Crimeware-as-a-service: A new threat to crypto users

What is crimeware-as-a-service (CaaS)?

Crimeware-as-a-service (CaaS) involves experienced criminals selling their tools and services to less experienced offenders for a price. This model resembles software-as-a-service (SaaS), where the provider gives access to the software to the subscriber. In the case of crimeware-as-a-service, the SaaS model has reshaped itself in the context of cybercrime.

In the early days of cybercrime, cybercriminals mostly worked alone or in small groups, playing with technology and trying to sneak into people’s bank accounts or emails for personal gains and fun. Criminals generally used email to send viruses and commit scams. 

Crimeware-as-a-service has professionalized the process. Historically, to make money with cybercrime in the crypto space, one had to gain multiple skills in diverse disciplines, such as detecting vulnerabilities in smart contracts, developing malicious software, making fraudulent calls and so on. Crimeware-as-a-service has made crime simpler for the actors as they can just rent necessary software and services.

This ability to purchase the tools needed for conducting fraudulent activities means they can carry out all sorts of assaults, such as extorting money, stealing financial assets, identity theft, breaching firewalls to steal documents and other sensitive information and crashing large computer systems.

Notably, all activities regarding the development of malicious software and purchases occur on the dark web, an invisible part of the internet where users can conceal their identity and location. Accessing the dark web requires specialized software like Tor (The Onion Router) or I2P (Invisible Internet Project), as it is not accessible through standard browsers like Chrome or Safari. “Onion routing” is designed to protect users from surveillance. Data packets are routed through thousands of relay points when users access a site through the dark web.

However, using the dark web for illegal activities, such as purchasing malicious software or engaging in cybercrime, is against the law and can lead to criminal charges.

Product-to-service cycle in CaaS

The product-to-service cycle in CaaS happens in three phases: 

• Step 1: A criminal actor develops a crime-as-a-service offering. 
• Step 2: This information is then disseminated by an underground advertiser through forums on the dark web, making it readily available to a wide range of potential buyers within the criminal underworld. 
• Step 3: Upon receiving an order and payment, the product developer delivers the service to the buyer and the specified terms of use.

What crypto cyber criminals are selling?

In the crimeware-as-a-service economy, cybercriminals offer a range of products and services tailored for attacks on cryptocurrency users. These offerings include malware designed to steal private keys and crypto wallet credentials, phishing kits that mimic legitimate exchanges or wallets and ransomware that demands cryptocurrency as payment.

Cybercriminals offer distributed denials of service (DDoS) attacks as a paid service, commonly known as “DDoS-for-hire.” These services are marketed on dark web forums or specialized platforms, where individuals or groups can pay to target specific crypto platforms or other online systems. 

Customers specify the target and duration of the attack, and the service providers deploy botnets or other attack methods to overwhelm the target’s infrastructure, causing disruption. This makes it easy for even non-technical individuals to execute damaging cyberattacks by purchasing these services. 

Criminals may also help anyone trade stolen cryptocurrency, converting it into untraceable assets or fiat money through money-laundering services. Items for sale might include compromised accounts, gift cards or airline miles that can be liquidated for profit. 

For instance, phishing attacks have become increasingly collaborative, with specialized teams handling different aspects, such as malware development, infrastructure provision, customer support and money laundering. This division of labor enhances efficiency and reduces the technical burden on individual attackers.

Did you know? The 2016 Bitfinex hack, which saw the theft of 120,000 Bitcoin, remains the largest crypto heist in history. The current value of these stolen coins exceeds $8 billion.

How do cybercriminals take advantage of crimeware-as-a-service?

Crimeware-as-a-service boosts the capacity of cybercriminals to damage their victims in multiple ways. It brings them all the tools they need for criminal activities, simplifying their fraudulent acts and increasing their potential to harm their victims.

• Subscription services: Crimeware-as-a-service products are generally subscription-based, which allows customers to pay for continuous access to tools and support.
• Customization: Some crimeware-as-a-service platforms enable criminals to tailor malware to their specific requirements, making it easier to target specific victims.
• Accessibility: Crimeware-as-a-service platforms offer simple access to complex tools like malware and phishing kits via user-friendly interfaces.
• Anonymity: These services operate on the dark web, allowing providers and users to remain anonymous and complicating law enforcement agencies’ efforts. 
• Support and community: Amateur criminals can discuss methods to commit crimes on online forums. This fosters a sense of community among criminals and peer support.

Did you know? In 2014, Mt. Gox, then accounting for over 70% of all Bitcoin (BTC) transactions, suffered a massive security breach, leading to the theft of hundreds of thousands of Bitcoin. The exchange was forced to file for bankruptcy, leaving many users with significant losses and raising concerns about the security of crypto exchanges.

Different types and examples of crimeware

Crimeware is an umbrella term used for various software to steal victims’ assets. Criminals use different software like keyloggers, trojan horses, ransomware, adware, botnets and phishing kits.

• Keyloggers: Keyloggers discreetly track and record keyboard inputs, collecting sensitive information such as passwords. They may be software or hardware-based. Examples include Spyrix Free Keylogger and HawkEye.
• Trojan horses: Trojan horses are disguised as legitimate software, allowing attackers to obtain unauthorized access or spread malware. Such examples include Zeus Trojan and Emotet.
• Ransomware: Ransomware encrypts files or locks systems and demands payment to restore access. It frequently spreads through phishing or malicious downloads. WannaCry and LockBit are well-known examples of ransomware.
• Adware: Adware can display unwanted ads, collect user data for marketing or propagate malware. It frequently comes bundled with free software. Examples include Fireball and Gator.
• Botnets: Botnets are remote-controlled networks of compromised devices used to carry out harmful actions such as DDoS attacks. Mirai and GameOver Zeus are examples of botnets.
• Phishing kits: Phishing kits offer tools to create false websites and steal passwords, typically targeting emails or financial data. 16Shop and LogoKit are examples of phishing kits commonly used for the crime.

How has crimeware-as-a-service scaled up crypto crime?

Due to CaaS, fraudulent actors can simultaneously use phishing kits, ransomware and spyware to target thousands of people. This trend of crimeware-as-a-service has fuelled an underground economy in which cybercrime is mechanized and more readily available, resulting in significant financial damage to victims. It has brought down the cost of conducting crime for fraudulent actors.

Crimeware-as-a-service has brought new capabilities, such as digital money laundering and DDoS attacks, which were previously difficult to implement. This professionalization of cybercrime has resulted in significant global financial losses, as even inexperienced criminals can execute complex, high-impact attacks rapidly and anonymously.

With CaaS, cybercrime has evolved into a sophisticated ecosystem comprising multiple layers, including developers, distributors and end-users.

• Developers: The first layer would comprise the sophisticated developers who created the malicious software. 
• Distributors: The second layer consists of fraudsters who purchase or subscribe to the software and act as intermediaries. They often assemble teams to execute attacks or scams and market the tools through dark web marketplaces or other underground channels.
• End-users: The third layer includes hired workers who carry out the attacks with minimal knowledge of the larger operation. These individuals may engage with targets, luring them into downloading malicious software or revealing sensitive information, such as crypto wallet login details. Their role focuses on execution, not strategy, making them expendable assets in the system.

This creates a difficult situation for law enforcement agencies because even if they discover such a group making fraudulent calls to people, the real perpetrators are often beyond reach as they are located offshore. They cannot be arrested and prosecuted without gaining the confidence of the authorities in those countries and going through a complex extradition process.

Did you know? Crypto payments to ransomware attackers surged in the first half of 2023, reaching $449.1 million, a substantial increase of $175.8 million compared to the same period in 2022.

Crimeware-as-a-service: New threats, new defenses in the cryptocurrency world

Crimeware-as-a-service has altered the cybersecurity landscape for cryptocurrency users, multiplying risks and complicating defense procedures. It “democratizes” cybercrime, allowing non-technical users access to sophisticated hacking tools. This increases the frequency and scope of attacks, rendering traditional security measures ineffective.

Collaborative endeavors allow attackers to more efficiently target specific flaws in crypto products or services. For example, clipboard hijackers can redirect wallet addresses during transactions and targeted phishing efforts can fool users into disclosing private keys.

As these attacks become more complex, cryptocurrency users and platforms must implement advanced security measures such as multifactor authentication, constant monitoring for potential exploits and use of hardware wallets. Proactive defenses become essential in this regard, as the speed and efficiency of such assaults offer little margin for error in the crypto arena.

As these threats evolve, AI-powered proactive defenses will become increasingly important. AI systems can study user activity patterns, detect anomalies and anticipate potential hacks before they occur. Moreover, machine learning algorithms aid in detecting phishing attempts, monitoring transaction activity and identifying suspicious behaviors, giving crypto users improved, real-time security against developing threats.

How to report a cybercrime?

Reporting a cybercrime involving cryptocurrency is critical for preventing further damage and protecting the community. Most countries have a department to investigate cybercrimes. Make your report as complete and accurate as possible.

Before reporting the incident to concerned authorities, gather all crime-related evidence, including transaction IDs, wallet addresses, correspondence screenshots and phishing emails. These details assist investigators in tracing the fraudulent activity. 

Contact your local cybercrime authority to file a complaint. In different countries, various bodies investigate cybercrimes:

• In the US, the Internet Crime Complaint Center (IC3), under the Federal Bureau of Investigation (FBI), accepts complaints from victims or third parties. 
• In the UK, the National Crime Agency (NCA) investigates cybercrime.
• In Japan, multiple organizations like the National Police Agency and the Japan Anti-Fraud Organization (JAFO) investigate cybercrime cases. 
• In Singapore, the Singapore Police Force’s Criminal Investigation Department (CID) is the primary authority investigating cybercrimes.
• Interpol’s Cybercrime Division coordinates with various investigatory agencies globally. 

You also need to notify the cryptocurrency platform involved. Platforms such as Binance and Coinbase provide specialized methods for reporting fraud. On Binance, for instance, you can log in to your Binance account, click the Binance Support icon, and choose “Report Scam.” 

Acting early raises the likelihood of freezing stolen funds or identifying perpetrators before they can cover their tracks.

How to protect yourself from crimeware-as-a-service

Protecting your crypto assets from crimeware-as-a-service threats requires an active approach on your part regarding cybersecurity:

• Use hardware wallets: Secure your crypto assets with hardware wallets, which store private keys offline, safeguarding them from malware and phishing attacks. 
• Enable multifactor authentication: Use MFA on all accounts to add an extra layer of protection. It requires users to provide more than one form of authentication to gain access to an account.
• Avoid clicking on unsolicited links: Stay vigilant against phishing attempts by avoiding clicking on unsolicited links. Verify the authenticity of websites and emails before entering sensitive information. 
• Set up strong passwords: Use strong, unique passwords for all accounts and consider using a password manager for added convenience and security.
• Update your devices regularly: Keep your devices updated with the latest software patches and install reputable antivirus programs to detect and block malicious tools. 
• Use virtual private network (VPN): VPNs enable remote, secure access to specific resources by creating an encrypted tunnel, shielding internal and external systems from cyberattacks.
• Take regular backup: Take a backup of important data at regular intervals. In case hackers manage to sneak in and block access to sensitive information, you could use your backup and ensure business continues as usual.

Regularly monitoring your crypto transactions and account activity for unauthorized changes is essential. Keep yourself educated about emerging tactics regarding crimeware-as-a-service. It will significantly reduce your risk of falling victim to CaaS-driven attacks.