WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The popularity of Bitcoin and cryptocurrencies continue to progress in the modern-day, with drastically surging valuations. Notably, Bitcoin surpassed its all-time high of USD 20,000 (in 2017) to achieve an eye-watering USD 60,000 at the time of writing (April 2021). And while legislation and law enforcement continue to try to get a stranglehold on the growing cryptocurrency space, cybercriminality has been at the forefront of its use since the early days..
These days, Bitcoin and cybercrime go hand in hand. Still, recent question marks over their relationship have appeared, mainly owing to increased law-enforcement intervention and criminal organizations being uncovered through their ongoing use of the digital currency. However, with a host of alternative cryptocurrencies making more secure and privacy-orientated features available to the cybercriminal world, is it inevitable that we will increasingly see cybercriminals shift away from the Bitcoin crypto-powerhouse? The question was potentially answered by the “REvil” ransomware collective in 2020 when they declared they were switching payment operations away from Bitcoin and Ethereum in favor of Monero. Below, we take a look at the current relationship status of cybercrime-Bitcoin and see what other fish are in the sea.
Cybercrime has long been synonymous with Bitcoin, ever since Satoshi Nakamoto published the original whitepaper and the Bitcoin network came to life in 2009. The cryptocurrency serves many purposes in the cybercriminal world, not limited to facilitating dark web transactions, extortion, money-laundering, and fraudulent payments. But with the modern world starting to catch up in terms of technology, regulations, law-enforcement tracking capabilities, and improved account identification processes, we noticed a shift in how cybercriminals are using Bitcoin. There’s also some uncertainty about how useful it will continue to be for the cybercriminal world, where anonymity is vital and lack of security hygiene can lead to incarceration.
Bitcoin has often been mislabelled as an anonymous digital currency, but the reality is very much the opposite; anonymity has never been a characteristic of the currency or the blockchain it’s built on. The currency’s public ledger records every single transaction broadcasted across the network, resulting in the ability to trace all coins from their originating source to their final destination. For that reason, the digital currency is referred to as pseudonymous rather than anonymous.
And even though Bitcoin has been a significant factor in how cybercrime has grown in the past 5 to 10 years―through its use of unnamed virtual wallets, lack of real-life identification processes and decentralized system affording easy cross-border payments―blockchain tracking technology has been steadily rising to bridge the gap. These days, dedicated platforms designed to trace Bitcoin throughout the blockchain have helped nullify the myths of Bitcoin’s anonymity and become an asset to law-enforcement bodies tackling cybercrime.
If Bitcoin isn’t anonymous, why do cybercriminals still use it, you might ask. Well, they’ve been fighting to make tracing difficult again for some time, with tools and methods designed to keep the transactions of Bitcoin users private. Also, there are still common mechanisms, largely popularized within the cybercriminal community, that keep Bitcoin viable for criminal use.
These mechanisms include coin-mixing and tumbling—the process of mixing tainted currency in among transactions from other locations to obfuscate its true origin—, privacy-based wallets with inbuilt privacy and anonymity features, and the conversion of Bitcoin to alternative cryptocurrencies and back again. Each process serves to make any tracking mechanism arduous and keep law enforcement far enough away from uncovering a real-world identity.
This leads us to another reason why Bitcoin remains popular. It’s the main reason it was created in the first place: decentralization! Conventional financial practices, like banking, often provide barriers to criminals in the form of formal identity documents to create accounts and validate monetary transactions. But in the world of Bitcoin, central authorities governing the use of the asset was never an issue, and criminals could create virtual wallets as they wished without being tied to a real-life identity. This not only helped criminals receive and transfer funds without a moment’s thought but also served as an efficient way to launder dirty money through a legitimate financial system.
In recent times, regulatory bodies have introduced formal identification processes to purchase and withdraw cryptocurrency from established platforms. However, there are several services that solely serve as a gateway into the world of digital currencies for cybercriminals who need not go through an established platform.
Lastly, the main reason why Bitcoin is still used lies in its large liquid market and the volatility in its valuation, which can rise and fall dramatically. In the past year alone, the value of Bitcoin rose from USD 7,000 (in April 2020) to USD 60,000 (in April 2021). So the financial benefit likely far outweighs the potential pitfalls of the currency in terms of privacy and security. But the last point begs the question of why Bitcoin’s purpose is, all of a sudden, being questioned by cybercriminals.
Even though there are mechanisms attempting to keep Bitcoin “anonymous” in one form or another, there’s a growing portion of the cybercriminal community that recognizes this is no longer enough. Recent law-enforcement action to seize or disrupt high-profile criminal marketplaces (Empire, Dark Market, and AlphaBay) show the advancement of blockchain analysis techniques. And they perhaps indicate, to more privacy-oriented users, that despite the mixing and tumbling processes that exist, there is an inherent danger that the owner of a wallet may be unmasked through historical transactions with arrested individuals, identifiers, and previous connections to criminal platforms. Cybercriminals are increasingly advocating a shift from Bitcoin to alternative, privacy-based digital currencies, such as Monero: a digital currency built with privacy and security features from the get-go.
Recent confirmations of this sentiment have been identified. Some highly regarded dark-web marketplaces are moving to a solely Monero-based payment model. An announcement by REvil requested that ransom payments be paid in Monero over Tor (The Onion Router) instead of Bitcoin. The cybercriminal community is beginning to see that Bitcoin serves the purpose of a big payday, but the underlying design leaves them open to exposure.
This goes some way in explaining why Monero and alternatives have been thrown into the mix as of late. Built on the premise of privacy and security, these coins are a stark reminder of how cybercriminals can abuse a digital currency’s legitimate intent and bend it to their will. When combined with privacy applications, like Tor, I2P, and OpenBazaar, this will only put up another barrier between law enforcement and a cybercriminal.
With a good deal of privacy-based coins available, why is Monero emerging as the new go-to criminal coin? Simply put, reputation and experience. Monero is regarded as one of the industry’s most privacy-focused coins, in existence for the past seven years. The currency builds on the strengths of Bitcoin but looks to maintain privacy of the user’s transaction activity.
The Monero community recently attempted to get the currency included as a viable payment option, alongside Bitcoin, for Tesla. This showcases its popularity in the crypto world. But putting Monero to one side, what other alternatives serve a similar purpose?
ZCash
ZCash started in 2016 and stems from the same code as Bitcoin, but the currency operates on its blockchain with a PoW (Proof of Work) mining consensus separate from that associated with Bitcoin. The visual currency incorporates the use of private “shielded” and public transfers. This enables transactions to be verified without revealing the sender, receiver, or transaction amount. Interestingly, the asset enables a user to disclose select details of a transaction for compliance or audit purposes.
Dash
Created following a fork of the Bitcoin protocol in 2014, this currency was initially branded “XCoin,” later rebranded “Darkcoin,” and, subsequently, Dash. Although the creator of the coin states the currency is not an “AEC” (anonymity-enhanced cryptocurrency), a function called PrivateSend allows a user to opt to send transactions anonymously. The technology behind this feature relates to a mechanism called CoinJoin, which is also seen in the privacy-based wallet
service Wasabi. The technology essentially complicates transactions by continuously pooling groups of transactions to the point that analytics cannot deter where coins are being sent or received.
Verge
This digital currency was created in 2014 and runs on its blockchain. Initially known as “DogeCoinDark,” Verge enables private transfers through the use of I2P or Tor, which helps conceal user locations.
Beam and Grin
These currencies emerged on the scene in 2019 with a newer blockchain technology called Mimblewimble. This technology introduces the concept of no identifiable or reusable addresses, meaning that all transactions look like random data to an outsider, with blocks looking like one large transaction, rather than a combination of several individual ones.
Although the above alternatives are available to the criminal world, their use has been hampered by ease of access―one aspect Bitcoin has not struggled with. This point is made evident with the continued support for Bitcoin payments on several criminal marketplaces, despite high-profile law-enforcement seizures over the past couple of years. And certain cryptocurrency exchanges have gone to the extent of delisting some of these privacy-oriented currencies from their respective platforms, owing to their criminal links.
So, when all is said and done, whether cybercriminals stick with Bitcoin or look to one of its younger siblings, the cryptocurrency space will continue to provide an ongoing headache for law enforcement authorities and businesses and consumers. Technological developments are slowly bridging the gap between law enforcement and cybercrime in the world of Bitcoin; innovations and tools available to the cybercriminal landscape continue to provide cybercriminals with the upper hand but also possibly force them to keep one eye over their shoulder. And while Bitcoin, once viewed as a criminal favorite, continues to fall under scrutiny for privacy concerns that call into question its position in the criminal world, its monetary value and ease of access simply cannot be ignored.
Predictions indicate that Bitcoin isn’t going anywhere anytime soon. Rather than being abandoned altogether, it will sit alongside more privacy-based alternatives, meaning the benefits of both can be combined. What we can be sure of, though, is that as long as cryptocurrencies are a part of our world, cybercriminals will continue to manipulate them to suit their wants and needs.
Digital Shadows (now ReliaQuest) monitors threat-actor activity across the cybercriminal landscape, including their use of cryptocurrencies and emerging threats, providing unique insights to help organizations understand the nature of the threat actors looking to get access to their assets. If you’d like to search the dark web and cybercriminal underworld for crypto-related references to your organization or exposed data for sale, sign up for a demo of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here. Alternatively, you can access a constantly updated threat intelligence library providing insight on this and other cybercriminal-related trends that might impact your organization and allow security teams to stay ahead of the game. Get a free seven-day test drive of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) here.