Bitcoin is not only likely the future of money. It is the most common way money is siphoned away from people and organizations.
The world’s largest meat processor, JBS, announced that it recently paid $11 million in Bitcoin after a cyberattack forced the shutdown of its meat plants in the U.S., Canada, and Australia. This followed Colonial Pipeline which paid nearly $5 billion to continue providing gas services across the eastern US.
Cybercriminals recognize they can quickly hoard it and remain distant and anonymous while performing their crime, unless you attract the FBI and get them on your tail, that is.
The latest research on crypto cyberattacks
According to new research by Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, impersonation attacks relating to cryptocurrencies grew 192% between October 2020 and April 2021, aligning with the near 400% increase in the value of bitcoin over the same period.
Attackers are now expanding their range of cryptocurrency attacks from extortion and ransomware, to incorporating digital currencies into spear phishing, impersonation, and business email compromise (BEC) attacks.
Fleming Shi, CTO at Barracuda, said, “The increased digitalization of businesses has resulted in more data being created and stored in collaboration apps, and more information being exposed. This has created more targets and potential value for criminals.”
Impersonating employees within an organization, criminals target and personalize emails to get their victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency.
In 2019, ransom demands ranged from a few thousand dollars to $2 million at the top end. By mid-2021 most demands were in the millions, with a significant number over $20 mn.
“We have now seen, with our clients, ransoms paid in excess of 10 million dollars, with demands as high as 40, 50, and 60 million dollars,” said Oren Wortman, who handles cyber issues for the insurance brokerage firm Beecher Carlson.
Some insurance companies are no longer covering ransomware, or are imposing a range of restrictions, he added.
Correlation between crypto and crime
The increase in ransomware attacks is closely connected to the advent of cryptocurrency, FireEye CEO Kevin Mandia told CNBC recently.
“It’s no question it’s an enabler that you can break in anonymously and be paid anonymously, and now you can commit crime from 10,000 miles away in a safe harbor,” Mandia said.
And the crime happens in real-time, as people and law enforcement watch online, however, the parties in a transaction are anonymous, disguised with a random number.
“You see exactly the way the money moves from one address, and one wallet, to another,” said Yonatan Striem-Amit, CTO at Cybereason.
“However, there is no way for us to associate a person with these wallets. And a lot of people have not just one address, one wallet, but have dozens, hundreds.”
Hackers can keep moving the currency from one anonymous account to another. That makes it very difficult, though not impossible, to trace.
Consider the case of Colonial Pipeline The FBI recovered more than half the $4.4 million in ransom that Colonial paid to the hackers known as DarkSide, and believed to be based in Russia.
“The fact of the matter is, you see investigators and prosecutors solving cases where crypto was used as the technology of choice by criminals,” said Haun, who is also a former federal prosecutor who has investigated cybercrimes that involved cryptocurrency.
“When crypto is used for illicit activity, it leaves digital bread crumbs, and I can tell you that, firsthand, I used blockchain technology to actually solve crimes.”
And she may be right.
A majority of chief information security officers (CISOs) currently hold cryptocurrency to pay cybercriminals in the event of an attack.
When corporations shell out millions of dollars in cryptocurrency to pay a ransom, it tells cybercriminals that corporations are willing to negotiate and cooperate with their demands.
David Kennedy, a former NSA hacker turned founder and CEO of security firm TrustedSec, believes making it illegal for companies to pay ransomware payments in cryptocurrency would, over time, lead to a decline in such attacks.
But it is not so easy when your files are encrypted and essential services like gas, water or food are hijacked.
How can leaders shield their organizations from ransomware attacks?
They need to invest in preventative solutions.
24/7 Monitoring: Cybercriminals often strike on holidays or at 3 a.m. on a Sunday. That’s why you need to invest in a 24/7 security operations center (SOC) which can help you understand the current threat landscape and improve your readiness to respond if an attack occurs.
Endpoint Detection and Response Solutions: Endpoint detection and response (EDR) solutions are critical for cybersecurity, especially if your organization employs remote workers. EDR solutions use behavior-based algorithms and learning to detect and contain ransomware. The algorithms actively monitor for any odd behaviors and effectively stop them.
Security Training: Schedule and conduct cybersecurity training for all of your employees to include how to identify scams like phishing emails or phone calls that ask for network specifics or employee credentials. Once you’ve trained your employees, conduct phishing tests to ensure the training is working.
Business Continuity and Disaster Recovery (BC/DR) Planning: A BC/DR plan is vital to maintaining business operations. This plan should include backing up critical business systems and data so copies are available from at least one alternate location. Regularly update your plan and include specific procedures to follow when a cyberattack occurs.