The cybersecurity firm Carbon Black has revealed that over $1.1bn (£82m) worth of cryptocurrency has been stolen in the first half of 2018, as it emphasises the ease and lack of skill required to commit cybercrimes.
According to the group, criminals are using dark web marketplaces to facilitate thefts, with an estimated 12,000 such marketplaces in operation and 34,000 malware offerings related to ‘cryptotheft’. The massive growth of this black market has meant cryptocurrency crimes in the first half of 2018 have accounted for just £150 million less than the cost all cyber crimes in 2016 (FBI).
Those malware offerings available to hackers can vary widely in price, meanwhile, from as low as $1.04 up to $1,000 per offering. The average listing price was $224, while the “sweet spot” for pricing was “around $10” read the report, contributing to an illicit dark web economy for cryptocurrency worth over $6.5m (£4.5m).
While Bitcoin represents the leading currency for legitimate transactions, cybercriminals are moving to “alternative and more profitable” currencies, such as Monero, which is used in 44% of all attacks, preferred due to privacy, non-traceability and comparatively low transaction fees.
‘Not sophisticated actors’
“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” said Carbon Black security strategist, Rick McElroy to CNBC; “It’s not always these large nefarious groups, it’s in anybody’s hands.”
On the targets most vulnerable, the report found that exchanges (27%) suffered the majority of attacks, while 21% targeted businesses; individual users and the government, meanwhile, accounted for 14% and 7% respectively.
Emphasising just how easily these malware offerings can be obtained by users of the dark web, the research found that listings were “riddled” with phrases stressing the simplicity of using the tools, with Carbon Black adding that the phrases were “not geared toward sophisticated actors”.
According to the report, with malware so easily available, it falls to investors to wise up on current threats and the best means to protect their assets.
“Unfortunately, new investors and traders looking to jump on the crypto bandwagon will exacerbate the opportunity for exploitation,” read the report; “We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to the evolving threat.”
The full report, which also includes details on the most common types of attacks, is available to access here.