According to many experts in the cybersecurity field and to statistics as well, Bitcoin is no longer be the most preferable cryptocurrency used by cybercriminals in their operations. Bitcoin’s high profile and lack of complete anonymity has made cybercriminals turn to other alternatives, known as altcoins. As a result, many things in the crypto / cybercrime world have been changing steadily.
One of the biggest changes is that cybercrime groups have been seeking payment methods in more stable cryptocurrencies. According to Carbon Black, “although bitcoin is still the lead cryptocurrency for legitimate cyber transactions, cybercriminals are moving to alternative and more profitable currencies, such as monero, which is used in 44 percent of all attacks”.
Carbon Black’s research revealed that cybercriminals are “shying away” from Bitcoin when conducting illegal activities or receiving payments. As to why this shift is happening – associated fees are too high, transactions take too long to process and criminals fear losing their ill-gotten gains, the research team pointed out. As we have written several times already, Monero is one of the most preferable cryptocurrency in cybercrime for two reasons – it is impossible to trace and it offers low transaction fees.
Among the other cryptocurrencies that malicious actors prefer are Litecoin, Dash, Bitcoin Cash, Ethereum and Zcash, according to threat intelligence company Recorded Future.
$1.1 Billion in Cryptocurrency-Related Thefts
Statistics reveal that there is at least $1.1 billion in crypto-related theft since December 2017, stolen via malware, phishing attacks and malvertising. Primary target for cybercriminals, however, are cryptocurrency exchanges. Successful heists on exchanges may lead to the theft of hundreds if not millions of dollars.
The threats hanging over cryptocurrency exchanges vary. There have been DDoS attacks on exchanges such as Bitfinex. The first DdoS on this platform was registered on December 4th, 2017, and it continued a few days, until December 7th. However, the attacks were re-established on December 12th when the platform was under a raid for hours before it was stopped.
Of course, DDoS is not the only danger. There have been plenty of cases where cybercriminals have stolen cryptocurrencies held by the exchange platforms; or have successfully collected data on how they operate their KYC (know your customer) processes for anti-money laundering. As with other forms of cybercrime, hackers are also attempting to get inside the exchange itself, to grab information on the people who work there, so that they can conduct other crimes.
According to Carbon Black, of all the attacks they have identified and analyzed, cryptocurrency exchanges are the most vulnerable target for cybercriminals. 27% of the attacks are aimed at exchanges directly.
How Are Attacks on Cryptocurrency Exchanges Occurring?
First of all, there is an array of pre-built tools that come in handy. There are currently an estimated 12,000 dark web marketplaces selling approximately 34,000 offerings related to crypto theft, says Carbon Black.
In addition, these tools cost anywhere from $1 to $1,000, with an average cost of $224. “We also identified a sweet spot in malware pricing for cryptocurrency-related attacks at around $10,” the researchers noted.
Malicious Cryptocurrency Mining Still a Trend
The so-called cryptojacking continues to be a prevalent trend in crypto theft, where systems are injected with malicious code that exploits CPUs and in some cases GPUs to mine for particular cryptocurrencies.
There is also the option of abusing specialized mining hardware especially in the cases when it hasn’t been configured properly or is lacking sufficient security.
An illustration of such an attack involves scanning for port 8545, a JSON-RPC port that provides an admin interface to systems mining for Monero. According to security researchers, this port should never be accessible to the outside world. If it is left wide open, remote hackers would be able to access the admin panel to take control of the mining equipment. This port is configured by default to listen locally.
There have been such cases in March 2018, when security firm Qihoo 360 Netlab said it had found multiple instances of systems with port 8545 open to the Internet. Just a few days ago, Netlab researchers reported that one cyber gang has stolen some $20 million by taking control of mining rigs with port 8545 left wide open.
For further details, take a look at the official Carbon Black report.