Cryptocurrency: How the hype cycle is helping cybercriminals flourish


Trevor Reschke Head of Threat Intelligence

Unless you live on Mars, you are now aware of Bitcoin and maybe even its lesser known cryptocurrency siblings like Ethereum and Litecoin. What was once an experiment on an encryption mailing list, now has a greater asset value than Visa and this week started trading futures on a major stock exchange.

For those who don’t know, Bitcoin is a digital currency created by repeatedly running a complex algorithm that takes a vast amount of computing power to run. The difficulty and expense involved with this process means it is challenging to produce. This, in combination with the fact that people are willing to accept Bitcoin in exchange for goods and services, gives it innate value.

Driven by huge publicity, that value has been skyrocketing as more and more people are buying Bitcoin, typically using the numerous exchanges setup to facilitate this, such as Coinbase and Kraken. These sites will happily let you convert money into cryptocurrency using a credit or debit card. Once bought, your cryptocurrency is stored in your own digital ‘wallet’ – a collection of private keys unique to the portion of Bitcoin you own.


What’s the threat?


If Bitcoin wallets are encrypted, the “money” should be completely safe, right? Unfortunately, not. As with most emerging technology with a high profile and potential, Bitcoin has attracted the attention of the dark side of the Internet. The decentralized and unregulated nature of Bitcoin makes it attractive to cybercriminals who, hidden behind a VPN and on bulletproof hosting, endeavor to do anything from emptying individual personal wallets to stealing $68m from exchanges. Once you’ve lost control of your Bitcoin account, it is extremely difficult to follow the money trail and recovery rates are abysmal.

As always, malware writers have seized the opportunity, building a number of cryptocurrency-specific functions into their payloads. Most common are the keyloggers that steal cryptocurrency exchange login credentials. Once an attacker has access to the user’s exchange account or digital wallet, coins can be moved with very little chance of seeing them again.

Much of the keylogging malware now on the market has updated itself beyond traditional bank credential stealing capabilities to take this into account. This malware is both active, searching computers for cryptocurrency-related keywords and stealing exchange logon details, and passive – harvesting keystrokes that are typed into a browser. The more entrepreneurial keylogger can also take a more circuitous approach to gaining access to a user’s wallet, harvesting email logons and using these to reset Bitcoin exchange account credentials. As mobile network hacking grows in popularity, it also is now possible to intercept 2FA details by acting as a man in the middle.

There are also more creative malware-borne attacks on individual cryptocurrency users as well. For example, CryptoShuffler – a Trojan that searches for wallet transactions copied onto the user’s clipboard. When it spies these, it replaces the legitimate destination wallet with that of the attacker, sending funds directly to the cybercriminal.

That is not all criminals are doing to make money from cryptocurrency. They are also using distributed denial of service (DDoS) attacks to extort exchanges, which rely heavily on being available and enabling fast transactions. Using the threat of knocking exchanges offline by throwing the combined force of a vast number of hijacked bots at them during peak trading periods, criminals demand quick money.

Such attacks often threaten financial damage that dwarfs the cost of paying the ransom; which unfortunately makes paying the ransom look like the only choice, further fueling the extortion cycle. In a nascent market, the reputation sites such as Coinbase have is crucial, so the last thing they want is customers being locked out and unable to make transactions in a time-critical period such as a flash-rally. It is not just exchanges in the firing line though, with mining pools, developers and even personal blogs a target.


How can people remain safe?


(1) As a lot of the keylogging malware still manages to bypass traditional anti-virus software, Bitcoin owners should employ endpoint protection software specifically designed to stop keylogging malware.

(2) Secondly, people should make sure they use a unique password for their cryptocurrency and exchange accounts. Something complex, not easily guessed and changing the passwords on a regular basis is crucial.

(3) 2FA must be enabled on exchange accounts, while there are some vulnerabilities with SMS, it is a valuable additional layer of security.

(4) If you are moving funds between wallets, check the destination wallet number thoroughly before executing. Otherwise your hard-earned coins could be going somewhere completely unknown, probably for good.

(5) Finally, the companies with consumer-facing offerings in the cryptocurrency market can adopt enterprise offerings that protect the user. We at Trusted Knight have battled the evolving professional cyber criminals for over twenty years. We’ve developed unique technology focused on protecting the entire transaction stack, stopping the same exact techniques in the financial space. The only difference here is the type of data being targeted.