With the FTX exchange imploding marking the cryptocurrency crash of 2022, one of the natural questions for those in the cybersecurity world is: how will this rapid decline in cryptocurrency valuations transform the cybercrime economy?
During the recent crypto boom and even before, cyber criminals have used and abused cryptocurrency to build their empires. The cryptocurrency market provides the extortion medium for ransomware; It is a hotbed of scams targeting consumers to steal their wallets and accounts. Traditionally, it provides a lot of anonymous backend money laundering cover for a number of cybercrime companies.
While there have certainly been some shifts in trends and tactics that they believe are loosely linked to the crypto crash, according to cybersecurity experts and intelligence analysts, the jury is still out on the long-term implications.
Shifting Crypto Trends & Tactics in 2022
Regardless of crypto assets, cybercriminals have definitely gotten more sophisticated this year when it comes to how they use cryptocurrencies to monetize their attacks, says Helen Short, a cyber threat intelligence analyst at Accenture, who points to usage by some ransomware Pointing out groups that take advantage of internal yield farming Decentralized Finance (DeFi) as an example.
“The concept of yield farming is the same as lending money, with a contract that clearly shows how much interest has to be paid,” she explains. “The advantage for ransomware groups is that the ‘interest’ is legitimate revenue, so it doesn’t need to be laundered or hidden.”
Their analysis has shown that threat actors are increasingly turning to “stablecoins,” typically pegged to fiat currencies or gold, to curb their volatility. She says that in many ways, the fall in crypto values has increased cybercriminals’ risk appetite, spurring them on to more investment scams and cryptocurrency scams.
“Threat actors also play on people’s desperation to make up for their losses,” she says.
While some consumers who’ve lost their wallets may be distraught, others have simply lost interest and aren’t monitoring their accounts as closely, fueling another trend, says Brittany Allen, trust and security architect and fraud researcher at Sift.
“Falling crypto prices have caused consumers to pay less attention to their crypto wallets than they did earlier this year and in 2021, and scammers have taken notice,” says Allen. “This has led to a 79 percent increase in crypto account takeover attacks.”
As an example, she explains that earlier this year her team uncovered a new breed of crypto withdrawal scam on Telegram and dark web forums, where account takeover scammers conspired to target the crypto market during the crash .
“In this scheme, cyber criminals use stolen wallets, bank accounts, or crypto exchange accounts to move or launder illegally acquired funds. Scammer A will advertise their access to stolen funds on Telegram and then find another scammer specializing in crypto account takeover and KYC ( Know Verifying Your Customer Identity) evasive methods,” she says. “Once Scammer B has access to stolen wallets or crypto exchanges, Scammer A sends the stolen funds to Scammer B’s accounts, where they take the funds and split the profits.Each party takes a risk by trusting the other, but if successful, they stand to make tens of thousands of dollars each.”
This aligns with another shift in cybercriminal tactics in 2022, which Short says he witnessed. It’s not necessarily a response to cryptocurrency devaluation, but it is a change in business model to maximize revenue.
“We see threat actors banding together to facilitate an attack, rather than paying each other for their specialized services. This reduces the overall cost of the attack as the agreement represents a fixed revenue cut,” she says.
Ransomware is here to stay
One point on which cybersecurity experts almost agree is that even with a lot of cryptocurrency volatility, ransomware is going nowhere. There was a slight drop in ransomware activity in 2022, but according to Optiv Threat Intelligence Analyst Aamil Karimi, this is more likely due to other variables such as the war in Ukraine.
There have been some significant regroupings of ransomware cartels that have led to a drop in activity more than anything else, and he says cryptocurrencies will be a ransomware of choice for a long time to come.
“It is likely that cryptocurrency will still be the payment of choice requested in extortion incidents. As of now, it is the safest medium for cybercriminals to conduct transactions,” says Karimi. “I don’t expect the activity of cybercriminals or extortionists to slow down.”
Bob Rudi Vice President of Data Science at GreyNoise Intelligence, agrees. There are just too many ransomware soft targets ripe for attack for criminals to ignore, says Rudis. And it’s not like they’re losing money with lower values of the currency, as they’ll set the ransom and likely convert it to material funds before further volatility affects the total.
“Attackers don’t care if they get one unit or a hundred units of a particular cryptocurrency if they ask for $100,000, for example,” says Rudis. “They have the tools, markets and processes to turn ill-gotten crypto gains into something more tangible and will likely stay one step ahead of law enforcement and market regulators.”
Despite headlines about authorities using crypto-mechanisms to financially harm opponents, Rudis says there are “real law enforcement hurdles still exist to stem this flow,” which is why he believes cryptocurrency will remain strong for cybercriminals for some time to come Money laundering will be used Come on.
However, not everyone sees it the same way. Short of Accenture points out that law enforcement has increasingly taken a real bite out of the crooks’ bottom line this year through reclamation transactions, seizures, and more.
“Law enforcement took aggressive action in 2022, including confiscation of funds, sanctions and high-profile arrests,” she says. “It is becoming increasingly difficult to launder and disburse illicit funds, resulting in threat actors trading ‘dirty money’ for other services as they cannot scoop out the illicit funds.”
Ryan Kovar, distinguished strategist and leader of Splunk’s SURGe research team, also notes that the impact of the 2022 crypto crash on cybercrime may have less to do with a potential future cryptocurrency divestment in cybercriminal firms and more to do with changes in the crypto perceived anonymity of the market.
“Ransomware gangs will move away from cryptocurrency, not because of financial instability, although that’s a factor, but more because of traceability,” says Kovar. “Ultimately, crypto isn’t really anonymous.”
He adds, “If you’re a criminal living in a country that supports, encourages, or doesn’t care about cybercrime, then you probably won’t be prosecuted that easily unless you’re really annoying people.”
Expected development in 2023
Experts also believe increasing law enforcement tensions are likely to influence a development of cybercriminal operations in other types of attacks beyond ransomware. Particularly proven ones that already do not depend on cryptocurrencies, such as Business Email Compromise (BEC).
“The FBI’s annual IC3 report [PDF] shows that Business Email Compromise (BEC) is at the top of the list when it comes to fiat coin banking. Advanced technology that mimics human writing, speech and even live video is now almost trivial to use and will rapidly advance in quality,” says Rudis of GreyNoise. “Ransomware groups are first and foremost companies, and it seems logical to assume they would also apply their technical prowess to run more advanced BEC programs.
Meanwhile, attackers are also likely to advance the technology to stay ahead of the authorities in terms of traceability and money laundering.
“Attackers are becoming more sophisticated and breaking the chain of blockchain transactions to try to obfuscate their illicit funds,” Short says. “We will likely see professionalization in cryptocurrency mixers like Tornado Cash, with threat actors offering fast and high quality cash-out-as-a-service offerings.”
She believes this could skyrocket the value of personally identifiable information (PII) in 2023 as it will further drive demand for account takeovers to create mule accounts for payout at the end of various scams.
“It is likely that cybercriminals will continue to convert into stable assets to secure value,” she says, “and we will see an increase in threat actors using more privacy-focused cryptocurrencies that are more difficult for law enforcement to track.” .”
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers
Comments are closed.