; the first netting the criminals about $7,000 at the time, 2014, which is said to be more than 2 million today. The second PonziCoin project was intended as a joke and openly stated it was a scam, however, the project raised over $250,000 which was all taken by the founder never to be seen again.
The impacts of these ICO scams include a great deal of financial loss, damage to companies legitimately trying to use an ICO to raise capital, and an abundance of confusion among those entering the crypto space. Once again, not a huge impact to your organization, but depending on what you do , it could still affect you.
The mitigation for this doesn’t go much past common sense. Know the organization raising the capital, know the team behind the project, make sure a trusted escrow company is used, look at the ratings of the ICO, and look at the risk scores of the ICO. Even better just don’t invest in an ICO to begin with. But then again, how else are you supposed to get a nice cheese sculpture a few months down the road?
Crypto theft is what happens when people have vast sums of money in easier to steal digital assets. This could mean physically having a hardware wallet stolen or an attacker breaking into an exchange and stealing large amounts of cryptocurrency.
Recently, we have seen high value targets physically attacked for their purported digital assets. There have also been sim swapping attacks to steal money from victim’s cryptocurrency wallets. Finally, crypto criminals have been targeting exchanges in high-risk high-reward attacks.
Nicecash, which is a crypto marketplace based in Slovenia, had its payment system compromised and as much as 63 million worth of bitcoin was stolen.
Iceland is a very popular location for crypto mining servers because Iceland is naturally cool, making the mining process more efficient. However in early 2018, upwards of 600 specialized mining rigs were stolen. There have been 11 arrests related to the attack so far, but none of the mining rigs have been recovered.
Coincheck, a digital currency exchange in Tokyo was hacked in early 2018. The company said something around 534 million worth of cryptocurrency was transferred from coincheck wallets to who-knows-where. Most of the currency stolen was NEM a cryptocurrency launched in 2014.
Some creative crypto theft includes attackers calling SWAT teams to victim’s homes, and then demanding payment to stop the harassment. However, this attack is controversial.
There are also numerous cases of people wanting to buy and sell using the service Localbitcoins only to have their cryptocurrency stolen. These are only a few examples. Some of the others include: people being taken hostage, home invasions, and other desperate attempts to steal cryptocurrency.
The impacts of this attack can reach into the physical world. Not only can you lose your money, but you could lose your life. These attacks can also cause disruption to entire crypto markets as the potential movement during some of these heists can throw off the whole cryptocurrency ecosystem.
Some mitigation advice is to keep your currency offline and not in exchanges. If you have cryptocurrency, get a hardware wallet. Separate your wallet and the keys to your wallet, don’t keep them in the same place; common sense. And finally, don’t go on the internet and tell everyone that you have all the Bitcoins.
Bitcoin is not anonymous, it’s pseudo anonymous. Transactions can still be tracked, and keep in mind, blockchain is a permanent ledger. However, Bitcoin and now even more anonymous cryptocurrencies have made money laundering much easier for criminals, terrorist organizations, and governments. We are fighting on a new front in the war on money laundering.
Crypto criminals are turning to altcoins and zero proof coins which are more anonymous than Bitcoin and can be completely anonymous. They are also utilizing mixing services in which you deposit your cryptocurrency to have it mixed with others. You then get back the original amount you put in, minus a small fee for the service, but now it is nearly impossible to figure out where your cryptocurrency came from and is going to. Finally, along with the other attacks, by flipping between cryptocurrencies, crypto criminals are essentially making it impossible to follow the money.
Europol shut down a drug trafficking ring that used cryptocurrencies and credit cards to launder more than €8 million through a Finnish crypto exchange. They started with cash and cards, but were worried, so they tried to use crypto to hide; it was too late.
Thomas Mario Costanzo, also known as Morpheus Titania on Twitter, operated a peer-to-peer bitcoin exchange website, and was found guilty of charges of money laundering by a federal jury in Phoenix, AZ. Costanzo had laundered $164,700 during a two-year period – money taken from undercover federal agents who approached the trader saying they were heroin and cocaine traffickers. There was also evidence that the felon himself used bitcoin to buy drugs, as well as offering an online bitcoin exchange service for others purchasing drugs without implementing know-your-customer authentication procedures.
Finally, the cybercrime division of the State Attorney’s office of Hebron, Israel indicted local resident Hilmi Git for allegedly using over 800 Israeli credit cards to carry out 20,000 fraudulent transactions and laundering the money using bitcoin. Some examples to show how money laundering and crypto are related.
With the emergence of cryptocurrencies and now anonymous cryptocurrencies, money laundering has become much easier for criminals. This in turn makes it easier to fund malicious actors. Rapid emergence of crypto money laundering will also drive more regulation in the space in an attempt to level the playing field.
Most criminals don’t go to extreme lengths to launder money through cryptocurrency. And many have no idea how. Even the ones that dabble in the practice may be caught through anomaly detection. Like I said before, blockchain is a permanent ledger, so many companies are doing their best to use that information to detect suspicious activity. In order to beat criminals who are using cryptocurrency to launder money, it will take a coordinated effort between law enforcement, cryptocurrency companies, and financial institutions. The legality of the entire crypto business will also play a huge role.
This is what you came for. We know how it began. We know how crypto crime is now; we’ve gotten a look at various crypto crimes from in the trenches. Now it’s time to step back, take a look at the big picture, and figure out what the future of crypto crime holds, so that we can prepare to win.
Welcome to Cryptopia! Good work everyone, go ahead and high five the person next to you, we made it! Ahhhh Cryptopia, where everything seems pristine on the outside. But before I show you around…
Before I show you around, I have a confession to make. My conscience can’t take it anymore. My city is far from perfect. We have faced breach after breach and paid attackers $100,000 to cover up the attacks that locked the files of and stole cryptocurrency from our 57 million citizens (ride-hailing company joke). How do we figure out where Cryptopia went wrong, so that your organizations can be better prepared?
I can’t tell the future, so unless one of you in the audience can, we’re going to have to rely on past experiences to predict the future paradigm of crypto crime.
This slide is based on a Donald Rumsfeld quote. We can make predictions about threats that we will face, but most of them will be just that, predictions. It’s fairly easy to see the general trend of crypto crime because in the end it’s all about understanding your adversary.
We also know that there are things we don’t know. This is where bigger predictions and speculation comes into play. We try to do our best to prepare for the things that we can’t see.
Even more so potentially damaging are the things we don’t know we don’t know. The best thing I can do is just make you aware of that fact.
The future of ransomware isn’t that hard to predict. Criminals will seek ways to make more money and other malicious actors will seek ways to create more disruption.
It’s not new news, but as the number of connected devices grow, so does the likelihood and reach of ransomware attacks. Looking ahead it’s not too unreasonable to think of a smart refrigerator being held hostage and your milk spoiling if you don’t pay the ransom. This is going to affect organizations where connected devices are vital to the business’s operation and function. Hence, operational technology will also be a major target in the future for ransomware.
Smart automobiles and related connected transportation devices will also be at risk as ransomware developers tune their malware. Speaking of improving their ransomware, authors and malicious actors are already getting more creative with their attacks as we have seen before. In the future you can expect ransomware to be used more and more as a distraction or a vehicle to carry out other attacks.
Finally, in the future it’s likely doxing will be more common; not only will attackers hold your data hostage and demand payment to return it, but they will take your data and threaten to release it to the public if you don’t pay a ransom. This type of attack will be directed against those who have sensitive information, embarrassing information, incriminating information, or trade secrets.
As we are seeing now, the threat surface for these types of attacks will continue to increase. Companies will start to need more resources for reputation management in the event of an attack. Organizations will also need to adopt an “adapt or die” mentality. Attacks are not going to slowly drift off into the horizon and disappear, they’re only going to get worse as we’ve seen over the past decades. This will force organizations to understand the ecosystem in which they operate in. Ransomware is a general attack but depending on your industry or work it can be very specific and personal, and the key will be to shore up the weaknesses you exude as an organization. And finally, I know everyone says it, you need to be prepared to be compromised. Please, please, please get the fundamentals of crypto crime mitigation correct, but then also have a plan in place so that when an attack does happen it doesn’t make a damaging impact.
Cryptojacking, being fairly new, will continue to evolve at a rapid pace.
Despite cryptojacking’s nefarious nature, I see legitimate uses in its future. Think of instead of going to your favorite industry news website and seeing a bunch of ads, there are no ads. The reason there are no ads is because when you navigated to that site, you clicked yes in a box that asked you if you want an ad-free experience in exchange for some low-impact in browser crypto mining use of your computer. However, despite some of the legitimate uses, there will always be those who use it for ill gain. Like I said, cryptojacking will grow and become more popular as cryptocurrencies do. Insider threats will also be an issue as a crypto mining operations constructed by an insider will be much harder to detect than that of a malicious actor trying to break in from the outside.
Future cryptojacking attacks will be harder to detect as attackers use new mining techniques and different types of attacks. Cryptojacking may also become more prevalent in the short-term as criminals are still drawn to it in hopes that it is a better opportunity to make money than ransomware. Finally, cryptojacking will be volatile and be easily impacted by crypto markets in terms of what currencies are mined, which techniques are used, and how effective cryptojacking is as an attack.
Crypto phishing will follow general phishing trends and continue to take advantage of changes in the cryptocurrency world.
We can expect attackers to have more options when it comes to exploiting victims. That may mean new segments of the crypto market to target, new malware that specifically targets crypto related activities, or new do-it-yourself kits to exploit a large range of people. Attackers will continue to use social media to attain improved conversions for their attacks. Social media will also be part of multi-step attacks in which the attackers use social media to create a fake crypto page and then coerce victims over the social media platform in multistep automated attacks leveraging things such as facebook messenger bots. The final result is a very high success rate crypto phishing campaign. These attacks will be segmented and target various users of different cryptocurrencies depending on current value.
Many criminals will have a new focus when it comes to phishing because instead of having to broker data and accounts, they will have direct access to accounts with varying monetary value. This will force people to avoid bringing unnecessary attention to themselves when dealing with cryptocurrency. It might be new and exciting to tell everyone right now but would you go around telling everyone how much money is in your bank account? And finally, to protect your organization it will be important that uses are aware of new phishing threats.
ICO scams will continue to be a crime of opportunity. As long there are people to foolishly invest, criminals will use ICO exit scams as a way of making money.
Because of this, we can expect more regulations concerning the ICO process, which is important if raising capital is something that your company wishes to look into in the future. Criminals will also use more anonymous cryptocurrency to to hide the money they are making and sneak away without being caught by law enforcement. Finally, criminals will be willing to invest in the ICO scam themselves in terms of upfront work such as a website, white papers, customer support, and marketing. They will do this because of the potential of high reward in these scams.
These scams will continue to impact the reputation of legitimate users of the ICO process. Consumers will need to know and understand who and what organization they are dealing with when it comes to ICOs. When a criminal exits an ICO with your money, there isn’t much you can do, so it’s important that you prevent yourself from investing in an ICO scam in the first place, (whispers) you don’t even need to think about investing in them, they aren’t all that great, especially if you are trying to make money yourself. (stops whispering) at least not at this point in time.
As the crypto world becomes more populated, theft will become more common, as with most things. We can expect both physical and digital attacks to continue. The act of stealing cryptocurrency can be a part of ransomware, cryptojacking, and crypto phishing; but for crypto theft keep in mind we’re talking about physical theft, the theft of cryptocurrency from an exchange, or stealing from a storage facility. These assets’ worth can be dependent on many things and not very stable, so it’s hard to tell where the focus will be in the future.
Consequently, we can expect these crypto thefts to have a wide reach, targeting different currencies, different types of people, and different organizations. Also as the value of assets rise, so will the motivation to steal them, which could lead to an escalation in terms of physical theft or what criminals are willing to invest into an exchange heist. Finally, and I’m surprised I haven’t addressed it already, but there are obviously those who think crypto is just a bubble waiting to burst and those who think crypto is the future of everything. We are all pretty smart people and can tell the future is probably somewhere between those two views. However, cryptocurrency is becoming more common and so will these attacks.
This means more crime, whether it’s Localbitcoins or people stealing mining hardware or threat actors launching attacks against exchanges. As more and more organizations come in contact with cryptocurrency, your risk also grows. It’s not something most people have to worry about right now, but it’s something you should put on your radar. These heists also have the potential to make quite a significant economic impact in terms of the cryptocurrency world. I’m not sure if anyone remembers operation uptick carried out by the mob, but they manipulated stocks by artificially inflating the price. Crypto crimes have the potential to do this to the price of various cryptocurrencies as well. Making ransomware demands in a specific cryptocurrency could drive up the demand and therefore price of that specific cryptocurrency. Cryptojacking could increase the supply and decrease the price of a particular cryptocurrency. And removing a large quantity of a specific cryptocurrency from the market during a heist could impact the price of that cryptocurrency as well.
Money laundering will continue to be a more convenient way for criminals to wash their money, At least for the technologically savvy. But that has the potential to change as well, and criminal organizations can always find someone who knows what they’re doing.
We can expect a greater complexity in the techniques that criminals use to launder their money via cryptocurrency. This is because currently there is still a decent probability that you could follow a money trail. Criminals will try to decrease the possibility of being caught by mixing their coins, cashing out for another type of cryptocurrency, and utilizing more anonymous altcoins. New services catering to this type of activity will also further facilitate the process of money laundering for these criminals, thus making it easier all around for them. This will require law enforcement, private organizations, and government to change focus and really work on making it more difficult for criminals; or coming up with better ways to identify this criminal activity.
To combat this criminal activity, money laundering utilizing cryptocurrency, there’s going to need to be collaboration with everyone because this crime has no geographical boundaries. It’s a new front in the war on money laundering, and anti-money laundering teams have some catching up to do. There has been some great headway so far, but as we know with any other good versus bad situation, the good side is always playing catch-up. Likewise, both parties will be investing in skills to gain the advantage when it comes to taking advantage of this new way of laundering money.
There’s a lot to keep track of between these various crypto crimes. It’s also very dependent on your organization and your organization’s affairs. Some of you may not come in contact with these attacks very often, so I’ve created a formula that will apply to every attack.
The secret sauce isn’t that secret. Whose sauce ever was? What this really comes down to is consistently applying fundamentals like I have previously mentioned. It’s simple and everyone has heard it countless times, but organizations still fail to consistently implement fundamental mitigation strategies. There’s no reason a ransomware attack should wipe your organization off the map. There’s no reason you shouldn’t be able to identify a phishing email. There’s no reason for many of the attacks to happen. However, what I am proposing the solution is, is one of the hardest things to do. It is simple but it’s not easy. I don’t need to provide you with a secret way to defend against future crypto crime attacks. Sure there will be products and services that are developed to protect new technologies, but overall it’s about the fundamentals.
You and your organization can do it. Consistently apply the fundamentals. Crypto crime is no different than other attacks at its core. Focus on the big wins. I completely understand that it’s not entirely possible and you will always face hurdles such as management, money, or things out of your control, but until we can secure the big wins, it doesn’t pay to get caught up in the minutia.
Whether it’s crypto crime or anything else, I would be more than happy to have a conversation. Thank you for your time today!