Cryptocurrencies have revolutionized the economics of cybercrime, with a noticeable impact on threat actors’ Tactics, Techniques, and Procedures (TTP’s).
In the early days of cybercrime, it has always been easy to obtain credit card numbers from e-commerce websites due to poor cybersecurity implemented in them, converting these into cash has required more than just computer skills and frequently exposed the hacker to real-world risk. For the 1st and 2nd generation of hackers, the currency were lists of password and shells, zero days and exploits. In the beginning, cybercriminals used a variety of approaches to generate cash from their activities:
Stealing sensitive data and finding a buyer. In 2006, two criminals stole the recipe of Coca-Cola and tried to sell it to Pepsi. But, Pepsi acted like antivirus and alerted the authorities, and the perpetrators were caught and prosecuted. Next in 2008 of a Greek hacker stolen weapons data from France’s Dassault Group and sold them to several nation states.
The oldest most famous examples are the story of Karl Koch and the KGB hackers, who broke into US defense contractor systems for the KGB in return for cash and drugs. Karl Koch died in a suspicious suicide in 1989 that many still suspect were a murder.
In 2007, Nokia paid millions of Euro to cybercriminals who had stolen a digital signing key for Nokia’s Symbian OS. The current variation of cyber extortion is of course ransomware.
The challenge for the hacker is how to get the money without being apprehended. For example, a wire transfer and even PayPal leave an audit trail, and a cash exchange requires physical interaction.
Identity Theft and Credit Card Fraud
The first attempts hackers made at credit card fraud were primitive. Using stolen credit card data hackers would order a high-value item such as a laptop to an address were the hacker knew no one was at home. Afte this they would then pretend to be the resident of the property to get the pray.
Wire transfer fraud
The theft of banking or other payment-related credentials are the oldest financial frauds. This kind of frauds lead to the creation of the first antivirus for Windows and later to the first antivirus for Mac. For example, PayPal was often stolen via social engineering or a Trojan, to transfer funds out of the victim’s account subsequently. Because of those early data-stealing Trojans now we have a variety of reliable cybersecurity solutions.
This is the early challenges of traditional Cybercrime Monetization – Complexity and Risk.
The hacker was rarely autonomous and independent, and the risk of getting caught, especially when transferring the stolen profit into his own hands. Even using the best method of hacking, a cybercriminal would still have to take big risky decisions and actions that:
1. They force him to move beyond the virtual because back then monetization required interaction with the real world.
2. They make him rely on dangerous and unpredictable 3rd parties, such as nation-state intelligence services or hardened criminals.
3. They require a sophisticated and complex infrastructure or human organization
4. Getting the actual profit and converting it into cash anonymously it was difficult and needed multiple steps to launder the money.
The most significant problem that cybercriminals have always had was how to turn data into currency. Now data is currency.
The role of Cryptocurrencies in the new Cybercrime Economy
Cryptocurrencies possess some characteristics that solve the complexity and risk challenges for monetizing hacking:
1. They are anonymous
2. They are unregulated
3. They represent a direct store of purchasing value, even if they need to be converted from one cryptocurrency into another
4. They can be stolen themselves, or resources can be stolen to mine them
Cryptocurrencies have a significant impact on the threat landscape and threat actor’s TTP’s:
1. Cryptojacking, the method used by the hackers where system resources are hijacked to mine cryptocurrencies, this cybersecurity problem is up by 725% over the past four months. Keep your system safe against this kind of cybersecurity threat by installing a reliable cybersecurity solution. Depending on which OS you are using install an antivirus for Windows or install an antivirus for Mac to be adequately protected against all type of miners.
2. Ransomware, which now generally demands payment in BitCoin, has increased by 90% in 2017.
This method effects in the majority of time companies that are poorly cyber secured. A robust cybersecurity solution can be implemented by cybersecurity specialists only after their run some advance cybersecurity tests to your company network, like penetration tests, and ethical hacking tests. This kind of checks must be made 3 or 4 times per year because cyber security threats evolve and you must find and fix any cybersecurity flaws as soon as they are discovered. If your business is a 100% online business consider using only cyber secure web hosting services.
3. Bitcoin exchanges have been targeted in some high profile breaches
4. Bitcoin users have been specifically targeted to steal their wallets