For years, cybercriminals have been experimenting with new ways to steal and extort money from victims. More recent trends involve the boom in cryptocurrency. Here, Tyler Moffitt, Senior Threat Research Analyst at Webroot, explores the relationship between cybercrime and cryptocurrency.

Basic ransomware attacks, where a cybercriminal demands payment in exchange for something they’ve taken from your computer, have been around since the mid-noughties. Early iterations would impersonate the FBI and demand payment to avoid exposure of nefarious activities they claimed victims had been doing. But as technology, digital currency and online payments have evolved, so have the tactics used by cybercriminals to extort money.

In the FBI scam days, the anonymous online market Silk Road was appearing and experimenting with Bitcoin as its chosen currency. The underground black market, hidden on the Dark Web, was the ideal place to acquire goods and conduct illegal activities away from law enforcement eyes. For years, the marketplace thrived and proved that Bitcoin worked well for monetary transactions and transfers.

All of that ended when the FBI seized Silk Road and arrested its founder in 2013. The site was shutdown and the value of Bitcoin took a sharp dip. However, it didn’t take long for Bitcoin to bounce back, and since then it has seen several booms that resulted in eyewatering values. But cybercrime has played its part.

Sophisticated encrypting ransomware (where hackers obtain access to precious files or photos and lock them down) entered the scene shortly after Silk Road’s demise. Initial attacks proved hugely successful, and new ransomware variants continued to emerge to infect millions of individuals and businesses around the world. While early editions accepted a range of payments, they actively encouraged the use of Bitcoin by offering a “discounted” ransom.This became the start of cybercriminals preferring cryptocurrency over preloaded cash cards.

As ransomware became the number one online threat, Bitcoin also saw a major increase in activity, in which the payment of ransoms will have played a contributing part. However, the public ledger system that Bitcoin is built upon meant that addresses were linked to criminal campaigns resulting in a number of arrests.

Thereafter, criminals looked to adapt and find an alternative digital currency. Monero might not have entered the mainstream until 2016, but it is slowly becoming the most usable cryptocurrency for criminals so far. Its private ledgers hide both the origin and amount of the transaction, making it completely untraceable. Criminals can freely send Monero to any address and then cash it out without the need to launder their ill-gotten gains. Monero is also unique in that it can be mined profitably using regular CPUs inside personal computers, and phones, instead of requiring specialised hardware, sparking yet another trend for criminals: cryptojacking.

In cryptojacking, cybercriminals don’t have to deliver a single piece malware to profit. Instead, cryptojacking targets websites to hijack visitors’ computer power to mine Monero for the site’s owner. This new trend has been gaining momentum since CoinHive first debuted the mining JavaScript in September 2017, and has even been used on legitimate websites as an alternative to serving up annoying sidebar ads. This isn’t money out of thin air, though as users are still liable for their computer’s power usage, the cost of which shows up in their electricity bill. While the spike in electricity bills may not be especially noticeable on an individual level, the cryptocurrency adds up fast for site owners who have a lot of visitors.

While CoinHive’s website explained that this was simply an ad-free way for website owners to generate enough income to pay for the servers, it’s clear cybercriminals are abusing the tactic. All a criminal needs to do is inject a few lines of code into a domain they don’t own then simply wait for victims to visit that webpage and generate clean profits in the form of cryptocurrency. In the first half of this year Webroot has blocked over 12m webpages compromised with the CoinHive JavaScript to mine Monero by hijacking site visitors’ CPU power.

The amount of labour and illegal footprint is minimal compared with ransomware, making cryptojacking today’s #1 threat.

Cybercriminals are always looking for new ways to get ahead. They utilise a vast range of tools to extort funds, and the evolution of cryptocurrencies has provided them with a low risk new means of pocketing funds from illegal activities.

To avoid falling foul of their schemes, users should ensure that they take security seriously. Think twice before opening that email or clicking that link, or you might find yourself an unwilling cryptocurrency investor.


Important Information: The views and opinions provided by City A.M.'s CryptO Insider are of those named in the article and should not be taken as investment advice. This communication is marketing material.