5 minute read
How Falling Prices Have Affected Cyber Crime
• Cyber criminals use dark web exchanges because they don’t check user identities.
• These don’t typically store currencies but merely enable the exchange of crypto from one service to another, often at inflated fees.
Advertisement
• These exchanges operate in many ways like legitimate businesses. They need to spend big on advertising, for example, in part to engender trust amongmalicious actors who themselves don’t want to get ripped off.
• Crashingcrypto currency prices are squeezingdark web exchanges. This reduces incentives for threat actors because it reduces income, makes vulnerability purchasingmore expensive and cuts revenue needed to fund Malware-as-a-Service organizations.
• In other words, fallingcrypto prices kneecapped the purchasingpower of organizations usingcrypto for illegal activities.
• During the rapid declines in early 2022, exchanges tried to convert their crypto to fiat currencies, such as the U.S. dollar (a currency issued by a government not backed by a physical commodity, such as gold or silver), but the value after conversion wasn’t enough to sustain the business.
• Advertisingfor dark web exchanges nearly stoppedin the Spring of 2022. Many went bankrupt or out of business.
• The crypto currency value drop radically slowed financial crimes, includingillegal dark web transactions. Losses for the first half of 2022 were way down, accordingto block chain data company Chain alysis. Scammer income dropped by two-thirds — 65% — for the first seven months of the year.
• It’s easy to conclude that the drop in the value of crypto currencies directly caused the decline in scam revenue. But that would be a mistake.
• This drop wasn’t due entirely to the drop in crypto currency, accordingto the report. Both potential victims and police chalked up notable successes in counteringsuch scams. In other words, the general defense against some of these crimes has improved, and credit there is due.
• Another point to consider is that total annualscam revenue is usually determined by a very small number of very large scams.One massive scam could upend these numbers and reverse the trend.
• In addition, the crash caused crypto currency transactionvolumes— both legitimate and illegal — to fall. So it reduced “good” transactions in equal measure as “bad” ones.
• Also, ransomware gangs likely don’t care if the value of crypto currencies is low. They demand ransoms typically in U.S. dollar amounts in the form of whatever quantity of crypto currencies are equivalent at the time of demand.
• While there may be a disincentive to strike while crypto is rapidly declining, once it hits bottom, that disincentive is removed. Volatility in one direction (down)disincentivizes ransomware temporarily. Unfortunately, ransomware is here to stay.
• Most importantly, however, it would also be a mistake to assume that crypto currency valuations will stay low, or that reductions in crimes that rely on crypto currencies will stay low. The consensus amongexperts is that such crimes will come roaringback to life.
Emerging Threats
Ransomware Extortion
• Ransomware began as malware focused on extorting payments via data encryption. By denying legitimate users access to their data by encrypting it, the attackers could demand a ransom for its recovery.
• However, the growth of ransomware threats has resulted in focused security research designed to identify and remediate these threats. The process of encrypting every file on a target system is time-consuming — making it possible to save some data by terminating the malware before data is encrypted — and companies have the potential to restore from backups without paying the ransom.
• Double extortion attacks added data theft to data encryption, and some ransomware operators have shifted to focus solely on the extortion effort, skipping encryption entirely. These ransomware data breaches are faster to carry out, harder to detect, and cannot be fixed using backups, making them a more effective approach for cybercriminals and a greater threat to businesses.
Cloud Third-Party Threats
• Companies are increasinglyadopting cloud computing, a move with significant security implications.Unfamiliaritywith cloud security best practices, the cloud shared security model, and other factors can make cloud environmentsmore vulnerableto attackthan on-prem infrastructure.
• While cybercriminals are increasingly targeting cloud infrastructure with exploits for new vulnerabilities,an emerging and worrying tactic is the targeting of cloud service providers. By targeting cloud service providers and cloud solutions with their attacks,a cybercriminal can gain access to their customers’ sensitive data and potentially theirIT infrastructure. By exploiting these trust relationshipsbetween organizationsand their service providers, attackers can dramatically increase the scale and impact of their attacks.
• These attempts to infect user’s mobile devices have expanded from fake apps to cracked and custom versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as malicious APKs via direct downloadsand third-party app stores. These apps are designed to take advantageof name recognition to slip malware onto employee devices.
Wipers and Destructive Malware
• While ransomware and data breaches are some of the most visible threats to corporatedata security, wipers and other destructive malware can have even greater business impacts. Instead of breaching information or demanding a ransom for its return, wipers delete the data entirely.
• While wipers havebeen relativelyrare in the past, they experienced a resurgence in 2022. Multiplefamilies of wipers havebeen developed and deployed againstUkraine as part of its conflict with Russia. Other countries, including Iran and Albania,have also been targeted by destructive cyber attacks, indicatingits growing popularityas a tool for hacktivismand cyber warfare.
Weaponization of Legitimate Tools
• The line between legitimate penetrationtestingand system administration tools and malware can be a fine one. Often, functionality that cyber threat actors would build into their malware is also built into their targets’ operatingsystems or available via legitimate tools thatare unlikely to be recognized as malware by signature-baseddetectiontools.
• Cyber threat actors have been increasingly takingadvantage of this to “live off the land”in their attacks. By leveragingbuilt-in features and legitimate tools, they decrease their probability of detection and improve the likelihoodof a successful attack. Also, the use of existingsolutions can help to scale attack campaigns and allow cybercriminals to use the state of the art in hacking tools.
Zero-DayVulnerabilities in Supply Chains
• Zero-day vulnerabilities pose a significant but transient risk to corporate cyber security. A vulnerability is a zero day when it has been discovered but no fix is available for the issue. Duringthe window between the initial exploitation of a vulnerability and the vendor’s release of a patch for it, cybercriminals can exploit the vulnerability unchecked. However, even after a patch is available, it is not always promptly applied by businesses. Some cyber attack campaigns target vulnerabilitiesthat have been known and “fixed” for months or years. Various reasons exist for these delays, includingresource availability, security visibility, and prioritization.
• One area where zero-day attacks and unpatchedvulnerabilitiesare especially concerningis the software supply chain. Often, companies lack full visibility into the third-party, open-source code that their applications use. If these external librariescontainunpatchedvulnerabilities, cybercriminals can leverage them to attack the organization. Additionally, widely-used vulnerable libraries create potential attack vectors against multiple organizations.
Global Attacks on Business
• Cybercrime is a problem that is rapidly growingon a global scale. In Q3 2022, global cyber attacks increased by 28% compared to the same quarter in 2021. Goinginto 2023, this trend is only likely to continue. A mature corporate cyber security program needs to be capable of defendingagainstthreats originatingfrom all around the world. This includes comprehensive threatprotection, round-the-clock monitoring, and access to up-to-date threat intelligence.
