Latest analysis of cybercriminal forums points to rise in number and sophistication of scams perpetrated against individuals and businesses as criminals see the opportunity cryptocurrencies brings
London / SFO, January / February 1, 2018: A report issued today by Digital Shadows, the leader in digital risk management and threat intelligence, reveals evidence that cybercriminals are flooding to the new world of cryptocurrencies looking to exploit the boom in interest and adoption of these electronic currencies. This new gold rush is creating a new frontier for professional cybercriminals moving away from less profitable techniques and exploits to make money on the back of the huge interest in these digital currencies.
With over 1,442 cryptocurrencies in circulation, and new alternative coins – “altcoins” – emerging every week, cybercriminals have developed several schemes to defraud those looking to profit from the growth in cryptocurrencies. This paper highlights the most common methods used by these criminal actors, which include crypto jacking, account takeovers, mining fraud and scams against initial coin offerings (ICOs). It also includes measures that organizations, consumer and exchanges can adopt to stay protected.
‘Cybercrminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily,’ said Rick Holland, VP Strategy, Digital Shadows. ‘In many ways its like the gold rush of the 1840s as people flood to the opportunity cryptocurrencies present and are preyed on by criminals and the unscrupulous.’
‘“This is a rapidly changing space and we see new scams crop up daily. While the future of cryptocurrencies remains somewhat uncertain, what we can be sure of is that cybercriminals will continue to find new ways of making money as long as there are enough suitable targets and the profits to be made justify their time and effort. Those that buy and trade crypto currencies should be aware it is the ‘wild west’ and be on your guard at all stages of the transaction cycle,’ added Rick.
The ‘New Gold Rush’ report highlights some of the most common tactics being employed, including:
Botnets that use your computers to mine crypto currencies – there are two main ways that threat actors are currently fraudulently mining cryptocurrencies: botnets and crypto jacking. Botnets were first used to mine Bitcoin in 2014 but the complexity of doing so made it financially unviable however it is now making a comeback as newer cryptocurrency like Monero are easier to ‘mine’. As such Digital Shadows has observed botnets available to rent for $40, one such offering has ‘flown off the shelves’ with almost 2,000 rentals so far.
One new tool is a new mining software called “Crypto Jacker”, which combines Coinhive, Authedmine and Crypto-Loot into a WordPress plugin (cj-plugin), with added Search Engine Optimization (SEO) functionality. Available since November 2017 for just $29, the software allows users to clone popular websites that can then be sent out in spam campaigns. According to the Crypto Jacker site, the software “provides a way to earn crypto currency from people who visit your links, even when you’re sharing other websites that you don’t own. We even cloak your website links for your (sic.) so they look like the original shares on social media.”
Targeting of crypto currency exchange accounts – when people seek to convert crypto currency into hard cash they head to the crypto currency exchange. However, criminals are seeking to breach these accounts and are selling access them online. On just one popular criminal forum, Digital Shadows has identified over 100 user accounts being offered as recently as January 2018. Individual account details are exposed through phishing and credential stuffing. Credential stuffing works by automatically injecting compromised username and password pairs into login portals to fraudulently gain access to user accounts. Digital Shadows detected multiple users sharing files that targeted cryptocurrency sites.
Fake Initial coin offerings (ICOs) and fake crypto currency exchanges – there are many instances of individuals creating entirely fictitious cryptocurrencies and performing exit scams. In the words of one cybercriminal “you can create a scam site…people will invest with the motivation for growth of this crypto currency.” However just as popular are fake currency exchanges. One freelance job site shows several individuals seeking assistance in cloning specific exchange sites and creating new cryptocurrencies.
Artificially inflating prices of crypto currencies then ‘dumping’ the stock – just as traders can illegally inflate prices of stock in the real world – via so-called ‘pump and dump’ scams, so do groups of cybercriminals. Pump and dump groups exist to inflate the price of smaller, less well-known currencies to cash in on the increase in value. Criminals then cash out before the value plummets. While, ‘pump and dump’ campaigns are not a new phenomenon, there are more and more groups that are now involved in this type of activity. In January 2018 – Digital Shadows observed over 20 channels on Discord.
To read the full report, visit https://info.digitalshadows.com/TheNewGoldRush-CryptocurrencyResearch-Press.html
ABOUT DIGITAL SHADOWS
Digital Shadows enables organizations to manage digital risk by identifying and eliminating threats to their business and brand. We monitor for digital risk across the widest range of data sources within the open, deep and dark web to deliver tailored threat intelligence, context and actionable remediation options that enable security teams to be more effective and efficient. Our clients can focus on growing their core business knowing that they are protected if their data is exposed, if employees or third parties put them at risk, or if their brand is being misused. To learn more, visit www.digitalshadows.com.