by Cindy Huynh
Security Experts Weigh in
Unfortunately, most of these thefts came from an attack on a cryptocurrency exchange or business. TechWire mentioned that hackers often hide malware on websites or weak infrastructure especially on cryptocurrency exchanges with inadequate security.
According to the report, cryptocurrency exchanges were the most vulnerable target to hackers and represented 27 percent of cryptocurrency-related attacks, followed by businesses at 21 percent, users at 14 percent and government resources at seven percent. Cryptocurrency exchanges ranked highest because malicious agents were able to leverage vulnerable problems in their security infrastructure and easily steal large amounts of data and drain victim’s wallet.
While the theft is in the billions, it does not come as much of a surprise considering Coincheck suffered a hack of over $500 million at the beginning of 2018. Just recently, South Korean cryptocurrency exchange Coinrail, while a significantly smaller exchange also lost approximately $40 million in cryptocurrencies.
Instead of targeting the network, many hackers are taking advantage of the lax security from exchanges. They deploy stealer malware and drain the exchange of vulnerable cryptocurrencies. Some hackers even leverage their access to data to undergo follow-up attack on the users.
The report mentioned that “unfortunately, new investors and traders looking to jump on the crypto bandwagon will exacerbate the opportunity for exploitation. We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to the evolving threat.”
Stealer Malware Popular among Cybercriminals
“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” said Rick McElroy, Carbon Black Security strategist.
“It’s not always these large nefarious groups, it’s in anybody’s hands.”
McElroy mentioned that malware purchases on the dark web often comes with customer service. “You just have to able to log in and be able to buy the thing – you can call customer support and they’ll give you tips,” he continued.
The malware costs on average $224, however, the security expert has seen some malware options as low as $1.04. The Carbon Black report stated that the available dark web marketplace, a marketplace that can only be accessed using specialized software, is currently a $6.7 million economy which is built from cryptocurrency-related malware development and sales.
While many thefts can come from huge crime groups targeting cryptocurrency exchanges and companies, McElroy stated that thefts can even emerge from an unemployed engineer who’s looking to make extra money on the side. “You have nations that are teaching coding, but there’s no jobs,” said McElroy. “It could just be two people in Romania needing to pay rent.”
In regards to the most vulnerable countries susceptible to cryptocurrency attacks, the US emerged first with 24 cryptocurrency attacks. China came in second with ten attacks, and the UK came in third with eight.