As Crypto Prices Surge, so Does Crypto Crime
To say cryptocurrency is on a roll would be a gross understatement. This is especially true when you consider the $1.5 billion purchase made by Tesla and its founder, Elon Musk. As the price of Bitcoin and other digital currencies increase so does the temptation to steal it.
The U.S. Justice Department recently alleged that hackers associated with the military in North Korea were scheming to steal real money and crypto as part of a much larger plot involving Sony Pictures. Once the indictment was unsealed, the Federal Bureau of Investigation, as well as the Department of Homeland Security, issued a warning suggesting hackers were “upping their game” to steal cryptocurrency.
However, it’s not just North Korea stealing digital wallets worth millions of dollars. Those perpetrating cybercrimes are seeing targets in individuals and businesses as well. Cryptojacking, which is the surreptitious use of computer power of unsuspecting victims, is on the rise.
Chester Wisniewski, a principal researcher at cybersecurity firm Sophos, said, “We have seen in the past. There is a good correlation between the current price of bitcoin and the level of cryptojacking activity.”
Experts in computer security say there are ways to reduce vulnerability to attack. A primary method is to follow established cybersecurity rules, starting with secure passwords.
Millions are Being Lost to International Cybercriminals
North Korea, as well as Iran, are currently under sanctions by the United States. These rogue states have started to rely on cyberattacks against digital wallets as a way to enhance their county’s coffers.
After the Justice Department indictment was unsealed, John Demers, a federal prosecutor, told reporters, “Rather than use guns, operatives in North Korea are using keyboards to steal cryptocurrency.” By using a computer rather than a gun, these individuals have become the world’s leading bank robbers.
It is being alleged by federal prosecutors that North Korean hackers are targeting crypto companies. The indictment notes that 10s of millions in cryptocurrency are being stolen, including a 2020 heist of $11.8 million from a New York-based financial services company. The cyber-thieves are using malware as a backdoor into unsuspecting victim’s computers.
The malware is used to steal private keys. According to the indictment, in 2017, hackers stole $75 million from a cryptocurrency company in Slovenia. The following year, hackers stole $24 million from an Indonesian cryptocurrency company.
The malware goes by several names, and, according to Yehuda Lindell, CEO of Unbound Tech, it is very sophisticated. The malware impersonates a legitimate suite of software. Lindell said holders of crypto assets may not click an unfamiliar link, but they are more inclined to update software that appears to emanate from a trading platform.
Once installed, the malware has access to keys the owner has done. With the keys, the same software can do whatever it wants to steal funds. Once the funds are stolen, there is little hope of ever getting them back.
To exacerbate the problem, not all crypto exchanges have the same security posture when compared to banks. Lindell went on to say that with a very high incentive, the methods being employed to steal are becoming increasingly sophisticated. Unlike credit card numbers and password hacks that require additional steps to convert something of value, cryptotheft is “direct money.”
According to reports, between 2011 and 2020, hackers have stolen $7.6 billion in cryptocurrency.
Consumers and Businesses Are Seeing a Rise in Cryptojacking
Cybercriminals are going beyond attacking crypto wallets. These individuals are launching cryptojacking activities against consumers and businesses as well to mine Bitcoin and other cryptocurrencies. The criminal infiltrates and uses the resources of the target’s machine system as a substitute for making a substantial investment in developing their computing power.
Signs of an attack include a drop in system performance and the consumption of an unusually large amount of energy. When hackers use an average victim’s computer at “full throttle,” it will be noticed. The more sophisticated hacker will avoid using these computers, rather he or she will attack large businesses using cloud platforms such as Microsoft’s Azure or Amazon’s AWS.
With the increasingly blatant theft from a digital wallet, Lindell suggests people and companies alike invest in professional security. Protecting cyber assets as one protects his or her bank account is not enough.