An illustrative example is the “cheating husband” scheme. Swindlers compose a message that threatens to expose a husband’s infidelities unless a ransom is paid. The scammers send the email to thousands of people, hoping to find a guilty and gullible victim among them. Unfortunately for the police, people who fall prey to these schemes rarely report the crime due to embarrassment. In this particular instance, one of the targets of the scheme contacted the Nashville Police Department.

However, even when victims report these crimes, local police departments don’t have a method of tracking or warning other jurisdictions about them. The FBI created the Internet Crime Complaint Center in 2000, but Donna Gregory, who heads the center, admitted only about 10 percent of cybercrimes are ever reported.

To make reporting easier and more uniform, the National Academies of Sciences, Engineering, and Medicine are currently working to modernize local and federal crime-classification systems. The hope is that with better data, local police departments and the FBI will be able to better address cybercrimes.

Cybersecurity companies can offer greater insight into the world of internet crime.

Law enforcement agencies may be overwhelmed by the breadth of digital crimes occurring, but IT security firms must stay ahead of hackers to remain in business. Their daily interactions in detecting and stopping attacks leaves them with a trove of valuable data.

Malwarebytes recently released their 2017 fourth quarter report on the evolving tactics and techniques of hackers. The report detailed shifting but unrelenting threats from cybercriminals. For instance, after the major ransomware attacks last year, development and distribution of that particular type of malware slowed. In its place, attackers deployed spyware, banking trojans, and hijackers — all of which are designed to steal sensitive data and distribute more malware.

Mining has increased as cryptocurrency grows in popularity and value.

Bitcoin and a multitude of newer digital currencies have received increasing media attention as their prices skyrocketed and then crashed. While the cryptocurrency market has lost about half of its value since mid-December, many investors see this as a simple correction due to overzealous buyers late last year. Cryptocurrency is here to stay, and there is money to be made from it.

Of course, that means cybercriminals are getting in on the game. Sophisticated hackers have found vulnerabilities in cryptocurrency code to steal vast sums of digital money. That’s what happened to Japan’s CoinCheck, which was taken for $534 million in a late-January heist.

However, there’s a more mundane way of making cryptocash that’s on the rise — mining. Cryptomining occurs when people volunteer computing power to a cryptocurrency’s network. In exchange for running software that validates transactions, miners occasionally earn coins. Hackers have invented a method called drive-by mining to receive the rewards of cryptomining while using unwilling victims to provide the computing power.

These drive-by mining programs can run on a computer without the victim ever knowing it (except for seeing a decrease in computer speed). Malwarebytes claims to have blocked over 100 million drive-by mining attempts in a single month, which means this is a major new threat for security firms.

The report’s 2018 predictions indicate that consumers and businesses must remain vigilant.

Malwarebytes believes that drive-by cryptocurrency mining will continue as long as digital currencies keep their value. The security firm also warns that hackers could use the Internet of Things to mine cryptocurrency as well as perpetrate DDOS attacks. Finally, the report’s authors believe the use of leaked exploit codes in 2017 will continue this year unless the governments who discover the vulnerabilities begin disclosing them.

The ever-shifting tactics of hackers shows how hard of a job the National Academies of Sciences, Engineering, and Medicine have in codifying a classification system for cyber-attacks. However, without recording and sharing this information in a formalized way, law enforcement will continue struggling to keep up with cybercriminals.

The post Malware Report Sheds Light on Underreported Cybercrimes appeared first on Datarecovery.com.

Bitcoin price fluctuations have made setting ransom demands difficult.

The price of bitcoin has fluctuated wildly, spooking investors and frustrating cybercriminals.

In the past month, the price of bitcoin has yo-yoed from $13,000 to $17,000 and then back down to $10,000. These fluctuations make it difficult for hackers to demand a precise ransom. In fact, the price of bitcoin has become so unreliable, hackers are increasingly pricing their ransoms in US dollars (though the payments are still frequently requested in bitcoin).

And a fluctuating price isn’t the cryptocurrency’s only problem. Gabriel Glusman, senior cyber intelligence analyst at Sixgill, told ZDNet, “the time it takes for transactions to confirm, the high volume, and the transaction fees makes it that anything that’s less than $200 isn’t worth paying in bitcoin.” These problems have spurred hackers to look for alternate forms of payment.

The takedown of dark websites AlphaBay and Hansa has cybercriminals worried about cryptocurrency anonymity.

A joint effort by the U.S. Department of Justice and Europol took down AlphaBay, a website that hosted listings for illegal drugs, stolen and fraudulent documents, firearms, and other illicit products. Once the site was shuttered, criminals flocked to another dark website, Hansa.

Unfortunately for the criminals who created Hansa accounts, the site had already been seized by Dutch officials. International law enforcement agencies silently recorded the criminal activity taking place on Hansa. “They flocked to Hansa in their droves,” Interpol director Rob Wainwright told Wired. “We recorded an eight-times increase in the number of new users on Hansa immediately following the takedown of AlphaBay.”

The closures of AlphaBay and Hansa have spooked some cybercriminals into seeking currencies with more privacy protections than bitcoin. Wainwright tweeted a warning that, “We’ll see a progressive shift in 2018 towards criminal use of cryptocurrencies other than Bitcoin, making it generally more challenging for law enforcement to counter.”

Monero has a growing share of the cryptocurrency market.

The alt-coin launched in 2014 and focuses on being untraceable, which has made it popular for ransomware distributors. Matt Suiche, founder of Comae Technologies told Bloomberg that monero is now “one of the favorites, if not the favorite” cryptocurrency of ransomware attackers.

Monero transaction fees (like those of bitcoin) are not fixed, but they have been significantly lower than bitcoin’s on average. Monero also has many more features to ensure anonymity than bitcoin (though some transactions from between 2014 and 2016 may be traceable).

While monero’s developers aren’t advocating for criminals to use it, they admit that it is well-suited for illegal transactions. Riccardo Spagni, a core developer for the alt-coin told Bloomberg, “I imagine that monero provides massive advantages for criminals over bitcoin, so they would use [it].”

Another attractive currency for use on the dark web is Dash.

The alt-coin, whose name is a portmanteau of “digital cash,” may have an even brighter future than monero. It has extremely low transaction fees (they aren’t fixed, but are generally less than $1) and an InstantSend function that completes transactions in as little as a few seconds. Dash also has a feature called PrivateSend that makes it attractive to those looking to do untraceable deals.

Dash received media attention after inking a deal with Kuvacash, a project aiming to stabilize Zimbabwe’s runaway inflation. The $550,000 partnership led to a steady increase in the coin’s price until an abrupt nosedive with most other cryptocurrencies in mid-January. Still, if the coin achieves mainstream popularity, it will be very attractive to cybercriminals looking for a good blend of ease-of-use and increased privacy.

Ransomware may embrace new currencies, but it’s not going away any time soon.

Hancock Health and Allscripts, an electronic health record company, have both suffered costly ransomware attacks in January 2018. Last year saw ransomware cripple dozens of organizations and businesses as IT departments scrambled to keep up. That is to say, bitcoin’s price may fluctuate, but ransomware attacks remain a constant.

Cybercriminals fleeing the bitcoin market does not necessarily mean that law-abiding consumers will, too. However, some of bitcoin’s issues, like hefty transaction fees and long confirmation times, extend to everyone who uses it. Other cryptocurrencies like monero and Zcash hope to capture a larger market share due to enhanced privacy features.

Whichever form wins out in the end, there is a demonstrated appetite for cryptocurrency — the current market cap stands at over $500 billion. Our only advice is that if you decide to invest in one of these new alt-coins, don’t choose SpriteCoin — it’s a disguised ransomware that will encrypt your files and demand 0.3 monero.

The post Cybercriminals Ditch Bitcoin in Search of Better Cryptocurrency appeared first on Datarecovery.com.

What is the Internet of Things?

The IoT refers to devices — think appliances, cars, and HVAC systems — that connect to the internet. These devices often have “smart” as a prefix and offer convenient and futuristic features like the ability to turn up the heat or AC just before you head home from work.

Smart watches, which display emails, monitor heart rate, and even tell golfers how far they are from the pin, are one of the most popular IoT gadgets. But there plenty of lesser known smart devices as well. Coffee makers, thermostats, and light bulbs are increasingly offering connectivity to the internet as a feature.

Unfortunately, the connectivity that allows consumers to control appliances remotely also exposes devices to malware. And that brings us to the crux of why the IoT will likely become a more frequent target of ransomware attacks.

IoT continues growing, but security is still lax.

The IoT has grown in fits and starts through 2017. For the first time in history, there are more connected devices (approximately 8.4 billion) than humans (approximately 7.6 billion) on the planet. That being said, Cisco estimates that 75 percent of all IoT projects are failing due to problems with security and lack of compatibility.

These security issues will become a major issue as consumers and industry grow accustomed to the benefits of connectivity. The more people rely on connected devices, the more vulnerable to ransomware they become. After all, successful ransomware attacks depend on the victim feeling like they have no choice but to pay the ransom.

IoT ransomware would look different than the attacks we’ve seen lately.

In general, smart devices are highly specialized and quite different from desktop computers. They don’t store family photos or business files, and many don’t have a screen to display a ransom note. Still, enterprising hackers could find a way to freeze or take control of devices and demand a payment.

At the Def Con hacking conference, two researchers demonstrated how they could infect a thermostat with ransomware. If hackers targeted a hospital or nursing home and cranked the heat during summer or AC during winter, victims would have to consider paying the ransom.

If hackers successfully targeted even more critical equipment in a medical facility, the stakes would be even higher. Several researchers have warned that U.S. power grids are vulnerable due to poor IoT security. These are some of the reasons why so many people are urging IoT manufacturers to take security more seriously.

Consumers can take precautions right now to protect IoT devices.

For starters, don’t keep the default password and don’t make the new one “123456” or something else that is easy to guess. Always update your smart devices when a patch becomes available (just like you should with your computer and phone).

Consumers should make sure devices are operating on a secured Wi-Fi router and not an open wireless connection. Buying devices from companies that have a good cybersecurity track record is also helpful. Here’s more information from the FBI on how to protect your devices from hacking. As for industrial and government systems, we hope they listen to Cisco CTO Kevin Bloch when he says, “If you don’t secure it, don’t connect it.”

The post Cybersecurity Still a Major Issue for the Internet of Things appeared first on Datarecovery.com.