Experts weigh in on what to expect.
With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cybersecurity world is, how will this rapid decline of cryptocurrency valuations change the cybercrime economy?
Throughout the most recent crypto boom, and even before then, cybercriminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it’s a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it’s provided a ton of anonymous cover for money laundering on the back end of a range of cybercriminal enterprises.
Even so, according to cybersecurity experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury’s still out on long-term impacts.
Shifting Crypto Trends & Tactics in 2022
Regardless of crypto values, cybercriminals this year have become more sophisticated in how they use cryptocurrencies to monetize their attacks, says Helen Short, a cyber-threat intelligence analyst for Accenture, who points to the use by some ransomware groups taking advantage of yield farming within decentralized finance (DeFi), as an example.
“The concept of yield farming is the same as lending money, with a contract clearly showing how much interest will need to be paid,” she explains. “The advantage for ransomware groups is that the ‘interest’ will be legitimate proceeds, so there will be no need to launder or hide it.”
Her analysis has shown that threat actors increasingly turn toward ‘stablecoins,’ usually tied to fiat currencies or gold, to stem their volatility. She says that in many ways, the downturn in crypto values has increased the risk appetite of cybercriminals and is spurring them into more investment fraud and cryptocurrency scams. “Threat actors are also playing on people’s desperation to recoup their losses,” she says.
While some consumers who have lost their wallet value may be desperate, others have lost their interest and aren’t watching their accounts as closely, which is driving another trend, says Brittany Allen, trust and safety architect and fraud researcher at Sift.
“Plummeting crypto prices have led to consumers paying less attention to their crypto wallets than they were early this year and in 2021, and fraudsters noticed,” Allen says. “This has led to a 79% rise in crypto account takeover attacks.”
By the point of example, she explains that her team discovered a new type of crypto cash-out scam this year on Telegram and Dark Web forums, where account takeover fraudsters teamed up to target the crypto market during the crash.
“In this scheme, cybercriminals use stolen wallets, bank accounts, or crypto exchange accounts to move or launder illicitly obtained funds. Fraudster A will advertise their access to stolen funds on Telegram, then find another fraudster who specializes in crypto account takeover and KYC (know your customer identity verification) bypass methods,” she says. “Once Fraudster B offers access to stolen wallets or crypto exchanges, Fraudster A sends the stolen funds to Fraudster B’s accounts, where they funnel the money out and split the profits. Each party takes a risk trusting the other, but if successful, they stand to make tens of thousands of dollars each.”
This is in line with another shift in cybercriminal tactics in 2022 that Short has witnessed. It’s not necessarily a response to cryptocurrency devaluation but a business model shift to maximize revenue.
“We’re seeing threat actors partner to facilitate an attack rather than pay each other for their specialist services. This reduces the overall cost of the attack as the agreement is a set cut of the proceeds,” she says.
Ransomware Is Here to Stay
One point that cybersecurity pundits are almost unanimous on is that even with a ton of cryptocurrency volatility, ransomware isn’t going anywhere. There was a slight downturn in ransomware activity in 2022, but according to Aamil Karimi, threat intelligence analyst at Optiv, that’s more attributable to other variables like the war in Ukraine.
There was some significant regrouping of ransomware cartels that were more likely to result in the decline of activity than anything else. He says cryptocurrency will still be a favored extortion demand for a long time.
“It’s likely cryptocurrency will still be the payment of choice demanded in extortionary incidents. As of right now, it’s the safest medium for cybercriminals to conduct transactions,” Karimi says. “I don’t estimate any slowdown in cybercriminal or extortionary activity.”
Bob Rudis, vice president of data science for GreyNoise Intelligence, agrees. There are too many soft ransomware targets ripe for attack for criminals to ignore, Rudis says. And it’s okay if they lose any money with lower currency values since they are the ones setting the ransom, and they’re likely to convert it into tangible funds before further volatility impacts the total.
“Attackers care not if they receive one or a hundred units of a given cryptocurrency when asking for, say, USD 100,000,” Rudis says. “They have the means, markets, and processes to convert any ill-gotten crypto gains into something more tangible and will likely always be one step ahead of law enforcement and market regulators.”
Despite headline stories about authorities using crypto mechanisms to hurt adversaries financially, Rudis says there are “still real law enforcement hurdles to curb that flow,” which is why he believes cryptocurrency will still be heavily used for cybercriminal money laundering for some time to come.
Not everyone sees it the same way, though. Short of Accenture points out that law enforcement this year has increasingly taken a real bite out of the crooks’ bottom line through claw-back transactions, seizures, and more.
“Law enforcement took aggressive measures in 2022, including fund seizures, sanctions, and high-profile arrests,” she says. “It is becoming harder to launder and cash out illicit funds, resulting in the trend of threat actors exchanging ‘dirty cash’ for other services as they cannot get the illicit funds out.”
Ryan Kovar, a distinguished strategist, and leader of Splunk’s SURGe research team, also points out that perhaps the cybercrime impact of the crypto crash of 2022 will have less to do with a potential future divestment of cryptocurrency in cybercriminal enterprises than it will with changes in the crypto market’s perceived anonymity.
“Ransomware gangs are going to move away from cryptocurrency not because of financial instability, though that’s a factor, more due to the traceability,” Kovar says. “Ultimately, crypto is not anonymous.”
He adds, “If you’re a criminal who lives in a country that supports, sponsors, or doesn’t care about cybercrime, then you’re probably not getting prosecuted easily unless you tick people off.”
Evolution to Expect in 2023
Experts also believe that increased law enforcement friction will likely influence the evolution of cybercriminal operations around other types of attacks beyond ransomware. Especially proven ones that don’t depend on cryptocurrency, like business email compromise (BEC).
“The FBI’s annual IC3 report [PDF] shows business email compromise (BEC) to be top of the list when it comes to attackers banking fiat coin. “Ransomware groups are, first and foremost, businesses, and it would seem logical to assume they’d also apply their technical skills to conduct more advanced BEC schemes. Advanced technology that mimics writing, speech, and even live video of humans is now almost trivial to use and will evolve rapidly in quality,” GreyNoise’s Rudis says.
In the meantime, attackers will also likely keep advancing technology to stay ahead of the authorities concerning traceability and laundering.
“Attackers will become more sophisticated, breaking the sequence of blockchain transactions to try and obfuscate their illicit funds,” Short says. “We will likely see a professionalization in cryptocurrency mixers, such as Tornado cash, with threat actors offering fast and high value’ cash out as-a-service offerings.”
She believes that in 2023, this could drive up the value of personally identifiable information (PII), as it will further push the demand for account takeovers to create mule accounts for cashing out on the back end of various scams.
“Cybercriminals will likely continue to convert to stable assets to secure value,” she says, “and we will see an increase in threat actors using more privacy-focused cryptocurrencies that are harder for law enforcement to trace.”
Although the material contained in this website was prepared based on information from public and private sources that ampraider.com believes to be reliable, no representation, warranty, or undertaking, stated or implied, is given as to the accuracy of the information contained herein, and ampraider.com expressly disclaims any liability for the accuracy and completeness of the information contained in this website.