A Europol report has warned that while bitcoin remains top dog in the world of crypto-focused cybercriminal activity, so-called privacy coins like Monero (XMR) are set to take the leadership position shortly, which will come with a unique set of problems and risks to online security stakeholders.
The report states that the primary uses for cryptocurrencies in cybercrimes include Ransomware and cryptojacking. When a computer network or system is infected with Ransomware, the hackers send the network owners a wallet address to pay a specific amount of crypto into to reverse the effects of the malware on the computer. Cryptojacking by contrast, is more clandestine and subtle, infecting a network and using its processing power to mine cryptocurrencies at the expense of the network’s performance.
An excerpt from the report reads:
“While Bitcoin has lost its majority of the overall cryptocurrency market share, it still remains the primary cryptocurrency encountered by law enforcement. In a trend mirroring attacks on banks and their customers, cryptocurrency users and facilitators have become a victim of cybercrimes themselves. Currency exchanges, mining services, and other wallet holders are facing hacking attempts as well as extortion of personal data and theft. Money launderers have evolved to use cryptocurrencies in their operations and are increasingly facilitated by new developments such as decentralized exchanges which allow exchanges without any Know Your Customer requirements. It is likely that high-privacy cryptocurrencies will make the current mixing services and tumblers obsolete.”
Previously, Europol had issued warnings about crypto-related threats such as hacks, terror financing, and money laundering. The Internet Organised Crime Assessment 2018 (IOCTA) report warned that the anonymous nature of cryptocurrency makes it an increasingly popular choice for cybercriminals, either as a payment method for illegal goods purchased on Darknet marketplaces, or as a means of facilitating Ransomware-aided extortion rackets.
The Europol report also notes that while terror calls and terrorist groups have attempted to raise money using crypto, such attempts have mostly been unsuccessful, as testified recently to a US Congressional Committee by Yaya Fanusie, Director of Analysis for the
Foundation For Defense of Democracies’ Center on Sanctions and Illicit Finance.
Nevertheless, crypto remains worthy of note within the terror space, as ISIS reportedly purchased internet domains using Zcash. Europol recommends that European investigators should “build trust relationships with any cryptocurrency related businesses operating in their jurisdictions,” but it decries the rise of decentralized exchange platforms as a potential stumbling block to KYC and AML efforts.
On the subject of money laundering, the report states that offenders have learned to adapt their operations to include the use of cryptocurrencies. New developments like the rise of decentralized exchanges have helped them in this regard by making it possible to effectively sidestep all KYC requirements through a double-blind, trustless, peer-to-peer exchange system. These platforms, the report says, are likely to make current security efforts obsolete.
While not as much of an obvious threat as Ransomware or phishing, Cryptojacking can still have devastating effects on the computer network affected. By nature, Cryptojacking malware programs are parasitic, which means that they embed themselves in the infected system and then monopolize its processing power or CPU resources to solve the mathematical problems that earn block rewards.
It is also a very profitable scheme for cybercriminals because it requires minimal investment and creates a revenue stream from unsuspecting devices and networks. In some cases, the monopolization and overuse of system CPU power are so extreme that it leads to physical hardware failure. In other cases, it leads to reduced network speed and heightened power consumption.
In its quarterly “Threat Report,” McAfee labs recently revealed that cryptojacking case discoveries surged an astounding 629 percent in only the first quarter of 2018. A recent study put the number of UK businesses that have fallen victim to Cryptojacking at 59 percent.
According to the report, such attacks are only set to grow in frequency and become a “regular, low-risk revenue stream for criminals.” Privacy-focused coins like Zcash (ZEC) and Monero (XMR) are leading the charge, and they are also making up an increased proportion of currencies used in extortion and ransomware incidents.