Crimeware-as-a-service: A new threat to crypto users

What is crimeware-as-a-service (CaaS)?

Crimeware-as-a-Service (CaaS) operates by skilled criminals offering their tools and criminal services to less experienced individuals for a fee. This approach mirrors Software-as-a-Service (SaaS), where the provider grants access to software to the user, but in the realm of CaaS, this model has been adapted to suit cybercrime activities.

Initially, cyber crooks primarily operated individually or in compact teams, tinkering with technology and aiming to infiltrate people’s financial accounts or emails for their own advantage and amusement. Typically, they employed emails to disseminate viruses and carry out fraudulent activities.

The concept of Crimeware-as-a-Service (CaaS) has streamlined the process of cybercrime, especially in the crypto sphere. Previously, earning illicit profits through cybercrimes required a versatile skillset across various domains, including identifying weaknesses in smart contracts, creating malicious software, and executing fraudulent transactions. With Crimeware-as-a-Service, criminals can now easily rent the necessary software and services, simplifying their operations.

Possessing the capacity to buy equipment for committing fraudulent acts empowers them to execute a wide range of illegal activities, including demanding money, swindling financial resources, identity misappropriation, breaking through security barriers to obtain confidential data and other crucial details, as well as causing large-scale computer failures.

Of particular interest, all malicious software development and related transactions take place on the dark net, an obscure part of the internet that allows users to remain anonymous. To gain access to the dark net, you need specific software like Tor or I2P, as it cannot be reached using regular browsers such as Chrome or Safari. The dark net uses “onion routing” technology to ensure user privacy from surveillance. When visiting a site on the dark net, data is sent through numerous relay points for added security.

On the flip side, utilizing the deep web for unlawful purposes like procuring harmful software or participating in cybercrime is strictly prohibited and could result in legal consequences, including potential arrests.

Product-to-service cycle in CaaS

The product-to-service cycle in CaaS happens in three phases: 

• Step 1: A criminal actor develops a crime-as-a-service offering. 
• Step 2: This information is then disseminated by an underground advertiser through forums on the dark web, making it readily available to a wide range of potential buyers within the criminal underworld. 
• Step 3: Upon receiving an order and payment, the product developer delivers the service to the buyer and the specified terms of use.

What crypto cyber criminals are selling?

In the world of cybercrime-on-demand, criminals provide a variety of tools and solutions specifically aimed at targeting cryptocurrency users. These tools encompass malicious software designed to pilfer private keys and crypto wallet details, deceptive phishing sets that mimic genuine exchanges or wallets, and ransomware that extorts digital currency as ransom.

Criminal hackers provide Denial of Service (DoS) attacks as a fee-based service, often referred to as “DoS-for-hire.” These services are advertised on underground forums or specialized markets, allowing people or groups to purchase the ability to attack specific cryptocurrency platforms or other digital systems.

Clients decide on the aim and timeframe for an attack, and service vendors then launch distributed denial-of-service (DDoS) attacks or other methods using botnets or similar tools. This allows relatively non-technical people to carry out harmful cyberattacks by simply buying these services, making it easy for them to cause disruption to targeted systems.

Criminals could potentially assist others in trading illicitly obtained cryptocurrency by converting it into untraceable assets or cash through money laundering services. They might offer various items such as hijacked accounts, usable gift cards, or airline miles that can be easily sold for a profit.

For example, phishing attacks are growing more complex as they involve multiple teams working together, each focusing on specific tasks like malware creation, infrastructure setup, customer service, and money laundering. This division of responsibilities increases efficiency and decreases the technical demands on individual attackers.

By the way, did you realize that? The 2016 Bitfinex hack, where 120,000 Bitcoin were stolen, holds the record as the biggest crypto theft ever. The worth of those taken coins now surpasses a staggering $8 billion.

How do cybercriminals take advantage of crimeware-as-a-service?

Using crimeware-on-demand, cybercriminals can significantly expand their ability to inflict harm on their targets in various manners. This service provides them with a comprehensive suite of tools tailored for illicit activities, streamlining their fraudulent actions and amplifying their capacity to cause damage to their victims.

• Subscription services: Crimeware-as-a-service products are generally subscription-based, which allows customers to pay for continuous access to tools and support.
• Customization: Some crimeware-as-a-service platforms enable criminals to tailor malware to their specific requirements, making it easier to target specific victims.
• Accessibility: Crimeware-as-a-service platforms offer simple access to complex tools like malware and phishing kits via user-friendly interfaces.
• Anonymity: These services operate on the dark web, allowing providers and users to remain anonymous and complicating law enforcement agencies’ efforts. 
• Support and community: Amateur criminals can discuss methods to commit crimes on online forums. This fosters a sense of community among criminals and peer support.

Did you know? In 2014, Mt. Gox, then accounting for over 70% of all Bitcoin (BTC) transactions, suffered a massive security breach, leading to the theft of hundreds of thousands of Bitcoin. The exchange was forced to file for bankruptcy, leaving many users with significant losses and raising concerns about the security of crypto exchanges.

Different types and examples of crimeware

Under the broad label of “Crimeware”, a variety of software tools are employed by criminals to pilfer their victims’ resources. These tools can range from keyloggers that record keystrokes, trojan horses that masquerade as legitimate software, ransomware that encrypts files for extortion, adware that displays unwanted advertisements, botnets that control multiple computers remotely, and phishing kits designed to trick users into revealing sensitive information.

• Keyloggers: Keyloggers discreetly track and record keyboard inputs, collecting sensitive information such as passwords. They may be software or hardware-based. Examples include Spyrix Free Keylogger and HawkEye.
• Trojan horses: Trojan horses are disguised as legitimate software, allowing attackers to obtain unauthorized access or spread malware. Such examples include Zeus Trojan and Emotet.
• Ransomware: Ransomware encrypts files or locks systems and demands payment to restore access. It frequently spreads through phishing or malicious downloads. WannaCry and LockBit are well-known examples of ransomware.
• Adware: Adware can display unwanted ads, collect user data for marketing or propagate malware. It frequently comes bundled with free software. Examples include Fireball and Gator.
• Botnets: Botnets are remote-controlled networks of compromised devices used to carry out harmful actions such as DDoS attacks. Mirai and GameOver Zeus are examples of botnets.
• Phishing kits: Phishing kits offer tools to create false websites and steal passwords, typically targeting emails or financial data. 16Shop and LogoKit are examples of phishing kits commonly used for the crime.

How has crimeware-as-a-service scaled up crypto crime?

Because of Crimeware-as-a-Service (CaaS), dishonest individuals can concurrently employ phishing scams, ransomware, and spyware to attack countless people. This pattern of crimeware-as-a-service has nurtured an underground market where cybercrime is automated and more easily accessible, leading to substantial financial losses for victims. It has also reduced the expenses associated with carrying out illegal activities for these deceitful actors.

Thanks to Crimeware-as-a-Service (CaaS), fraudsters can now use multiple types of harmful software like phishing kits, ransomware, and spyware at once, targeting many people. This trend has created an underground market for cybercrime, making it easier to do and cost less for the fraudsters. Unfortunately, this results in significant financial losses for victims.

Service offerings for criminal activities have evolved, introducing complex capabilities like digital money laundering and Distributed Denial of Service (DDoS) attacks, once challenging to carry out. This advancement in the professionalization of cybercrime has led to substantial financial losses worldwide, as inexperienced criminals can quickly execute sophisticated, high-impact assaults anonymously without specialized knowledge or resources.

As an analyst, I find that the landscape of cybercrime has significantly advanced, forming a complex network or ecosystem. Within this system, I identify three distinct groups: creators (developers), vendors (distributors), and users (end-users). Each group plays a crucial role in the perpetuation of these malicious activities.

• Developers: The first layer would comprise the sophisticated developers who created the malicious software. 
• Distributors: The second layer consists of fraudsters who purchase or subscribe to the software and act as intermediaries. They often assemble teams to execute attacks or scams and market the tools through dark web marketplaces or other underground channels.
• End-users: The third layer includes hired workers who carry out the attacks with minimal knowledge of the larger operation. These individuals may engage with targets, luring them into downloading malicious software or revealing sensitive information, such as crypto wallet login details. Their role focuses on execution, not strategy, making them expendable assets in the system.

This poses a challenging predicament for law enforcement, since it’s frequently tough to apprehend groups responsible for scam calls when their operations are based overseas. Arresting and bringing them to justice requires building trust with foreign authorities and navigating a convoluted extradition procedure.

Here’s an interesting fact: It’s worth noting that crypto ransom payments saw a significant rise during the first half of 2023, amassing approximately $449.1 million. This figure represents a notable jump of around $175.8 million compared to the same period in the previous year, 2022.

Crimeware-as-a-service: New threats, new defenses in the cryptocurrency world

The use of Crimeware-as-a-service has significantly changed the terrain of cybersecurity for cryptocurrency users, amplifying risks and making defense strategies more intricate. It essentially makes cybercrime accessible to all, giving non-technical individuals access to advanced hacking tools. This broadens the occurrence and scale of attacks, rendering conventional security measures obsolete.

Working together, adversaries can better focus on exploiting particular vulnerabilities found in cryptographic solutions or services. For instance, a technique like clipboard hijacking could divert the intended wallet addresses during financial transactions, while carefully planned phishing scams might trick users into revealing their private keys.

To counteract the increasing intricacy of cyber threats, it’s crucial that cryptocurrency users and platforms adopt robust security strategies like multi-factor authentication, continuous surveillance for vulnerabilities, and hardware wallet utilization. In this fast-paced digital environment, proactive defense mechanisms are indispensable, as the swiftness and precision of these attacks leave minimal room for error in the world of cryptocurrencies.

In the face of constantly changing dangers, AI-driven preemptive safeguards are growing more crucial. These AI systems analyze user behavior trends, identify irregularities, and predict possible cyberattacks before they happen. Furthermore, machine learning algorithms assist in detecting fraudulent activities such as phishing, tracking transactional data, and flagging suspicious actions, thereby offering enhanced, real-time protection to cryptocurrency users against emerging risks.

How to report a cybercrime?

It’s crucial to report any instances of cybercrime related to cryptocurrencies, as this helps in limiting future harm and safeguarding our online community. In most nations, there is a specialized division tasked with investigating such crimes. Ensure your report is detailed and accurate.

Or, more conversational:

Remember, if you ever come across cybercrime involving cryptocurrencies, it’s important to bring it to the attention of authorities. Many countries have teams dedicated to solving these kinds of crimes. Make sure you provide a thorough and truthful report.

Prior to filing a report with relevant authorities, accumulate all evidence related to the crime, such as transaction IDs, digital wallet addresses, screenshots of communications, and any phishing emails. This information helps investigators track down the suspicious activities.

Reach out to the cybercrime department in your area to submit a report if you’ve encountered any issues related to cybercrime. The specific entity responsible for investigating such matters may differ by country.

• In the US, the Internet Crime Complaint Center (IC3), under the Federal Bureau of Investigation (FBI), accepts complaints from victims or third parties. 
• In the UK, the National Crime Agency (NCA) investigates cybercrime.
• In Japan, multiple organizations like the National Police Agency and the Japan Anti-Fraud Organization (JAFO) investigate cybercrime cases. 
• In Singapore, the Singapore Police Force’s Criminal Investigation Department (CID) is the primary authority investigating cybercrimes.
• Interpol’s Cybercrime Division coordinates with various investigatory agencies globally. 

Besides informing the parties involved, remember that platforms like Binance and Coinbase have specific procedures for reporting fraudulent activities. For Binance, you can access these services by logging into your account, clicking on the Binance Support icon, and selecting “Report Scam.

Taking swift action increases the chances of seizing or tracing funds that have been stolen, before the culprits manage to hide their activities.

How to protect yourself from crimeware-as-a-service

Ensuring the safety of your cryptocurrency involves staying proactive about cybersecurity measures, as threats from crimeware-as-a-service are a real concern.

• Use hardware wallets: Secure your crypto assets with hardware wallets, which store private keys offline, safeguarding them from malware and phishing attacks. 
• Enable multifactor authentication: Use MFA on all accounts to add an extra layer of protection. It requires users to provide more than one form of authentication to gain access to an account.
• Avoid clicking on unsolicited links: Stay vigilant against phishing attempts by avoiding clicking on unsolicited links. Verify the authenticity of websites and emails before entering sensitive information. 
• Set up strong passwords: Use strong, unique passwords for all accounts and consider using a password manager for added convenience and security.
• Update your devices regularly: Keep your devices updated with the latest software patches and install reputable antivirus programs to detect and block malicious tools. 
• Use virtual private network (VPN): VPNs enable remote, secure access to specific resources by creating an encrypted tunnel, shielding internal and external systems from cyberattacks.
• Take regular backup: Take a backup of important data at regular intervals. In case hackers manage to sneak in and block access to sensitive information, you could use your backup and ensure business continues as usual.

Frequently checking your crypto transactions and account activity for any unusual or unapproved modifications is crucial. Stay informed on the latest strategies related to service-based cybercrime as this knowledge will greatly lower your chances of becoming a target of CaaS-related assaults.