Treasure is no longer only gold or cash, but history seems to repeat itself as the value of cryptocoins remains extremely attractive.
The past week has been another illustration of how appealing crypto coins are also to criminals. Thus, it is no longer surprising that most ransomware demand payments in cryptocurrencies. New attack processes like cryptojacking, have been introduced over the past few months- making cryptocurrencies even more vulnerable in terms of cybersecurity. Today, we are gathering insights on the latest cryptocurrency risks and criminal trends.
Ransom and theft strategies: classic processes applied to the crypto-world
GrandCrab: “One of the most aggressive ransomware of 2018”
Ransomware is currently one of the most prominent cyber threats and Grandcrab has set the bar high for 2018. This malware is a file-encrypting program which, after a few social engineering tricks will lock one’s files. According to Europol, it is already one of the most aggressive forms of ransomware of the year as it has already made more than 50,000 victims, asking a ransom payment of USD 300-500 in Dash cryptocurrency. This week, a new decryption tool was released by the Romanian police in collaboration with Europol and Bitdefender. It is free and available on www.nomoreransom.org and should eventually limit the financial gain of the criminals behind it.
Crypto Theft: from malware to simple real-life tricks
Asking cryptocurrency as a ransom or illegally using devices to mine them are two currently popular processes which do not imply to directly steal them from others. Of course, it is also a thing as the following cases will show.
- Crypto stealer malware
Early this year, a trojan cryptocoin stealer was discovered, called Evrial The malware replaces legitimate addresses and URLs with addresses linked to the attackers, who may have bought access to the platform as a service. It silently changes the addresses in the Windows Clipboard. According to ElevenPaths 0.122 BTC and 0.0131 Litecoins. The platform is also available as a service on a Russian Criminal forum for 1,500 Rubles.
Last week, PaloAlto Network discovered a new crypto stealing malware named ComboJack. The malware operates through a similar process than Evrial, stealing crypto coins and regular money by changing the recipient addresses before the consumer finalizes its payment. Victims’ devices get infected through a phishing campaign, containing a PDF with information of a lost passport.
- Physical cybersecurity
The co-founder of Apple, Steve Wozniak, has also been recently ‘robbed‘ as he intended to sell 7 Bitcoins. The buyer used a stolen credit card number which led to a canceled transaction, as the token had already been received. This is another case of physical cyberthreat where the physical and cyber worlds collide. It is one of the five most prominent threats in 2018 according to CBR online.
In December and January, a so-called “Big Bitcoin Heist” got 600 Icelandic servers stolen, making hardware kidnapping officially a cryptocoin burglary technique. The theft is estimated at $2million.
Ransomware and crypto theft can both be very profitable but limited in time as awareness raises, decryption tools are deployed and investigations proceeds. It has led criminals to think new ways to get more cryptocoins. Research from both Cisco and Kapersky labs showed crypto jacking is being favored by attackers over ransomware attacks to get cryptocurrencies. Indeed, this type of attacks requires little effort to infect a computer with fewer chances to be detected, making it a very lucrative business.
Cryptojacking: the new malicious trend
So how do computers get infected?
One famous example implies Youtube, as the ads were used as ground zero to spread the malware.
- Cracked Games
- Pirated software
In late February, researchers at Trend Micro have discovered a new campaign exploiting CVE-2017-10271, a patched Oracle Weblogic WLS-WSAT vulnerability that allows for remote code execution. The campaign delivers two Monero miners at once, a 64-bit and 32-bit variant. The miners operate automatically.
Earlier this year, another vulnerability found on WebLogic/PeopleSoft servers was exploited and the hack is said to have brought attackers $226,000 worth of cryptocoins.
In most cases, the mining is likely to remain unknown as little consequences can be experienced. Mining only costs a lot of power and may eventually slow down devices. However, Tesla recently had to deal with proprietary data leak as one of its cloud accounts was hacked in order to mine cryptocurrencies. Security researchers found out the servers was running Kubernetes used for mining, thanks to well-hidden cryptojacking campaign.
Some malware scanners are starting to detect mining malware. According to our experts though, the best way to remain protected is to patch, update systems and software regularly and above all, to raise cyber awareness as most processes start with phishing tricks.
Who is behind it?
The report made by Kapersky Lab profiles three groups of mining criminals:
- Built 10,000 botnets from consumers to corporate PCs.
- Mining Monero
- Prerequisite: unpatched vulnerabilities
- Further processes: process hollowing and Microsoft Windows Task Scheduler manipulation
- Specific targets
- Prior access to the Network
- Hard coded information on the Power Shell script.
- Private Monero mining pool
- Sells but does not use it
- Customizable kits inspired by kits advertised on the Dark Web
- Less advanced actors can now cryptojack.
Cryptocurrency is currently a valuable asset hitting the trends in cyber-attacks and as the value increases, concerns should as well. Thefts can operate via physical cybersecurity strategies and use real-life tactics, making crypto theft ridiculously easy to achieve. Furthermore, cryptojacking has been a major rising trend over the past few weeks, as it secretly and illegally uses people or organization’s devices to mine crypto coins with in some cases, damaging consequences such as data leaks. Eventually, the existence of cryptojacking-as-a-service platforms proves that the demand for such tools from financially-motivated criminals is not about to fade, rising crypto security as a major security concern for the near future.