Prevent Cryptocurrency Cyber Extortion

Cybersecurity Awareness Month 2022 Series

To solve crime, the old saying still holds: “Follow the money.” But how do you do that for cybercrimes when the money itself is virtually untraceable as is the case with cryptocurrency?

Cybercriminals have shifted away to Bitcoin, which can be tied back to unique individuals, to anonymity-based coins such as Monero. Several dark web marketplaces now use Monero exclusively.

On a recent #TrendTalksBizSec episode, Matt Swenson, Division Chief of the Homeland Security Investigations (HSI) Cybercrime Center, discussed that anonymous crypto coins could be used to track transactions as they travel across the ledger. This makes it impossible to determine the originating and destination addresses in a given transaction.

Enterprises threatened with cyber extortion demanding cryptocurrency need to protect their business. We explored three recent cyber attack types and how enterprises can take quick action to prevent cyber blackmail.

Thwarting cyber extortion

Cyber Attack #1: Ransomware and malicious apps

The growth of ransomware is directly correlated to the rise in cryptocurrency. It’s effortless and instantaneous to request a ransom demand payment in Bitcoin rather than arrange a covert cash drop in exchange for stolen data. But a ransomware attack is hardly the only concern to keep CISOs and enterprise security officers up at night.

Fake or malicious apps are increasingly problematic, as they can be used to harvest private keys, personal information, or other sensitive cryptocurrency-related information. These attacks are designed to bait users into buying paid services or clicking on pop-up ads with the promise of bogus cryptocurrency earnings.

To stop cybercriminals from gaining access to sensitive data and personally identifiable information, implementing a zero trust strategy is most critical. In the zero-trust model, a “never trust, always verify” principal is enforced by only granting permissions to users, devices, applications, or services once they are properly validated and continually reassessed.

Cyber Attack #2: Cloud-based cryptocurrency-mining attacks

Another recent trend is the rise of exploits targeting cloud resources, specifically CPU power, to mine cryptocurrency. The cost of a cloud-based cryptocurrency-mining attack can be US $130 per month for a single machine, according to Trend Micro estimates.

With the ability to instantaneously spin up new instances and the fact that most enterprises rely on multiple clouds, organizations could see a huge spike in resource consumption and related business interruption costs if such malicious uses were to go on undetected. Any organization that does find illicit cryptocurrency-mining on its resources should take it as a warning sign that their cloud infrastructure may be vulnerable to other kinds of attacks.

Continuous assurance and visibility are essential to ensuring cloud infrastructure is properly configured and compliant. These involve:

  • Real-time monitoring of the entire cloud infrastructure
  • Auto-checking against cloud infrastructure configuration best practices
  • Continuous tests against compliance standards
  • Extensive reporting across multiple filters
  • Step-by-step remediation rules with self-healing controls

When combined, visibility and assurance enable automated, proactive prevention of vulnerabilities and help ensure cloud infrastructure security.

Cyber Attack #3: Cryptocurrency scams

The thriving cryptocurrency environment itself provides many opportunities for cybercriminals to exploit, resulting in a constant stream of scams related to cryptocurrency. Earlier this year, Trend Micro discovered 249 fake cryptocurrency wallet apps on Android and iOS that were used to steal more than USD $4.3 million, taking advantage of the fact that cryptocurrency transactions are irreversible.

Enterprises need to be proactive in addressing these types of threats to prevent cyber extortion. Email security is especially important because email is the most frequently used delivery method for these kinds of scams. The latest Trend Micro Cloud App Security Threat Report found that 74.1% of all threats are email-based, with business email compromise (BEC) among the top incidents causing business losses. Furthermore, the FBI reported $2.4 billion in adjusted losses from BEC complaints in 2021.

Because none of these attacks involve malicious links or attachments, they can evade traditional security solutions. Training, culture, and process improvements can help mitigate them—paired with layered messaging security technology that leverages the latest cyber threat defenses such as AI, machine learning, and behavioral analysis in a single dashboard.

Cryptocurrency security needs a coordinated and unified response

Enterprises need a unified cybersecurity platform that provides complete visibility, detection, and response to defend themselves throughout the cyber attack lifecycle. But tackling the bigger cyber extortion issue also requires coordinated action beyond just the enterprise.

The Silk Road example proves this can work. Despite its rapid rise and success, Silk Road was shut down by the FBI in 2013 and the mastermind behind it was arrested and later convicted. Federal agents admitted the use of Bitcoin and Tor to obscure addresses were major obstacles in the investigation but succeeded by working cooperatively with other organizations.

Coordination can start with enterprises reporting incidents to law enforcement agencies. And reporting application vulnerabilities to affected vendors through programs like the Trend Micro Zero Day Initiative™ (ZDI) can also help strengthen cybersecurity overall. The sooner vulnerabilities are identified, the sooner patches can be issued to bolster enterprise defenses.

By combining coordination with a unified cybersecurity platform, enterprises can enhance their posture and protect against the harms of cyber extortion.

Next steps

To learn more about the risks mentioned above, explore these resources:

Read More HERE