High value and anonymity have made cryptocurrency the de facto currency for cybercriminals—and made preventing cyber extortion top of mind for law enforcement and enterprises.
Cybercriminals are looking beyond Bitcoin to stay hidden
Researchers have recently shown how address-linking techniques can be used to tie Bitcoin addresses back to unique individuals. That’s called into question the fundamental value proposition of privacy that Bitcoin has staked its name on since its early days. Cybercriminals, already one step ahead, have started to shift to anonymity-based coins such as Monero, which are much harder to trace. Several dark web marketplaces now use Monero exclusively.
Matt Swenson, Division Chief at the Homeland Security Investigations (HSI) Cybercrime Center, explained on a recent #TrendTalksBizSec episode that anonymous crypto coins seek to obfuscate any origination information that could be used to trace the transactions as they move across the ledger. This makes it impossible to determine the originating and destination addresses in a given transaction.
While law enforcement agencies struggle with untraceable cryptocurrency transactions, enterprises threatened with cyber extortion demanding cryptocurrency need to protect themselves. Fortunately, there are defensive measures that can be taken.
Thwarting cyber extortion
Three recent attack types underscore why it’s important for enterprises to take quick action to prevent cyber extortion via cryptocurrency.
Ransomware and malicious apps
Cryptocurrency has made it easy for cybercriminals to monetize ransomware attacks: it’s effortless and instantaneous to demand payment in Bitcoin. But the growth of ransomware is hardly the only concern to keep CISOs and enterprise security officers up at night.
Fake or malicious apps are increasingly problematic, as they can be used to harvest private keys or other sensitive cryptocurrency-related information. Looking into the future of the metaverse or crypto-monetized web, other methods of stealing private keys and mnemonic phrases are likely to emerge.
Of all the steps an enterprise can take to protect itself against the ever evolving and never-ending stream of malicious apps, implementing a zero trust strategy is most critical. In the zero trust model, a “never trust, always verify” principal is enforced by only granting permissions to users, devices, applications, or services once they are properly validated and continually reassessed.
Cloud-based cryptocurrency-mining attacks
Another recent trend is the rise of exploits targeting cloud resources, specifically CPU power, to mine cryptocurrency. The cost of a cloud-based cryptocurrency-mining attack can be US $130 per month for a single machine, according to Trend Micro estimates.
With the ability to instantaneously spin up new instances and the fact that most enterprises rely on multiple clouds, organizations could see a huge spike in resource consumption and related costs if such malicious uses were to go on undetected. Any organization that does find illicit cryptocurrency-mining on its resources should take it as a warning sign that their cloud infrastructure may be vulnerable to other kinds of attacks.