Cryptocurrency malware now a $6.7 million industry
Even as the light side of the cryptocurrency industry matures, so does its dark side.
Invest in picks and shovels in a goldrush, the saying goes. For some this has taken the flavour of looking to invest in distributed ledger technology itself, for others it means the mining machines used to wrest certain digital currencies out of thin air, and for others still, it means the slowly blossoming dark web cryptocurrency malware market.
According to a new report from cybersecurity company Carbon Black, the cryptocurrency malware market is now a $6.7 million industry. It's just a blip on the radar next to even some of the smallest individual coins, but it's having a massively outsized impact with an estimated $1.1 billion of cryptocurrency being hacked away so far this year.
For the sake of perspective it's probably worth noting that a full half of that came from the single anomalous CoinCheck incident, and that it's about as much as is lost to the the small romance scam niche each year. By any objective measure, the amount lost to cryptocurrency scams is incredibly tiny given its unsafe reputation, which kind of highlights how far away it is from mass adoption. That's probably not much consolation for anyone who's lost their money to a crypto hack though.
The malware markets
Cryptocurrency has opened a lot of very useful new doors for scammers. The most valuable is probably the ability to directly receive money from victims anywhere in the world, which allows new twists on old scams. This can be seen with the infamously lucrative and hard-to-eliminate "send 0.1 Eth and get 1 back" Twitter bots, the "pay your tax with bitcoin" scam, good old ponzi schemes with a crypto twist and many more. It finally lets scammers cut out the iTunes/Amazon/Visa gift card middleman and directly solicit funds from victims.
It's also allowed scammers to minimise their contact with victims.
For example, the largest ever DDoS attack to date had a distinctly crypto twist, where the spam data that flooded the victim's servers was imbued with a ransom note demanding a 50 Monero payment, and giving the address.
But all of these existed in some form before cryptocurrency did.
Cryptojacking is one of the few completely new types of attack, quickly growing in popularity possibly thanks to its ability to provide a more steady income stream for attackers, rather than them relying on pulling in new fish constantly. The current cryptojacking state of the art might be the programs that kill off rival parasites to siphon off more computing power for themselves.
One of the other reasons cryptojacking has become so popular might be because it doesn't need much technical expertise. And in an effort to catch the same market of relatively tech-inexperienced hackers, the malware market – including ransomware, various scanners and similar – has grown with a range of increasingly user-friendly software.
Hacking from beginner to advanced
"It's surprising just how easy it is without any tech skill to commit cybercrimes like ransomware," said Carbon Black security strategist Rick McElroy. "It's not always these large nefarious groups, it's in anybody's hands."
Sometimes it even comes with customer service and tips or beginners, he notes.
"You just have to log in and be able to buy the thing — you can call customer support and they'll give you tips."
The average cost of the attacking software is $224 he said, and can be priced as low as $1.04. These types of programs have emerged as a $6.7 million economy.
Experienced attackers probably have a better success rate though, and there's no shortage of them either.
"You have nations that are teaching coding, but there's no jobs," McElroy said. "It could just be two people in Romania needing to pay rent."
A side-effect of this might be that they have plenty of time to master their craft. The most sophisticated attacks can net eye-watering sums of money, such as the $500 million CoinCheck hack. It's a world where one big score can set someone up for life, which means there's a lot of incentive for attackers to go where they know the money is.
This is typically exchanges, which are unsurprisingly the most popular targets, accounting for 27% of attacks so far in 2018. Businesses were the second most vulnerable group, making up 21% of those hacked, usually for the purposes of installing ransomware, which locks up the system until the ransom is paid.
On the most sophisticated and difficult end, the cryptocurrency space recently entered the age of 51% attacks, and the savvier hackers are quickly learning how to code attack systems to take advantage of it.
Bitcoin is the best known coin by far, but it's not the most popular option for attackers. In fact, only about 10% of attacks use bitcoin, while Ethereum was involved in 11%. Monero was the most popular and was involved in 44% of all attacks, largely because of its privacy and semi-untraceability, as well as its quite reasonable transaction fees.
Other privacy coins are similarly becoming a more common element in hack attacks. The constantly shifting coin preferences of attackers, along with the ability to pinpoint consumer preferences, and put a dollar value on the industry as a whole, might show that the dark side of cryptocurrency is an immature yet very quickly developing industry of its own.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, NANO