The implosion of the FTX exchange punctuated the 2022 cryptocurrency crash. One of the natural questions for those in the cybersecurity world is how this rapid devaluation of cryptocurrencies will change the cybercrime economy.
During and even before the recent cryptocurrency boom, cybercriminals have abused cryptocurrencies to build their empires. The cryptocurrency market offers a terrifying medium for ransomware. It’s a hotbed of fraud for consumers looking to steal wallets and accounts. Traditionally, it has provided a large amount of anonymous cover for money laundering on the back end of various cybercriminal enterprises.
Still, cybersecurity experts and intelligence analysts say that while there are certainly shifts in trends and tactics that they believe are loosely tied to the cryptocurrency crash, the long-term impact is yet to be concluded. not.
Cryptocurrency Trends and Tactical Shifts in 2022
Regardless of the value of cryptocurrencies, cybercriminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetize their attacks, said Helen Short, cyber threat intelligence analyst at Accenture. increase. Decentralized finance (DeFi) as an example.
“The concept of yield farming is the same as lending money, with a contract that clearly states the interest you are required to pay,” she explains. “The advantage for ransomware groups is that the ‘interest’ is their legitimate revenue, so there is no need for laundering or concealment.”
Her analysis shows that attackers are increasingly turning to “stablecoins.” Stablecoins are usually tied to fiat currency or gold to reduce volatility. In many ways, she said, the decline in cryptocurrency values has increased the risk appetite of cybercriminals, fueling more investment and cryptocurrency fraud.
“Threat actors are also capitalizing on people’s desperation to recoup their losses,” she says.
While some consumers may be desperate to lose value in their wallets, other consumers simply lost interest and didn’t look at their accounts as closely, creating a different trend, says Sift. said Brittany Allen, trust and safety architect and fraud researcher at .
“The plunge in cryptocurrency prices has made consumers pay less attention to cryptocurrency wallets than they did earlier this year or in 2021, and scammers have noticed,” says Allen. “This has increased his crypto account takeover attacks by 79%.”
For example, her team said it discovered a new type of cryptocurrency cashout scam on Telegram and Dark Web forums this year.
“In this scheme, cybercriminals use stolen wallets, bank accounts, or crypto exchange accounts to move or launder fraudulently obtained funds. Advertise on Telegram and find another scammer who specializes in crypto account takeover and KYC (know customer identity verification) bypass methods,” she says. “If scammer B provides access to a stolen wallet or cryptocurrency exchange, scammer A will transfer the stolen funds to scammer B’s account, where they will pour the funds and split the profits. will trust each other and take risks, but if they succeed, they will survive.To make tens of thousands of dollars each.”
This coincides with another shift in cybercriminal tactics for 2022, which Short said he witnessed. This is not necessarily a response to the devaluation of cryptocurrencies, but a shift in business models to maximize revenue.
“We see threat actors partnering to facilitate attacks rather than paying each other for specialized services. It reduces the overall cost of production,” she says.
Ransomware is here to stay
One thing cybersecurity experts have almost unanimously pointed out is that even with extreme cryptocurrency volatility, ransomware is going nowhere. Ransomware activity declined slightly in 2022, but this was due to other factors such as the war in Ukraine, according to Optiv Threat Intelligence his analyst Aamil Karimi.
There has been a major restructuring of the ransomware cartels that will likely lead to a decline in activity more than anything else, and he said cryptocurrencies will remain a priority extortion demand for a long time to come.
“The payment option demanded in extortion cases is likely still to be cryptocurrencies, which are currently the safest medium for cybercriminals to conduct transactions,” Karimi said. “We do not expect cybercrime or extortion activity to slow down.”
Bob Rudis Vice President of Data Science at GreyNoise Intelligence, I accept. According to Rudis, there are too many targets for his ransomware that criminals can’t ignore. And since they’re the ones who set the ransom, they don’t lose money if the currency is worth less, plus they might convert it into tangible money before volatility hits the whole thing. .
“An attacker doesn’t care if he gets 1 unit of a particular cryptocurrency or 100 units when he asks for, say, US$100,000,” Rudis said. “They have the tools, the markets and the processes to convert ill-gotten cryptocurrency gains into something more tangible and will always be one step ahead of law enforcement and market regulators.”
Despite making headlines in the news that authorities are using cryptographic mechanisms to inflict economic damage on adversaries, Rudis said, “There are real law enforcement hurdles to stop that flow. There is still come.
However, not everyone sees it the same way. The Short of Accenture points out that law enforcement this year is increasingly preying on scammers’ profits through clawback his transactions, seizures and more.
“Law enforcement has taken aggressive steps in 2022, including seizures of funds, sanctions and high-profile arrests,” she says. “It is becoming increasingly difficult to launder and cash illicit funds, and as a result, attackers are unable to retrieve illicit funds, so there is a tendency to exchange ‘dirty cash’ for other services. It’s in.”
Ryan Kovar, a noted strategist and leader of Splunk’s SURGe research team, believes that the cybercrime impact of the 2022 cryptocurrency crash is more important than the changes in cryptocurrencies to future potential for cybercriminal enterprises. He points out that it probably has little to do with the sale of cryptocurrencies. The perceived anonymity of the market.
“Ransomware gangs are trying to stay away from cryptocurrencies not because of financial instability, which is one factor, but more because of traceability. is not really anonymous.”
He added, “If you’re a criminal living in a country that doesn’t support, sponsor, or care about cybercrime, you probably won’t get prosecuted easily unless you really offend people.
Expected evolution in 2023
Experts also believe that increased friction by law enforcement will likely influence the evolution of cybercriminal activity around other types of attacks besides ransomware. Like Business Email Compromise (BEC), it has notably proven not to rely on cryptocurrencies.
“FBI Annual IC3 Report [PDF] shows that when it comes to fiat banking attackers, business email compromise (BEC) tops the list. Advanced technology that mimics human writing, speech, and even live video will now be almost trivial to use and will evolve rapidly in quality,” says Rudis of GreyNoise. They will also apply their technical skills to implement his more advanced BEC scheme.
Meanwhile, attackers may continue to advance their technology to stay one step ahead of authorities when it comes to traceability and laundering.
“Attackers are getting more sophisticated and trying to break the sequence of blockchain transactions to obfuscate illicit funds,” Short said. “We are likely to see specialization in cryptocurrency mixers such as Tornado Cash, with attackers offering fast, high-value ‘cashout as a service’ offerings. ”
In 2023, she believes this could drive the value of personally identifiable information (PII). This is due to the increased demand for account takeovers to create Mule her accounts to cash in on the backend of various scams.
“Cybercriminals are likely to continue to convert to stable assets to secure value, and threat actors using more privacy-focused cryptocurrencies that are harder for law enforcement to track. can be seen to increase.”