Get Rich Quick or Reboot Trying: The State of CyberCrime in 2014
In a world where even money has gone digital, it’s no surprise that criminals have gone there too. Online alley muggings that turn netizens’ computers into spam- or click bots happen every single day.
Digital conmen who craft intricate phishing sites designed to steal credentials lurk around every corner. Malware like Zeus or Zberp or Dyre can now automate credential theft with man in the middle attacks – no fake banking page required. And even the big names, names like eBay and Microsoft, are not invulnerable to breaches or bugs that enable identity theft and zero day attacks.
All of these are the street crimes of our virtual world, which happen on a daily basis, whether we personally experience them or not. Just like in the real world, though, there’s more to cybercrime than petty theft and thugs. In fact, there’s actually quite more to it than that.
Call it intelligent, call it high level, call it “organized (cyber)crime,” if you will – but whichever name you give it, digital money theft has reached new levels of effectiveness in 2014. As commerce has now become almost ubiquitously virtual, large scale attacks from organized cyber gangs that used to only affect governments and corporations are now entering the consumer realm. And in all cases the connection is cash.
Ransom where? Yeah, on your Computer.
An information economy relies on information. Likewise, a criminal that can take that information and hold it for ransom stands much to gain. 2013 may have been the year when criminals first figured this one out, but 2014 has been the year of ransomware’s optimization. Ransomware is malware that locks, or encrypts, your computer files so that you cannot access them. It then demands payment for recovery – usually around $600!
What has been so alarming about ransomware in 2014 is its enhanced distribution and resiliency. Some of the top 2014 ransomware headlines may have indeed been the international takedown of the CryptoLocker botnet and even the decryption of CryptoDefense; however, even after such roadblocks the criminals behind these creations reemerged with a new, un-crackable variant called CryptoWall in a mere matter of months.
Since then, CryptoWall has become the largest and most destructive ransomware threat on the Internet, encrypting 5.25 billion files and earning over 1.1 million U.S. dollars. The targets? Everyday people and employees who simply open the wrong email attachment at the wrong time.
Don’t know what Bitcoin is? Doesn’t matter.
This brave new world of digital currency is more than just PayPal. Cryptocurrencies like Bitcoin involve thousands of people and millions of dollars. Since it can be used anonymously, Bitcoin allows criminals to purchase illicit goods on black markets, and it’s also the currency of choice for ransomwarers. On top of this, cryptocurrency’s entirely virtual nature has in some ways made it much easier to steal than cash.
Source: Fabian Figueredo
In February 2014, Bitcoin cybercrime kicked off with transaction malleability and the closure of Mt. Gox, the largest Bitcoin exchange in the world. Due to a coding flaw, cybercriminals were able to get away with 350 million U.S. dollars of other people’s money. Subsequently, the market price of 1 Bitcoin dropped to about $400 in April 2014, less than half of what it was at its peak in December of the previous year.
You don’t even have to be involved in Bitcoin trading to become a target of cryptocurrency cybercrime, though. By design, new cryptocurrency is created by computers that run “mining” programs, or complex algorithms that require tons of computing resources.
At present, no single PC can create new cryptocurrency on its own – however, that hasn’t stopped cybercriminals. With the use of Bitcoin mining botnets, even today’s low level thugs can infect thousands of remote PCs at once and command them to run mining programs for profit.
Emsisoft Lab actually discovered and analyzed one these beasts back in February, which combined ransomware and cryptocurrency mining botnet techniques. Named Linkup, the malware would deny Internet access, accuse the infected of viewing child porn, and then demand payment for reconnection. Meanwhile, the malware would download and run a cryptocurrency miner called jhProtominer which would use your computer’s resources to make someone else rich. Notably, 2014 also saw the emergence of BadLepricon, a bot that brought Bitcoin mining to the mobile environment.
Emptying your bank account? There’s an app for that.
Though it might have been creative, BadLepricon was actually kind of a financial flop. Cryptocurrency mining requires a lot of computing power, and even thousands of infected smartphones don’t have the brainpower to pay off. This year has shown that mobile malware is far from profit-less though. In early April, the Oldboot bootkit emerged with the ability to gain remote control of your Android device and command it to use premium rate SMS services owned by criminals – the payoff being that victims had to pay the bill.
That same month also saw the emergence of iBanking, an Android rogue that propagated through Facebook and that could intercept two-factor authentication codes, allowing cybercriminals to log into victims’ online financial accounts. Less technically impressive – but unfortunately no less profitable – 2014 also saw the mobile security embarrassment that was Virus Shield. Featuring nothing more than a graphic display that changed from an unprotected X to a now-you’re-protected check mark, Virus Shield achieved over 10,000 downloads on Google Play and went for $4 a pop. This silly little app that never actually scanned for malware at all made over $40,000…in less than a week!
Virus Shield was so ridiculous that some people thought it was funny, and compared to what happened next it kind of was. Shortly after Virus Shield, the Android environment met file encrypting ransomware for the very first time. It happened in June, and its name was Simplocker. Like its PC-based brethren, Simplocker for Android was (and still is) fully capable of encrypting all of your important files and demanding payment for recovery. Fortunately, a decryptor for early variants of Simplocker have since been developed; however, as an estimated 22% of the world’s population owns a smartphone (2% more than own a PC), the opportunity to cash in on mobile ransomware is now greater than ever.
What do Target, Michaels, Goodwill, and The Home Depot all have in common?
Hint: The answer isn’t that they’re all big box retailers based in the U.S. If you live in the United States, odds are very good that 2014 has left you feeling quite cold about retail shopping with your credit card. Point of sale malware and payment card theft have downright dominated the info sec headlines this year, with each new breach topping the last.
The recent Home Depot breach affected 56 million payment cards alone, involving a malware infection that spread to almost every single store in the United States and Canada. By the numbers, that’s almost one fifth of the entire U.S. population. And at this very moment, untold thousands of these card credentials are being bought and sold by cybercriminals in underground carding networks, whereafter they’ll probably be used to buy big screen televisions and designer clothes in other people’s names.
What’s most disheartening about point of data sale breaches, though – and what you rarely read about in the headlines – is that they are never victimless crimes. Even if not a single account is used to make fraudulent purchases, it still costs money to cancel and reissue cards, and it still costs money to investigate the crime.
From a societal perspective, this is ultimately money wasted – money that could be used to achieve more positive ends. Follow the headlines, monitor your accounts, even study up on the technical specifics of the malware used if you’d like, but probably more than anything 2014 has shown us that the current U.S. payment card system is broken, and that the people who’ve broken it are cashing in big.
This is why we can’t have nice things
The world we live in is now a world where malware is an enterprise, literally interwoven with all others existing in our digital economy. Each new day brings us some new technology that makes life better, but also some new hack that exploits what is good for criminal gain. Is this unique to the Internet environment?
Hardly. Miscreants have been abusing other people’s innovations since the dawn of humankind. They do it because they cannot innovate on their own, and they have no regard for anyone but themselves. Does this mean that we should stop innovating and using our favorite new technologies? Hardly that, either. What is needed is a full acceptance of the reality of our digital landscape.
CyberCrime is everywhere, and we need to stop it. It may not be as scary as getting mugged in the streets, but in terms of dollars and cents it is actually way more frightening. How does paying $1000 to recover ransomed business files that are rightfully yours, just because you opened the wrong .PDF attachment sound to you?
Or how about letting a drug trafficker use your PC to make himself a few extra Bitcoin, while you’re away at work? What about an innocent looking mobile app that actually intercepts your security credentials and wipes your bank account clean? And let’s not forget about that credit card, either.
Who wants to make a wager on which American retailer will be breached next? If you’re alive and well in 2014, the unfortunate truth is that these are all relevant questions that need to be asked. But perhaps the most important one of all is the following:
What are you doing to ensure that you’re protected?
Have a great (cyber-crime-free) day.
Ransomware Alert: Digitally Signed CryptoWall through Malvertising