One of the questions that naturally arise for those working within the cybersecurity industry after the fall of the FTX exchange puts an end to the cryptocurrency crash of 2022, includes asking how it will affect the cybercrime economy as a result of this rapid decline in cryptocurrency valuations.
Cybercriminals have been using and abusing cryptocurrency ever since the most recent crypto boom began more than a decade ago to build up their empires and make money. Through the use of cryptocurrency, ransomware is creating a world where you can pay extortion and face jail time. By using cryptocurrency, scammers target consumers to steal their wallets and accounts. A wide range of cybercriminal enterprises has traditionally relied on this method to conceal the fact that they are laundering money behind the scenes in an anonymous manner.
Although many cybersecurity experts and intelligence analysts agree that there have been some changes in trends and tactics that they believe are loosely related to the crypto crash, the jury is still out on the effects of the crypto crash over the long run, and the jury is still out on how the crypto crash will affect the cyber world.
The Shifting Trends & Tactics of Cryptocurrencies in 2022
Despite the value of cryptos this year, cybercriminals have developed a more sophisticated strategy for monetizing their attacks with cryptocurrencies, according to Helen Short, Accenture cybersecurity intelligence analyst, who points to the use of yield farming within the field of decentralized finance, as an example of some ransomware groups making use of yield farming as a monetization method.
In other words, yield farming is similar to lending money, in that the amount of interest that has to be paid is clearly outlined in the contract that outlines the amount that has to be paid," she explains. As a ransomware group, the advantages are that they will be able to collect legitimate proceeds from the ransom and they will not be forced to launder or hide the funds."
In her analysis, she has found that threat actors have increasingly turned to 'stablecoins,' which are typically 'pegged' to fiat currencies or gold. This is to decrease the volatility of their wallets. Cryptocurrency is making headlines worldwide due to the recent downturn in its price. This has resulted in cybercriminals having a heightened appetite for risk, leading to more investment frauds and cryptocurrency scams being perpetrated.
In addition to some people losing their wallet value, others may have simply lost interest in keeping an eye on their accounts. They may have stopped paying as much attention to them. Brittany Allen, the team's trust and safety architect and fraud researcher, offers some insight into how this is fueling another trend. "Fraudsters are noticing that consumers are paying less attention to their crypto wallets than they were when crypto prices were higher earlier this year and in 2021, as a result of plummeting prices for cryptocurrency," she said. Consequently, cryptocurrency account takeover attacks have increased by 79% in the last few months.
According to the researcher, there is an increasing number of threat actors joining forces instead of being paid by each other for their specialist services. This reduces the costs of the attack as there is a set share of the proceeds included in the agreement.
Ransomware Will Not Go Away
As far as cybersecurity pundits are concerned, one thing that has been agreed upon almost unanimously is that ransomware will remain prevalent for some time despite the growing volatility of cryptocurrencies. Ransomware activity in 2022 has seen a slight decline compared to early 2022. Despite that, the threat intelligence analyst at Optiv, Aamil Karimi, said that there are other factors out of our control, such as the war in Ukraine. These factors contribute to the decrease in activity.
A significant regrouping of ransomware cartels has resulted in a decline in activity in recent years, which is more likely to be due to this than anything else. For as long as cryptocurrency is a popular extortion target, he believes extortion will remain a popular business model.
As of right now, cryptocurrency is the safest medium through which cybercriminals can act as a means of doing transactions. Cryptocurrency is the preferred payment method by extortion," Karimi says. The amount of cybercrime and extortionary activity will not slow down soon, as Karimi doesn't anticipate any slowdown."
The evolution to be expected in 2023
Cybercriminals may also evolve their techniques in response to increased friction between law enforcement and themselves about other types of attacks in addition to ransomware. This is a result of increased friction between the two organizations.
The most common among these is business email compromise (BEC), which does not require cryptocurrency.
It was determined in the FBI's annual IC3 report [PDF] that business email compromise was the most common method used by attackers to steal fiat coins. It is becoming increasingly easy and convenient for technology to mimic human writing, speech, and even live video. This is a result of advances in artificial intelligence, according to GreyNoise's Rudis. As businesses, ransomware groups have been around for a long time. Therefore, it makes sense to assume that they would use their technological skills to deploy more advanced BEC schemes in addition to their primary mission of stealing money.
At the same time, attackers are likely to continue advancing technology to stay one step ahead of the authorities. This is regarding the tracking and laundering of money, thereby staying one step ahead of the police.
"The number of attackers will increase, and they will try to obfuscate their illicit funds by breaking the sequence of blockchain transactions, which will become increasingly sophisticated," Short says. "We will likely see a professionalization of cryptocurrency mixers, such as Tornado Cash, with threat actors offering fast and high value 'cash out as-a-service offerings."
As a result, she believes that there will be an increase in demand for account takeovers to repurpose stolen accounts to create mule accounts as a way of cashing out on the back end of various scams by 2023, as it will increase the value of personally identifiable information (PII).