A well-known provider of cybersecurity solutions Group IB is preparing to release its report on trends in high-tech cybercrime. According to the summary received by the media, the document contains evidence of 14 different attacks on cryptocurrency exchanges since January of last year. Group IB argues that the state-sponsored DPRK group Lazarus is responsible for most of the criminal activities. On its account are $571 million of funds stolen from investors. The hacker syndicate is based in North Korea. It is credited with a series of high-profile attacks on crypto exchanges in the past and this year.
Since 2017, Internet attackers have stolen a total of $882 million worth of crypto assets from online exchanges, but no one has succeeded as much as the North Koreans. They account for more than half of the total damage. More money is received by North Korean from the hacking of crypto exchange passwords than to any other country in the world.
Lazarus is suspected of one of the largest hacks to date, an attack on the Coincheck exchange in Japan in January 2018. As a result, Coincheck lost 523 million NEM tokens worth about $534 million.
The group concealed in the DPRK at the highest level is also considered guilty of hacker attacks on the South Korean Yapizon exchange in April 2017 and Bithumb in June 2018. Yapizon lost 3,816 BCH, worth $5.3 million, and Bithumb was hacked for about $32 million.
Lazarus has been operating for several years. The group has been known since 2014, since the hacking of Sony Pictures. The syndicate is suspected of creating and using malware, which also attacks consumer and business systems.
Prior to the publication of the report, it is not clear what Group IB data indicates that Lazarus is responsible for hacks worth $571 million. Nevertheless, Lazarus is widely cited in hacker circles, and The Japan Times reported back in February that the South Korean National Intelligence Agency suspected the group of numerous cyber crimes, but it did not have solid evidence.
Rampant Cybercrime in the Cryptosphere
Back in August 2018, reports by Bleeping Computer reported that Kaspersky Lab detected the use of the Mac malware strain by a hacker syndicate in downloading cryptocurrency trading software. Vitaly Kamluk from Kaspersky Lab then commented it like this: “The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future.”
Group IB also expects that the number of targeted attacks on cryptocurrency exchanges will grow, and not only from Lazarus. Experts believe that the most aggressive groups of hackers, usually known for attacks on banks, are switching their attention to the crypto industry, because they know how profitable it can be.
Hackers aimed at the cryptosphere use all the same traditional methods and tools, such as phishing, social engineering, and malware.
56 percent of the total number of stolen funds from ICO funds are assigned to phishing attacks. And over the past year and a half, 10 percent of the capital placed on ICO platforms has gone into the hands of cyber attackers. And most of it comes from phishing.
The criminals are using the “crypto fever,” as investors are so afraid to miss profits that they rush to invest in new cryptocurrency projects as quickly as possible without checking the authenticity of the domain names.
The scammers even create fake websites using stolen project descriptions, and then disappear with investors’ funds shortly after launching fake ICOs. According to the report, large phishing groups are capable of stealing approximately $1 million per month.
Group IB predicts an increase in the number of attacks on ICOs. And these attacks remain a threat to virtually every project that wants to attract investors. Group IB is a private company engaged in the investigation of high-tech crimes. The full report, which will be published soon, will be an annual report on trends in cybercrime.