Cybercrime & Cryptocurrency
Since Bitcoin’s creation 13 years ago, there has been a huge surge in its and other cryptocurrencies’ worth. With its growing popularity, there has also been an increase in security concerns. Some cryptocurrencies have already been the victim of ransomware attacks and other security breaches by hackers such as ZenCash and Ethereum Classic that have both lost millions of dollars to blockchain security issues. Because of the way blockchain works, the data on the chain is potentially viewable by all the users. This can lead to both security and privacy issues.
Blockchain, Cryptocurrencies and Bitcoin
Blockchain is a distributed, fixed ledger that makes it easier to record transactions and track resources across a peer-to-peer network. To avoid a central point of failure, every computer in a blockchain network keeps a copy of the ledger, and all copies are updated and validated simultaneously.
Cryptocurrency & Bitcoin
Cryptocurrency is a type of currency that’s digital and decentralized. Cryptocurrencies can be used to buy and sell things, and their potential to store and grow value has also caught the eye of many investors.
There are thousands of different cryptocurrencies available today. The most popular and the original is Bitcoin, which was created in 2009. Each Bitcoin is a computer file which is stored in a ‘digital wallet’ app on a phone or computer. People can send Bitcoins (or part of one) to your digital wallet, and you can send Bitcoins to other people. Every transaction is recorded in the blockchain. This makes it possible to trace the history of Bitcoins to stop people from spending coins they do not own, making copies or undo-ing transactions.
Other common cryptocurrencies include Ethereum, XRP, and Bitcoin Cash. Each of these currencies serves a different purpose, with some optimized for use in place of cash, and others designed for private, direct transactions.
The technology that fuels blockchain is secure in one respect, being decentralized and public as well as each transaction being encrypted. However, unlike money you might have in a bank which is insured by the American FDIC and similar bodies across the world, cryptocurrencies lack the same protection as standard currencies. If your funds are lost or stolen, they can be especially difficult to recover due to the decentralized nature of blockchain and lack of any governmental oversight.
NFTs and Cybercrime
NFTs, or non-fungible tokens, are unique digital assets, including jpegs and video clips, that are represented by code recorded on the blockchain, a database and banking center for cryptocurrency. Each NFT can be bought and sold, just like a physical asset, but the blockchain allows for ownership and validity to be tracked.
There may be a new, darker side emerging – the auctioning of cybersecurity exploits.
According to the online art community, Hypoallergenic, One man had his Nifty Gateway account compromised and his entire NFT collection cleared out in a matter of minutes. The hacker transferred his NFTs to another account and used his credit card on file to purchase more than $10,000 worth of Nifty’s daily “drop,” which they also transferred; then, they sold the stolen NFTs via the messaging app Discord.” This large investment was stolen out of Miraflor’s account without his or Nifty Gateway’s knowledge.
Hypoallergenic states that the fraudulent charges to his credit card company were able to get his money back. According to Nifty Gateway policy, any purchase made using their credit card is able to be refunded. Many other platforms like Foundation, super rare, and MakersPlace require the use of cryptocurrency according to Hypoallergenic. But when he reached out to Nifty’s support team regarding the stolen NFTs, he was told they could not transfer the digital tokens back to him. Transactions cannot be reversed on the blockchain, and per Nifty’s Terms of Service, Miraflor’s NFTs now legally belong to the users who purchased them fair and square — even if they were bought from a hacker.
Making a large investment is risky enough without the added risk of having it stolen from you. Keeping your devices up-to-date, being cautious of malware, staying on guard from phishing are just a few things you can do to help mitigate your risk of being hacked.
Increasingly, cryptocurrency is becoming a tool for cyber criminals. They can attack any business and ask for ransom in digital currencies as this form of cybercrime is untraceable, and no evidence leads back to the perpetrators. With cryptocurrencies spreading across the business world, cybercrime has become a real threat. Bitcoin now accounts for around 98% of ransom payments. Criminals often deploy ransomware attacks by running code to encrypt data and then demanding payment in the form of cryptocurrency to release it. As identities can be hidden in Bitcoin wallets, it is the obvious choice for cyber criminals to get what they want and remain anonymous.
For example, in May 2021, a ransomware attack struck the Colonial Pipeline. A hacker group known as DarkSide forced the company to shut down over 5,000 miles of pipeline in the southeastern United States until the hackers received a total of $5 million in bitcoin ransom payments. Fortunately, U.S. law enforcement officials were able to recover $2.3 million of the ransom paid after identifying a virtual currency wallet the hackers used to collect the payment. However, in total, DarkSide reportedly has been paid $90 million in bitcoin ransom payments from 47 victims, with the average amount being $1.9 million.
Stealing Crypto Keys
In addition to enjoying the anonymity of cryptocurrencies, cyber criminals also use the abundance of unsecured areas of these new technologies by stealing account keys of crypto wallets. By stealing the account keys of crypto wallets, cyber criminals can permanently lock users out, gaining access to entire investments. For this reason, it’s crucial that crypto accounts are treated with the utmost caution.
One of the biggest signs of a cyber scam is when a cybercriminal asks an individual or company to pay by cryptocurrency. Whenever there’s a request to pay by gift card, wire transfer or cryptocurrency, it’s a major red flag that you’re about to fall victim to a cyber attack. Once the scammer is paid in one of those ways, it becomes nearly impossible to recover the money. Cryptocurrency can be mysterious, complicated and confusing to many people, and as it continues to grow in popularity, so does the opportunity for crypto scams. The FTC reports that between October 2020 and May 2021, Americans lost over $80 million to cryptocurrency scams.
Cryptojacking is one of the most common ways that cyber criminals access users’ accounts. This is the practice of hijacking a computer to mine cryptocurrencies without the user’s knowledge. Usually, no personal information is stolen whilst the code is running to avoid detection for a long period, in which time a cyber criminal can make a significant amount of money.
Another way cyber criminals utilize cryptojacking is through the cloud. ‘Cloud cryptojacking’ occurs when hackers steal an organization’s credentials to gain access to their cloud environment where they run their cryptojacking code, rather than on a local device.
Investment scams, for example, lure individuals to websites with seemingly legitimate testimonials and credible-looking charts and wording that make it appear an investment is growing. However, the victim is asked to send more crypto when they attempt to withdraw their profits and soon find out they get nothing in return.
Avoiding Crypto Scams
1. Brush Up On Your Cybersecurity Basics
The best way to protect your business from these cyber-attacks is by implementing proper crypto cybersecurity protocols and practices as well as being extra cautious with the applications and sites you use.
Most of the time, hackers give up if a business uses a high level of cybersecurity protection. Just as cybercrime is on the rise, so is the initiative to ensure that cryptocurrency exchanges become regulated and monitored in the safest way possible.
As many cyber criminals use techniques such as phishing emails, to gain access to user accounts, ensuring that you and your employees are focused on cybersecurity is the best and easiest way to start. For instance, being able to identify dangerous messages and avoiding potential malicious links is a solid step towards denying cyber criminals access to your company’s computer system and crypto wallets.
2. Consult the CCSS
The Cryptocurrency Security Standard (CCSS) lays out an open source set of requirements to standardize the techniques and methodologies used by cryptocurrency systems across the globe. The process includes 10 security aspects – including wallet creation, key storage, key usage and data sanitisation policy – and scores them across three levels. Security considered ‘level one’ proves that assets are protected with strong policies and procedures whilst those deemed ‘level three’ exceed security expectations and provide strictly enforced policies. Users should consult the CCSS to identify the best cryptocurrency systems to use and keep their currency safe.
3. Network Monitoring
Cryptojacking takes place in the background and can often go undetected for long periods of time. The best and easiest way to quickly identify if cyber criminals have infiltrated your system is through constant monitoring. Network monitoring tools can also aid in monitoring systems and send alerts if suspicious activities are spotted.
TSFactory’s RecordTS v6 will record Windows remote sessions reliably and securely for Microsoft RDS, Citrix and VMware systems as well as cloud environments such as Azure and AWS. Scalable from small offices with one server to enterprise networks with tens of thousands of desktops and servers, RecordTS integrates seamlessly with the native environment.