In the New “Wild West” Even “Small” Cryptocurrency Theft is Costing Billions

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Over the weekend, another cryptocurrency exchange was breached. This time it was “only” $40 million” in cryptocurrency. However, as a result cryptocurrencies overall lost more than $40 billion in value following the attack. That’s not a typo – a $40 million heist cost the market more than $40 billion dollars. Such is the nature of the new Wild West, where cryptocurrency is front and center in the cyber game and hackers can manipulate entire markets with a few clicks of a mouse.

If crypto mining, ICOs, cryptojacking and ransomware all represent the electronic “gold rush,” then this current wave of cyber crime represents the electronic equivalent of yesterday’s stick ups, bank, stagecoach and train robberies.

While cryptocurrencies are “new,” criminals have perennially remained motivated by one thing – money. If you were a cyber criminal why wouldn’t you? The chances of actually getting caught are minimal, at best. There is no modern day equivalent of the Pinkertons to safeguard your cryptocurrency through the desert while riding shotgun on a stagecoach. The entire supply chain of cryptocurrency is immature and ripe for attacks.

It’s not surprising that Carbon Black’s recent cryptocurrency report highlighted that cryptocurrency exchanges are the most vulnerable target for cybercriminals, with 27% of attacks targeting exchanges directly. Regulation is often country specific and, in most cases, no one is vetting the technology (or the people) who are running the exchanges, let alone their security programs and controls to protect themselves and their customers.

Some exchanges are better than others but would you trust your money to a bank with no safe? Or security guards? Or the FDIC? I highly doubt it. While cyber criminals target individuals, wallets, and systems to facilitate cryptotheft, most of the payoffs are small. Much like gangs of the American West, why rob each person when you can rob the train or stage coach carrying all of the town’s money? One attack can yield the worth of hundreds or thousands of others, so why not go after where all the money is, especially when the risk is low?

“I rob banks because that’s where the money is,” – Bank Robber Willie Sutton

In regards to cryptocurrency and markets, there is a bigger conversation to be had. Cyber criminals rob banks because that’s where the money is. They are motivated by the pay off. There is nothing really new about that. However, when it comes to the new Wild West, it becomes entirely possible to monetize on attack a number of different ways.

Monetization 1. Breach the exchange and abscond with as much cryptocurrency as possible

Monetization 2. Coordinate a short on one of the various cryptocurrencies knowing the volatility of the market will yield a big drop in the current price after an attack is successful.

Monetization 3. Buy a bunch of now decreased-in-price coin and ride the recovery.

That’s three crimes and three ways to make money for the cost of one single attack.  

We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to this evolving threat. These cryptocurrencies represent an alternative and lucrative funding stream, which is especially true for criminals, as well as nation-states desperately seeking to subvert sanctions. These will continue to fund future attacks. TTPs will evolve and adapt quickly, along with the dark web marketplaces that fuel the illicit economy, which is worth millions.

If attackers are simplify “following the money,” in this new Wild West, defenders should be evolving accordingly. Follow the money.

 

The post In the New “Wild West” Even “Small” Cryptocurrency Theft is Costing Billions appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
69 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel