To solve crime, the old saying still holds: “Follow the money.” But how do you do that for cybercrimes when the money itself is decentralised and anonymous—as is the case with cryptocurrency? In today’s threat environment, it’s becoming increasingly crucial for enterprises to boost their cybersecurity maturity.
Over a decade ago, Silk Road—widely regarded as the first darknet market—launched to anonymously connect buyers and sellers of illegal drugs. Silk Road used a Tor network to protect user privacy, with Bitcoin cryptocurrency and dark wallets to encrypt and mask transactions. Its success, and the challenges it posed for law enforcement, put the need for preventing cyber crime that uses cryptocurrency on the map.
Many other darknet markets have emerged since then and the value of cryptocurrency has exploded, even with recent and well-publicised corrections. In February 2011, when Silk Road launched, a single Bitcoin was worth less than US $1. Ten years later, Bitcoin reached an all-time high of more than US $68,000. Even though it has dropped since, the value of a Bitcoin was still sitting at just under US $23,000 in June 2022.
High value and anonymity have made cryptocurrency the de facto currency for cybercriminals—and made preventing cyber extortion top of mind for law enforcement and enterprises.
Cybercriminals are looking beyond Bitcoin to stay hidden
Researchers have recently shown how address-linking techniques can be used to tie Bitcoin addresses back to unique individuals. That’s called into question the fundamental value proposition of privacy that Bitcoin has staked its name on since its early days. Cybercriminals, already one step ahead, have started to shift to anonymity-based coins such as Monero, which are much harder to trace. Several dark web marketplaces now use Monero exclusively.
Matt Swenson, Division Chief at the Homeland Security Investigations (HSI) Cybercrime Center, explained on a recent #TrendTalksBizSec episode that anonymous crypto coins seek to obfuscate any origination information that could be used to trace the transactions as they move across the ledger. This makes it impossible to determine the originating and destination addresses in a given transaction.
While law enforcement agencies struggle with untraceable cryptocurrency transactions, enterprises threatened with cyber extortion demanding cryptocurrency need to protect themselves. Fortunately, there are defensive measures that can be taken.
Thwarting cyber extortion
Three recent attack types underscore why it’s important for enterprises to take quick action to prevent cyber extortion via cryptocurrency.
Ransomware and malicious apps
Cryptocurrency has made it easy for cybercriminals to monetise ransomware attacks: it’s effortless and instantaneous to demand payment in Bitcoin. But the growth of ransomware is hardly the only concern to keep CISOs and enterprise security officers up at night.
Fake or malicious apps are increasingly problematic, as they can be used to harvest private keys or other sensitive cryptocurrency-related information. Looking into the future of the metaverse or crypto-monetised web, other methods of stealing private keys and mnemonic phrases are likely to emerge.
Of all the steps an enterprise can take to protect itself against the ever evolving and never-ending stream of malicious apps, implementing a zero trust strategy is most critical. In the zero trust model, a “never trust, always verify” principal is enforced by only granting permissions to users, devices, applications, or services once they are properly validated and continually reassessed.
Cloud-based cryptocurrency-mining attacks
Another recent trend is the rise of exploits targeting cloud resources, specifically CPU power, to mine cryptocurrency. The cost of a cloud-based cryptocurrency-mining attack can be US $130 per month for a single machine, according to Trend Micro estimates.
With the ability to instantaneously spin up new instances and the fact that most enterprises rely on multiple clouds, organisations could see a huge spike in resource consumption and related costs if such malicious uses were to go on undetected. Any organisation that does find illicit cryptocurrency-mining on its resources should take it as a warning sign that their cloud infrastructure may be vulnerable to other kinds of attacks.
Continuous assurance and visibility are essential to ensuring cloud infrastructure is properly configured and compliant. These involve:
- Real-time monitoring of the entire cloud infrastructure
- Auto-checking against cloud infrastructure configuration best practices
- Continuous tests against compliance standards
- Extensive reporting across multiple filters
- Step-by-step remediation rules with self-healing controls
When combined, visibility and assurance enable automated, proactive prevention of vulnerabilities and help ensure cloud infrastructure security.
The thriving cryptocurrency environment itself provides many opportunities for cybercriminals to exploit, resulting in a constant stream of scams related to cryptocurrency. Earlier this year, Trend Micro discovered 249 fake cryptocurrency wallet apps on Android and iOS that were used to steal more than USD $4.3 million, taking advantage of the fact that cryptocurrency transactions are irreversible.
Enterprises need to be proactive in addressing these types of threats to prevent cyber extortion. Email security is especially important because email is the most frequently used delivery method for these kinds of scams. The latest Trend Micro Cloud App Security Threat Report found that 74.1% of all threats are email-based, with business email compromise (BEC) amongst the top incidents causing business losses. Furthermore, the FBI reported $2.4 billion in adjusted losses from BEC complaints in 2021.
Because these scams do not involve malicious links or attachments, they can evade traditional security solutions. Training, culture, and process improvements can help mitigate them—paired with layered messaging security technology that leverages the latest threat defences such as AI, machine learning, and behavioural analysis in a single dashboard.
Cryptocurrency security needs a coordinated and unified response
Enterprises need a unified cybersecurity platform that provides complete visibility, detection, and response to defend themselves throughout the attack lifecycle. But, tackling the bigger cyber extortion issue also requires coordinated action beyond just the enterprise.
The Silk Road example proves this can work. Despite its rapid rise and success, Silk Road was shut down by the FBI in 2013 and the mastermind behind it was arrested and later convicted. Federal agents admitted the use of Bitcoin and Tor to obscure addresses were major obstacles in the investigation but succeeded by working cooperatively with other organisations.
Coordination can start with enterprises reporting incidents to law enforcement agencies. And reporting application vulnerabilities to affected vendors through programs like the Trend Micro Zero Day Initiative™ (ZDI) can also help strengthen cybersecurity overall. The sooner vulnerabilities are identified, the sooner patches can be issued to bolster enterprise defences.
By combining coordination with a unified cybersecurity platform, enterprises can enhance their posture and protect against the harms of cyber extortion.
To learn more about the risks mentioned above, explore these resources:
- Trend Micro Mobile App Reputation Service (MARS) database
- Trend Micro Research: A Floating Battleground: Navigating the Landscape of Cloud-Based Cryptocurrency Mining
- Trend Micro Research: Keeping Assets Safe From Cryptocurrency Scams and Schemes