The landscape in 2017
Today, cryptocurrency is no longer only for computer geeks and IT pros. It’s starting to affect people’s daily life more than they realize. At the same time, it is fast becoming an attractive target for cybercriminals. Some cyberthreats have been inherited from e-payments, such as changing the address of the destination wallet address during transactions and stealing an electronic wallet, among other things. However, cryptocurrencies have opened up new and unprecedented ways to monetize malicious activity.
In 2017, the main global threat to users was ransomware: and in order to recover files and data encrypted by attackers, victims were required to pay a ransom in cryptocurrency. In the first eight months of 2017, Kaspersky Lab products protected 1.65 million users from malicious cryptocurrency miners, and by the end of the year we expect this number to exceed two million. In addition, in 2017, we saw the return of Bitcoin stealers after a few years in the shadows.
What can we expect in 2018?
With the ongoing rise in the number, adoption and market value of cryptocurrencies, they will not only remain an appealing target for cybercriminals, but will lead to the use of more advanced techniques and tools in order to create more. Cybercriminals will quickly turn their attention to the most profitable money-making schemes. Therefore, 2018 is likely to be the year of malicious web-miners.
- Ransomware attacks will force users to buy cryptocurrency. Cybercriminals will continue to demand ransoms in cryptocurrency, because of the unregulated and almost anonymous cryptocurrency market: there is no need to share any data with anyone, no one will block the address, no one will catch you, and there is little chance of being tracked. At the same time, further simplification of the monetization process will lead to the wider dissemination of encryptors.
- Targeted attacks with miners. We expect the development of targeted attacks on companies for the purpose of installing miners. While ransomware provides a potentially large but one-off income, miners will result in lower but longer Next year we will see what tips the scales.
- Rise of miners will continue and involve new actors. Next year mining will continue to spread across the globe, attracting more people. The involvement of new miners will depend on their ability to get access to a free and stable source of electricity. Thus, we will see the rise of ‘insider miners’: more employees of government organizations will start mining on publicly owned computers, and more employees of manufacturing companies will start using company-owned facilities.
- Web-mining. Web-mining is a cryptocurrency mining technique used directly in browser with a special script installed on a web-page. Attackers have already proved it is easy to upload such a script to a compromised website and engage visitors’ computers in mining and, as a result add more coins to the criminals’ wallets. Next year web-mining will dramatically affect the nature of the Internet, leading to new ways of website monetization. One of these will replace advertising: websites will offer to permanently remove a mining script if the user subscribes to paid content. Alternatively, different kinds of entertainment, such as movies, will be offered for free in exchange for your mining. Another method is based on a website security check system – Captcha verification to distinguish humans from bots will be replaced with web mining modes, and it will be no longer matter whether a visitor is bot or human since they will ‘pay’ with mining.
- Fall of ICO (Initial Coin Offering). ICO means crowdfunding via cryptocurrencies. 2017 saw tremendous growth of this approach; with more than $3 billion collected by different projects, most related in some way to blockchain. Next year we should expect ICO-hysteria to decline, with a series of failures (inability to create the ICO-funded product), and more careful selection of investment projects. A number of unsuccessful ICO projects may negatively affect the exchange rate of cryptocurrencies (Bitcoin, Ethereum etc.), which in 2017 experienced unprecedented growth. Thus we will see a decrease in the absolute number of phishing and hacking attacks targeting ICO, smart contracts and wallets.