Four Vietnamese nationals were charged in a U.S. court for a series of cyber intrusions causing over million in losses. The defendants, part of the cybercrime group “FIN9,” allegedly hacked U.S. companies from May 2018 to October 2021, stealing non-public information, employee benefits, and funds. They used stolen personal and credit card information to […]
Bitcoin News
Fintech Giant Flutterwave Partners With Nigerian Anti-Graft Body to Launch Cybercrime Center
Flutterwave, a Nigerian fintech startup, has partnered with the Economic and Financial Crimes Commission (EFCC) to establish a cybercrime research center. This strategic initiative aims to intensify the fight against internet crime, enhance the security of business transactions, and provide opportunities for Nigerian youth. The partnership was formalized through a Memorandum of Understanding (MoU) signed […]
Bitcoin News
CISO Pasi Koistinen on Cryptomarkets, Cybercrime and His Role in Coinhako
The NewsBTC team interacted with Pasi Koistinen for the first time after he was appointed the CISO of Coinhako. We asked him a few questions about the new role and his views on crypto markets and cybercrime. Here is an excerpt of the interesting interaction that happened recently.
Q: Thanks for joining us, and congratulations on your new role as the CISO of Coinhako. First, would you please introduce Coinhako to our readers?
A: Coinhako was founded in 2014 in Singapore, and the platform’s mission is to be the go-to gateway to the crypto economy, providing easy access to digital assets and connecting users to the crypto space.
Q: Can you tell us about your role in Coinhako and what made you join this company in particular?
A: My role as Coinhako’s CISO is to organize and manage cybersecurity activities across the whole company, and communicate related risks to stakeholders. I also act as the head of the security function and work in close contact with other business units spanning across legal, compliance, programming, and user ops. The move to the crypto space was a natural one as I always had a personal interest in the fast-growing digital assets industry. Coinhako was a good choice because it is one of the longest-standing digital asset companies in Singapore. Also, I felt that Coinhako having the in-principle approval as a DPT service provider in Singapore was a good indicator of their reliability.
Q: Would you like to give us some insight into how Coinhako protects the privacy and security of its users?
A: Besides having a robust security framework, our security protocol also includes educating our users with informational content via our online and social platforms, as well as through in-app prompts to encourage users to enable their 2FA, and avoid phishing attacks, dubious websites and other kinds of cyber threats.
Q: What are your plans with Coinhako? How do you intend to improve it further?
A: As the new CISO, I am excited to bring to Coinhako my extensive experience from various industries and different companies. Part of my plan includes growing our cybersecurity capabilities through refining and adopting new technologies and protocols. As the company is scaling up operations, the plan also includes increasing the security team’s headcount, which will be instrumental in expanding our company’s technological capability and maturity.
Q: When were you first introduced to cryptocurrencies? What were your roles and responsibilities before joining Coinhako?
A: My first foray into cryptocurrencies was in 2012. I read about Bitcoin and decided to buy a few back then, just for fun. I wish I still had them!
For the last 22 years, I have been working in the cybersecurity industry and have held various positions such as CISO and lead consultant. Also, I am a cybersecurity entrepreneur and co-founded two cybersecurity firms over the course of my career.
Q: Would you wish to educate our readers on the best practices to safeguard their crypto assets and protect themselves from cybercriminals?
A: The first rule of thumb is never click any message, link or file on the same device that you use for managing your digital assets. It is good practice to use 2FA for authentication but don’t rely on it to save you from a mis-click if a phishing attack is successful.
Q: What are your thoughts on cybercrime and crypto’s role in it? How is it different from pre-crypto days?
A: Cybercrime is evolving all the time and due to the anonymity of crypto, cryptocurrencies have been one of the preferred payment methods for cybercrime. However, they represent only a small percentage of the entire digital asset industry as cash is still the go-to medium for illicit payments. In the early years of cryptocurrencies, cybercriminals used to get paid in bitcoin and could launder their money with ease. But with the maturity of the crypto space, coupled with the transparency of blockchain payments, law enforcement agencies are becoming more knowledgeable of the workings of crypto and getting pretty good at investigations. Anti-crime efforts have to be consistent as perpetrators are constantly looking for opportunities to conduct illegal activities, so a huge shout-out to private institutions and regulators who are working tirelessly to mitigate such illicit activities.
Q: What are the common threats faced by crypto exchanges and businesses these days? How to mitigate them?
A: Crime syndicates generally have the same modus operandi for most attacks on exchanges and businesses. They typically try to illegally obtain assets from end customers through phishing attacks. Threat actors also target the exchanges by trying to infiltrate the systems via exposed systems or by hacking the employees. From our experience, the prime goal of such attacks is to steal customer data and the private encryption keys of the exchanges. Over the past months, we have seen a spike in such attacks. Mitigation of these threats requires a layered defense approach. As such, having a robust security framework consisting of multiple defensive controls to prevent, detect and react to attacks is especially important in ensuring the integrity of our platform and to protect our users’ assets.
Q: Would you like to share your vision of the crypto industry with our readers? How do people stand to benefit from it, especially with few governments attempting to stifle it with strict regulations?
A: The last two years have seen cryptocurrencies reaching mainstream consciousness. I posit that their adoption curve is just beginning though. We will continue to see extensive growth in value and adoption in both B2C and B2B. There will always be countries that want to benefit from this growth and these countries will have to put in place laws and governance that ensure that players in the market don’t cause excessive risks. Taking a responsible approach toward crypto will ensure that the industry gains maturity and trust in the eyes of society, consumers and lawmakers. Developing trust is paramount and will take some time, but it is inevitable too.
Q: Anything else you think our readers should know about?
A: I think cryptocurrencies are a great learning opportunity for everyone. They are effectuating a radical change in the financial ecosystem and beyond, and I believe crypto will modernize the global financial system like the Internet did to the exchange of ideas and information.
California Cybercrime Police Focus on Cryptocurrency SIM Swapping as Highest Priority
n U.S. police continue to fight SIM swapping leading to crypto theft with dedicated crime unitn
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7
Cybercrime Firm Warns of Rising Reports of Fake WannaCry Ransomware
Cybercrime involving cryptocurrencies is on the rise. Today, the U.K.’s national reporting center for fraud and cyber crime, Action Fraud, has issued warnings about a new phishing campaign using the infamous WannaCry ransomware.
Increase in Ransomware
Action Fraud claimed last Friday that it had already received 300 reports over the previous two days about the scam emails, which attempt to trick readers into believing they have an infected computer. The emails claim that users’ devices are hacked and that files will be deleted unless a fine is paid in Bitcoin. In reality, the emails are just a phishing exercise used to extort money from unknowing victims.
“The WannaCry emails are designed to cause panic and trick you into believing that your computer is infected with WannaCry ransomware,” Action Fraud said in an alert. “In reality the emails are just a phishing exercise to try and extort money. The emails claim that all of your devices were hacked and your files will be deleted unless you pay a fine to the fraudsters in Bitcoin.”
It was last May when reports surrounding WannaCry’s ransomware attacks first appeared. The attacks infected more than 250,000 computers in 150 countries. In the U.K., the attacks were widely publicized, having disrupted over 1/3 of National Health Service (NHS) Trusts as well as 600 independent practitioners, causing the cancellation of an estimated 19,000 appointments and operations.
Action Fraud has been called upon several times already to warn U.K. citizens of scams using WannaCry as bait — although most happened in the weeks following the initial outbreak. Other examples of attacks saw BT Group-branded phishing emails that urged users to click to confirm a security update apparently carried out by the communications giant to protect them following the initial attacks. Unfortunately, users were tricked.
“One victim fell for the scam after calling a ‘help’ number advertised on a pop-up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware,” Action Fraud said. “The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.”
Action Fraud offers several tips on how to protect oneself from attacks from WannaCry and similar ransomware:
“If you receive one of these emails, delete it and report it to us. Do not email the fraudsters or make the payment in Bitcoin. Additionally you should always update your Anti-Virus software and operating systems regularly and follow our advice on how to deal with ransomware.”
Crypto and Cybercrime
As NewsBTC reported in March, the largest category of cybercrime involving cryptocurrency so far in 2018 have been exchange-related (see Coincheck hack), which have accounted for up to 27% of attacks.
The second largest group of victims of cybercrime were regular people and businesses. According to the cybersecurity firm Carbon Black, these made up 21% of the total crimes involving cryptocurrency. The most common method used is ransomware like WannaCry, although there are others, like crypto-jacking (illegal coin mining).
According to Helge Husemann, product manager for internet security firm Malwarebytes, crypto-jacking as a form of cybercrime has been on the rise. Just last year YouTube experienced a threefold increase in illegal coin mining via malware-embedded ads.
He also noted that Showtime, Browsealoud, as well as U.K. government websites, and more, fell victim to illegal mining scams. Some of these went undetected for several months, netting the hackers behind the attacks hefty profits.
Husemann said that on average, Malwarebytes has been blocking eight million malicious mining attempts per day — equating to an astonishing 248 million per month.
“The illicit gains from illegal crypto-mining contribute to financing the criminal ecosystem, costing billions of dollars in losses and disruption of business services from compromised assets.”
Featured image from Shutterstock.
The post Cybercrime Firm Warns of Rising Reports of Fake WannaCry Ransomware appeared first on NewsBTC.
Crypto Cybercrime Thefts Total Over $1.1 Billion in First Six Months of 2018
According to recent research, the total amount of cryptocurrency that has been stolen through cybercrime this year alone is over .1 billion. Cybersecurity firm Carbon Black stated that the money was rather easy to steal too.
Ransomware and Exchange Hacks Are the Most Common Cybercrimes Involving Cryptocurrency
According to a report by security firm Carbon Black, many criminals are using the dark web to appropriate cryptocurrency from their victims. They estimate that there are over 12,000 marketplaces with almost three times that number of cryptotheft listings between them.
Rick McElroy, the security strategist at Carbon Black, spoke to CNBC about the trend and how easy it was for criminals to operate these days:
“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware… It’s not always these large nefarious groups, it’s in anybody’s hands.”
McElroy then said that certain pieces of malware even came with customer service to aid would-be cyber criminals. The malicious software costs an average of 4 but can be picked up as cheaply as .04.
The attacks against companies and exchanges sometimes originate from an organised group of criminals. However, they’re just as likely to be the product of a trained engineer who is out of work. McElroy continued:
“You have nations that are teaching coding, but there’s no jobs… It could just be two people in Romania needing to pay rent.”
The security expert went on to state that in the new cryptocurrency economy, the onus was on the individual to protect their funds. He claimed that some more naive investors were unaware that there were no banks or institutions that could provide security for people using cryptocurrency. Instead, it was the responsibility of the users.
The largest category of cybercrimes involving cryptocurrency so far this year have been exchange hacks. These have accounted for up to 27% of attacks in 2018.
One high-profile hacking made victims of the Japanese exchange Coincheck. Hackers were able to make off with 0 million worth of the NEM cryptocurrency.
The second largest group of victims of cybercrime were regular businesses. According to Carbon Black, they made up 21% of the total crimes involving cryptocurrency. The most common method seems to be to use ransomware. This involves using a piece of software to lock computer systems. The attacker then demands payment in cryptocurrency to return functionality to the affected machines.
What’s becoming apparent too is that Bitcoin is not the cryptocurrency favoured by cybercrime criminals. Both Monero and Ether were more commonly used than the most popular digital currency at present. With 44% of all attacks using it, privacy-focused currency Monero was the number one. This was followed by Ether, the native currency on the Ethereum network, with 11%. Bitcoin, meanwhile, only accounted for 10% of the attacks.
Featured image from Shutterstock.
The post Crypto Cybercrime Thefts Total Over .1 Billion in First Six Months of 2018 appeared first on NewsBTC.
Prosecutors Sell 1,000 Bitcoin in Germany’s Largest Cybercrime Sale
Bamberg cybercrime specialists have sold over 1,000 Bitcoin and other coins for more than €12 million (.9 million) since February 2018. The cryptocurrencies were seized from a platform that had 30,000 users and is the highest sale of seized Bitcoin in Germany.
‘Emergency Sale’ Due to Volatility
The amount of Bitcoin was sold over two months from February 20 in an emergency sale due to the high volatility that affects the cryptocurrency markets. In total, 1,312 Bitcoins (BTC) were sold alongside 1,399 Bitcoin Cash (BCH), 1,312 Bitcoin Gold (BTG), and 220 Ether (ETH). The coins were sold on a German-based trading platform and involved more than 1,600 transactions.
State prosecutors said: “Since all cryptocurrencies are exposed to the risk of high price fluctuations or even total loss, an emergency sale was ordered by the Central Office of Cybercrime Bavaria.”
The price of Bitcoin has fluctuated from near ,000 to ,500 over the past six months. On February 20, Bitcoin was worth around ,500 and was down to ,400 by April 20, around the time the final coins were sold. NewsBTC reports that Bitcoin is in a bearish trend and is hitting a crucial point of support, which it needs to remain above in order to prevent further mid-year lows. This is the third time this year that Bitcoin has tested this support.
The cryptocurrency was seized from the LuL.to portal which illegally offered more than 200,000 e-books and audiobooks for sale. This platform was used by more than 30,000 people. In June, investigators from the Cyber Crime Competence Center of the LKA Sachsen and the Central Office of Cybercrime Bavaria (ZCB) arrested the alleged operators and stopped the site from operating.
The investigators were able to access the cryptocurrencies after the officials decided to cooperate. Unlike funds held in bank accounts which can be accessed by police in such cases, cryptocurrencies cannot be accessed unless the investigator has the private key. A study by Chainalysis highlighted that almost a quarter of Bitcoins in current circulation may be lost forever due to factors including users losing their private keys.
The next biggest sale in Germany was by Hessian Internet Investigators in collaboration with the FBI and Europol. These proceeds were from popular dark net sites including Silk Road 2.0 and Hydra. At the time of the sale, the Bitcoins were worth €1.9 million (.2 million), up from €50,000 (,000) when they were taken. These were also sold as an emergency sale as Bitcoin is deemed by the German authorities as a perishable good with a value could, in theory, reduce to zero. This type of sale is otherwise used for confiscated food or cars that could lose value over time.
Previously, the German authorities in Leipzig sold 1,197 Bitcoins netting them €432,000 (0,000). These were taken from the Shiny Flakes platform and would be worth €7.6 million (.8 million). In Bulgaria, authorities are sitting on 213,519 Bitcoins, worth .5 billion.
In November, NewsBTC reported that this would have been able to pay off a fifth of their national debt. The money was seized in May 2017 in response to a large number of cases of customs fraud where 23 arrests were made after police searched more than 100 properties. This included five Bulgarian customs officials.
Featured image from Shutterstock.
The post Prosecutors Sell 1,000 Bitcoin in Germany’s Largest Cybercrime Sale appeared first on NewsBTC.
Russian cybercrime mastermind accused of $4bn bitcoin fraud
Greece’s Supreme Court on Wednesday 15 November postponed until December an extradition hearing for Russian cybercrime suspect Alexander Vinnik.
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7
Bitcoin Low Risk For Money Laundering, High For Cybercrime UK Treasury
n A recent report from the UK Treasurys National Crime Agency suggests that Bitcoin is a low risk for money laundering but high risk for cybercrime.n
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7
Russian cybercrime suspect in $4bn bitcoin fraud case can be extradited to US, court rules
Russia is also seeking alleged cybercriminal Alexander Vinnik’s extradition on separate fraud charges, but no date has yet been set for that hearing.
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7