Cryptocurrency is the facilitator and enabler of most ransom attacks, according to Guy Segal, vice president cyber security services Asia-Pacific at Sygnia.
Segal describes the relationship between cryptocurrency and cybercrime as multi-dimensional.
“First, whenever you deal with ransom, ransom is being paid in cryptocurrency. Usually, but not always Bitcoin,” he said.
“The other issue is that the cryptocurrency companies – exchange firms – are very fragile and very vulnerable to be under attack. While if you’re attacking a real bank you can damage the bank and you can ask for a ransom, if you’re attacking a cryptocurrency exchange, you can run with the money out of the bank.”
As Bitcoin and the cryptocurrency markets have plummeted in the last few weeks, Segal said that this has had a unique effect on negotiations between victims of cybercrime and the attackers.
“The Bitcoin rate has crashed, I think more than three times lower than the records at the moment, and it’s very dynamic daily. From many threat actors’ point of view, that means that you cannot agree on a deal based on the number of Bitcoins, but the negotiation will be concluded on the US dollar amount.
“For instance, if you could once agree on 40 Bitcoin and then know that it’s going to be around $2 million, now the threat actor doesn’t have any certainty when he agrees on 40 Bitcoins Monday, how much will that be in US dollars, by the end of the week?”
According to Segal, Bitcoin has anonymised threat actors, keeping them safe, secure and largely preventing them from being caught.
New research from cybersecurity company Proofpoint reveals the methods and techniques that threat actors are leveraging to exploit cryptocurrencies and digital tokens or NFTs.
The authors name cryptocurrency credential harvesting, cryptocurrency transfer solicitation and commodity stealers that target cryptocurrency values as the three fundamentals of a phishing campaign targeting crypto.
“Proofpoint researchers observe multiple objectives demonstrated by cybercriminal threat actors relating to digital tokens and finance such as traditional fraud leveraging business email compromise (BEC) to target individuals, and activity targeting decentralised finance (DeFi) organisations that facilitate cryptocurrency storage and transactions for possible follow-on activity. Both of these threat types contributed to a reported $14 billion in cryptocurrency losses in 2021,” the report says.
According to senior director of threat research and detection at Proofpoint Sherrod DeGrippo, “Cybercriminal threats to cryptocurrency are not new, however as the general public experiences growing adoption of cryptocurrency, people may be more likely to engage with social engineering lures using such themes.
“There is no easier method of financial extraction than the illicit transfer of cryptocurrency.”