Cryptocurrencies - Risks associated with them and Cyber Investigations
The threat from cybercriminals is serious - and growing, but this is nothing new. Cyber intrusions are a serious problem because they are more frequent, more dangerous, and more advanced. Our team of investigators licensed to investigate cybercrime is taking the lead in investigating cyber-attacks by criminals, foreign opponents, and terrorists. Although he possesses and uses many of the same skills as a computer forensics investigator, a cybercrime investigator is more focused and skilled in investigating crimes that use the Internet as the primary vector of attack. Education and experience give results.
An increasingly popular digital payment system that does not rely on banks to verify transactions - cryptocurrency, has enabled anyone and anywhere to send and receive payments. Instead of being physical money being transferred and exchanged in the real world, cryptocurrency payments exist solely as digital entries in an online database that describe specific transactions. When you transfer cryptocurrency funds, transactions are recorded in the public ledger. Cryptocurrency is stored in digital wallets.
Cryptocurrency got its name because it uses encryption to verify transactions. This means that advanced encryption is involved in storing and transferring cryptocurrency data between wallets and public books. The goal of encryption is to provide security and safety.
Unfortunately, crime with cryptocurrencies is on the rise. Cryptocurrency scams include:
Fake Websites: Fake websites that contain fake testimonials and crypto jargon that promise huge, guaranteed returns, provided you continue to invest.
Virtual Ponzi Schemes: Cryptocurrency criminals promote non-existent opportunities to invest in digital currencies and create the illusion of huge returns by repaying old investors with the money of new investors. One fraud operation, BitClub Network, raised more than $ 700 million before its perpetrators were indicted in December 2019.
Celebrity Recommendations: Online scammers present themselves as billionaires or celebrities who promise to multiply your investment in virtual currency, but instead steal what you send. They can also use messaging apps or chat rooms to spread rumors that a well-known businessman supports a particular cryptocurrency. Once they encourage investors to buy and raise the price, fraudsters sell their shares and the currency depreciates.
Romantic Scams: A trend of online dating scams, where scammers persuade people they meet in meeting apps or social media to invest or trade virtual currencies. Our center for Complaints on Internet Crime has published more than 1,800 reports of love scams aimed at cryptocurrencies in the first seven months of 2021, with losses reaching $ 133 million.
Otherwise, fraudsters can present themselves as legitimate traders in virtual currencies or set up fake stock exchanges to trick people into giving them money. Another crypto fraud involves fraudulent sales proposals for individual retirement accounts in cryptocurrencies. Then there is the simple hacking of cryptocurrencies, where criminals break into digital wallets where people keep their virtual currency to steal it.
Is cryptocurrency safe?
Cryptocurrencies are usually built using blockchain technology. Blockchain describes the way transactions are recorded into "blocks" and time stamped. It's a fairly complex, technical process, but the result is a digital ledger of cryptocurrency transactions that's hard for hackers to tamper with.
In addition, transactions require a two-factor authentication process. For instance, you might be asked to enter a username and password to start a transaction. Then, you might have to enter an authentication code sent via text to your personal cell phone.
While securities are in place, that does not mean cryptocurrencies are un-hackable. Several high-dollar hacks have cost cryptocurrency start-ups heavily. Hackers hit Coincheck to the tune of $534 million and BitGrail for $195 million, making them two of the biggest cryptocurrency hacks of 2018. Unlike government-backed money, the value of virtual currencies is driven entirely by supply and demand. This can create wild swings that produce significant gains for investors or big losses. And cryptocurrency investments are subject to far less regulatory protection than traditional financial products like stocks, bonds, and mutual funds.
What can you buy with cryptocurrency?
When it was first launched, Bitcoin was intended to be a medium for daily transactions, making it possible to buy everything from a cup of coffee to a computer or even big-ticket items like real estate. That hasn’t quite materialized and, while the number of institutions accepting cryptocurrencies is growing, large transactions involving them are rare. Even so, it is possible to buy a wide variety of products from e-commerce websites using crypto. Here are some examples:
Technology and e-commerce sites - Several companies that sell tech products accept crypto on their websites, such as newegg.com, AT&T, and Microsoft. Overstock, an e-commerce platform, was among the first sites to accept Bitcoin. Shopify, Rakuten, and Home Depot also accept it.
Luxury goods - Some luxury retailers accept crypto as a form of payment. For example, online luxury retailer Bitdials offers Rolex, Patek Philippe, and other high-end watches in return for Bitcoin.
Cars - Some car dealers – from mass-market brands to high-end luxury dealers – already accept cryptocurrency as payment.
Insurance - In April 2021, Swiss insurer AXA announced that it had begun accepting Bitcoin as a mode of payment for all its lines of insurance except life insurance (due to regulatory issues). Premier Shield Insurance, which sells home and auto insurance policies in the US, also accepts Bitcoin for premium payments.
If you want to spend cryptocurrency at a retailer that doesn’t accept it directly, you can use a cryptocurrency debit card, such as BitPay in the US.
How to store cryptocurrency
Once you have purchased cryptocurrency, you need to store it safely to protect it from hacks or theft. Usually, cryptocurrency is stored in crypto wallets, which are physical devices or online software used to store the private keys to your cryptocurrencies securely. Some exchanges provide wallet services, making it easy for you to store directly through the platform. However, not all exchanges or brokers automatically provide wallet services for you.
There are different wallet providers to choose from. The terms “hot wallet” and “cold wallet” are used:
Hot wallet storage: "hot wallets" refer to crypto storage that uses online software to protect the private keys to your assets.
Cold wallet storage: Unlike hot wallets, cold wallets (also known as hardware wallets) rely on offline electronic devices to securely store your private keys.
Typically, cold wallets tend to charge fees, while hot wallets don't.
How to buy cryptocurrency?
You may be wondering how to buy cryptocurrency safely. There are typically three steps involved. These are:
Step 1: Choosing a platform
The first step is deciding which platform to use. Generally, you can choose between a traditional broker or a dedicated cryptocurrency exchange:
Traditional brokers. These are online brokers who offer ways to buy and sell cryptocurrency, as well as other financial assets like stocks, bonds, and ETFs. These platforms tend to offer lower trading costs but fewer crypto features.
Cryptocurrency exchanges. There are many cryptocurrency exchanges to choose from, each offering different cryptocurrencies, wallet storage, interest-bearing account options, and more. Many exchanges charge asset-based fees.
When comparing different platforms, consider which cryptocurrencies are on offer, what fees they charge, their security features, storage and withdrawal options, and any educational resources.
Step 2: Funding your account
Once you have chosen your platform, the next step is to fund your account so you can begin trading. Most crypto exchanges allow users to purchase crypto using fiats (i.e., government-issued) currencies such as the US Dollar, the British Pound, or the Euro using their debit or credit cards – although this varies by platform.
Crypto purchases with credit cards are considered risky, and some exchanges don't support them. Some credit card companies don't allow crypto transactions either. This is because cryptocurrencies are highly volatile, and it is not advisable to risk going into debt — or potentially paying high credit card transaction fees — for certain assets.
Some platforms will also accept ACH transfers and wire transfers. The accepted payment methods and time is taken for deposits or withdrawals differ per platform. Equally, the time taken for deposits to clear varies by payment method.
An important factor to consider is fees. These include potential deposit and withdrawal transaction fees plus trading fees. Fees will vary by payment method and platform, which is something to research at the outset.
Step 3: Placing an order
You can place an order via your broker's or exchange's web or mobile platform. If you are planning to buy cryptocurrencies, you can do so by selecting "buy," choosing the order type, entering the number of cryptocurrencies you want to purchase, and confirming the order. The same process applies to "sell" orders.
There are also other ways to invest in crypto. These include payment services like PayPal, Cash App, and Venmo, which allow users to buy, sell, or hold cryptocurrencies. In addition, there are the following investment vehicles:
Bitcoin trusts: You can buy shares of Bitcoin trusts with a regular brokerage account. These vehicles give retail investors exposure to crypto through the stock market.
Bitcoin mutual funds: There are Bitcoin ETFs and Bitcoin mutual funds to choose from.
Blockchain stocks or ETFs: You can also indirectly invest in crypto through blockchain companies that specialize in the technology behind crypto and crypto transactions. Alternatively, you can buy stocks or ETFs of companies that use blockchain technology.
The best option for you will depend on your investment goals and risk appetite.
What are all the examples of cryptocurrencies?
There are thousands of cryptocurrencies. Some of the most famous include:
Bitcoin: The first cryptocurrency was Bitcoin, which was founded in 2009 and is the most famous today. A big part of the interest in cryptocurrencies is trading for profit, and speculators occasionally raise prices. The currency was developed by Satoshi Nakamoto - who is believed to be a pseudonym for an individual or group of people whose exact identity remains unknown.
Ethereum: Developed in 2015, Ethereum is a blockchain platform with its own cryptocurrency, called Ether (ETH) or Ethereum. It is the most popular cryptocurrency after bitcoin.
Litecoin: This currency is most similar to bitcoin, but has moved faster towards the development of new innovations, including faster payments and processes that enable more transactions.
Ripples: Ripple is a distributed book system founded in 2012. Ripple can be used to track various types of transactions, not just cryptocurrencies. The company behind it cooperated with various banks and financial institutions.
Non-Bitcoin cryptocurrencies are collectively known as "altcoins" to distinguish them from the original.
How does cryptocurrency work?
Cryptocurrencies run on a distributed public ledger called blockchain, a record of all transactions updated and held by currency holders.
Units of cryptocurrency are created through a process called mining, which involves using computer power to solve complicated mathematical problems that generate coins. Users can also buy the currencies from brokers, then store and spend them using cryptographic wallets.
If you own cryptocurrency, you don’t own anything tangible. What you own is a key that allows you to move a record or a unit of measure from one person to another without a trusted third party.
Although Bitcoin has been around since 2009, cryptocurrencies and applications of blockchain technology are still emerging in financial terms, and more uses are expected in the future. Transactions including bonds, stocks, and other financial assets could eventually be traded using the technology.
Why Are Cryptocurrencies Appealing to Cybercriminals?
Cryptocurrencies have inherently low levels of regulation and are not governed by a central authority, meaning transactions cannot be closely monitored. This makes them a haven for criminal activity around the globe. Cryptocurrencies can easily carry millions of dollars across borders without detection.
Pseudonymous: Neither transactions nor accounts are connected to real-world identities, so it’s easy for cybercriminals to remain unidentified when they use crypto. Payments are made from “Bitcoin addresses,” and individuals can easily create new addresses. While it is usually possible to analyze the transaction flow, it is not an easy task to connect the real-world identity with the owners of those addresses.
Fast and global: Crypto transactions are propagated nearly instantly in the network and are confirmed in a couple of minutes. Since they happen in a global network of computers, they are completely indifferent to a physical location. It doesn’t matter if you send Bitcoin to your neighbor or to someone on the other side of the world.
Cryptocurrencies have become the most popular means of payment on the dark web because they allow traders and buyers to remain anonymous. Alternative currencies such as Monero and Verge, which are privacy-focused and offer even greater anonymity than Bitcoin, have become favorites for criminal activities on the Darknet. There’re several types of cyberattacks where cybercriminals are taking advantage of cryptocurrencies. They include ransomware, DDoS extortion, crypto-jacking, and cryptocurrency exchange hacks.
One of the biggest cybersecurity trends in history, ransomware is designed to extort money by encrypting user data. This type of malware typically displays an on-screen message offering to restore access after the victim pays a ransom. Typically, cybercriminals demand payment in the form of Bitcoin or other digital currency. Thus, the attackers are virtually impossible to track down.
2017 was the biggest year for ransomware attacks – global outbreaks of the notorious WannaCry and NotPetya ransomware that brought down many large organizations. 2017 was also the year when the price of Bitcoin skyrocketed from below $1,000 to nearly $20,000, reaching its all-time high of $19,783.21 on Dec. 173. Coincidence? We don’t think so.
DDoS extortion (DDoS or ransom-driven DDoS) campaigns have become very common and are driven, in part, by their ability to use cryptocurrency payments, which make it difficult for investigators to track the money as it flows from victims to criminals.
The tactic is the following: cybercriminal blackmails organizations by asking them to pay Bitcoin to avoid their site or service being disrupted by a DDoS attack. Many hackers are motivated by the potential for financial gain and the ease at which such attacks can be performed. Extortion is one of the oldest tricks and one of the easiest ways for hackers to profit.
A prominent group that carried out a lot of activity using the 'DDoS-as-an-extortion' technique was DD4BC (short for "DDoS for Bitcoin"), which first emerged in 2014 and was arrested by Europol in 2016. In October 2019, a fake "Fancy Bear"4 groups were sending ransom demands to banks and financial organizations across the world, threatening to launch DDoS attacks. In some cases, the cybercriminals did carry out small DDoS attacks to demonstrate their capabilities and validate the threat, but no serious follow-up attacks have been observed.
Cryptojacking shook up the threat landscape in 2017 and 2018 when cryptocurrency prices surged to record levels. It also made a comeback during the summer of 2019. The primary reason for this was the general revival of the cryptocurrency market, which saw trading prices recover after a spectacular crash in late 2018.
The attack consists of hackers using the computing power of a compromised device to generate (“mine”) cryptocurrency without the owner’s knowledge. The types of devices vulnerable to crypto-jacking are not limited to smartphones, servers, or computers. IoT devices can be infected as well. The main effects of crypto-jacking for users include device slowdown; overheating batteries; increased energy consumption; devices becoming unusable, and reduction in productivity.
There’re two main types of cryptomining - passive cryptomining through scripts running in a victim’s internet browser, and more intrusive crypto-jacking malware. Both techniques exploit a victim’s processing power, without their permission, to mine cryptocurrencies.
In the beginning, malware operators deployed Bitcoin-based cryptominers, but as Bitcoin became harder to mine on regular computers, they shifted to other altcoins. Due to its anonymity-centric features, Monero slowly became a favorite currency among cybercriminal gangs.
The closure of Coinhive, the most popular mining script, in March 2019 led to a decline in the frequency of browser-based cryptomining. However, attacks against consumers and organizations continue to happen and evolve. There are reports of crypto-jacking malware both going ‘file-less’ and incorporating the Eternal Blue exploit in order to replicate and propagate themselves over a network, like a worm virus.
Cyber risk has never been completely independent of world politics and international affairs, but in recent weeks, there has been a significant shift in alignment. The domain of physical war has closer ties to the digital sphere than ever before. As part of efforts to manage elevated cyber risk, it is vital to understand the short-term impact and longer-term risk of current events, and where the focus should be placed to achieve the best defense.
Last year saw a record number of Common Vulnerabilities and Exposures (CVEs) that exist within the software used in many products and systems. Attackers know this too and will look to exploit them as part of their campaigns. This activity by cyber criminals is commonplace, for example, there was a 356% rise in CVEs or zero-day vulnerabilities being exploited for initial access in Q4 2021 compared to Q3 2021. Evaluating the latest threat intelligence is critical for prioritizing patching of known vulnerabilities. Threat actors are likely to have similar motivations in times of war and peace. Disruption is a common theme, and financially motivated threat actors are likely to focus on business email compromises, ransomware attacks, and extortionist campaigns. It is wise to strengthen detection and response capabilities given the multitude of ways that systems can be compromised.
Critical infrastructure, such as power or water treatment plants and financial institutions, could have a higher likelihood of attack. Organizations in these industries will likely already have comprehensive threat monitoring technology and incident response plans. If they don’t, they should begin bolstering their defenses.
There has already been a persistent shift in dynamics among threat actors. The fluctuating pledges of allegiance among cybercriminal groups, as well as in-fighting and rising factions, are likely to continue as battle lines are drawn in both the physical and virtual worlds.
A further longer-term consequence could be an increase in new actor-controlled ransomware sites and new ransomware variants as groups reorganize, regroup and adapt. This is similar to what typically happens when cyber groups are disrupted by law enforcement. The unpredictable nature of cyber threats is one of the most important reasons to strengthen detection and response capabilities: you may not know what suspicious activity you’re looking for until you detect it, and you must be able to quickly respond when that happens.
How to protect against ransomware
To avoid getting infected, follow basic safety practices in everyday life, e.g. do not open suspicious email attachments, do not click on unknown links, make regular offline backups, install software updates when they become available, etc. For more tips, see our guide.
Avoid installing "free" apps from unofficial sources - other than the Google Play Store or App Store.
Never click on suspicious email links unless you know who sent them to you. Email is the most popular vector for infecting computer systems with malware.
Use strong passwords for computers, mobile, and IoT devices, and Wi-Fi networks.
Regularly patch the operating system and software.
Look for the following symptoms of infection: slowing down of the device, increase in CPU usage, overheating of the battery to the point that the phone does not react. However, this is not always the case - some malware can be configured to limit the use of the CPU / GPU, reducing its impact and thus avoiding detection by not leaving the phone completely useless.
To avoid this threat, users should check whether their telecom operator offers a security service for cyber protection of mobile and home devices that can block it.
To protect enterprise assets from cryptocurrencies and other security threats, a multi-layered security approach that combines prevention and detection is the best practice. Prevention of blocking unauthorized access is a general requirement, but in particular, businesses should include visibility and control of a network that can detect and block crypto websites, applications and protocols, and other risky applications that can serve as hidden channels for cybercrime activities.
Against DDoS extortion
Our cyber investigations experts do not recommend paying a ransom - there is no guarantee that the attack will come or that the payment will prevent it. In many cases, such attacks are "empty" threats - their authors use intimidation tactics in the hope of tricking victims into paying, and ransom letters are not accompanied by any serious attacks or disruptions to the service. Organizations should consider installing DDoS security solutions that automatically detect and block even the smallest DDoS attacks.
How to Focus Your Cyber Defense Strategy
From a national defense standpoint, numerous government agencies have repeatedly warned the private sector to strengthen their cyber defenses. Consequently, many senior teams are understandably worried about the threat of cyberattacks.
While no one can guarantee their company won’t be compromised in a cyberattack, there are precautions organizations can take to reduce the risk and mitigate the impact of an attack. A strong foundation starts with the basics, and this is where boards, senior executives, and their security teams should be focusing.
Rather than asking security teams if the company is vulnerable to attack or if it could withstand an attack, the question should address if the company has people with the skills, resources, and bandwidth to make the company as resilient as possible. Security teams will know where vulnerabilities are and what needs to be done to plug the gaps, but they may need some extra support to execute it in the current threat climate.
Our advice to companies concerned about the current heightened threat environment is to trust your security teams to ensure basic security measures are done well and to identify areas of risk. Security teams may require assessments and testing to help them identify vulnerabilities, which is often best outsourced to an expert for independent verification.
Beyond this, the current environment should encourage teams to re-visit their incident response plans, most importantly ensuring that incident response plans are readily available, even if an incident were to occur and systems were taken offline.
If you are a victim of cybercrime, contact us by filling out the online contact form on our website or by calling the number +41 44 586 60 33
Swiss Detective Agency
T. +41 44 586 60 33