cyber trends
Cryptomining and digital
currency scams
Since 2017 there has been a 400–600%
increase in the amount of cryptomining
malware being detected globally – the
vast majority of which has been found on
social media platforms.
Of the top 20 global websites that
host cryptomining software, 11 are
social media platforms like Twitter and
Facebook. Apps, adverts and links have
been the primary delivery mechanism
for cryptomining software on social
platforms, with the majority of malware
detected by this research mining Monero
(80%) and Bitcoin (10%), earning US$250
million per year for cybercriminals.
“Facebook Messenger has been
instrumental in spreading cryptomining
strains like Digmine,” said Dr McGuire.
“Another example we found was on
YouTube, where users who clicked
on adverts were unwittingly enabling
cryptomining malware to execute on
their devices, consuming more than
80% of their CPU to mine Monero.
For businesses, this type of malware
can be very costly, with the increased
performance demands draining IT
resources, network infections and
accelerating the deterioration of
critical assets.”
In addition, social platforms have become
increasingly important to the business
of digital currency scams involving
fraudulent cryptocurrency investments.
Gregory Webb, CEO of Bromium
www.intelligentciso.com
|
Issue 12
“One trend on social media has been
the hijacking of trustworthy verified
accounts,” said Dr McGuire.
“In one case, hackers took over the
Twitter account for UK retailer Matalan
and changed it to resemble Elon Musk’s
profile. Tweets were then sent out asking
for a small Bitcoin donation with the
promise of a reward. Safe to say, nobody
who donated got anything in return.”
Social media in the middle
of a chain of exploitation and
malicious malware attacks
The report found crimeware tools and
services widely available on social
media platforms. Up to 40% of inspected
social media sites had a form of hacking
service offering hackers for hire, hacking
tutorials and tools to help hack websites.
Social media platforms also enable an
underground economy for the trading of
stolen data, such as credit card details,
earning cybercriminals US$630 million
per year.
“Social platforms and Dark Web
equivalents are becoming blurred, with
tools, data and services being offered
openly or acting as a marketing entry-
point for more extensive shopping
facilities on the Dark Web,” said Dr
McGuire. “One account on Facebook
offers the opportunity to trade or
learn about exploits and advertises on
Twitter to attract buyers. We also found
evidence of botnet hire on YouTube,
Facebook, Instagram and Twitter, with
prices ranging from US$10 a month for
a full-service package with tutorials and
tech support to US$25 for a no-frills
lifetime subscription – cheaper than
Amazon Prime.
lure users in by offering additional
functionality or deals.
Once the user clicks, the
malware executes, allowing
hackers to steal data,
install keyloggers,
deliver ransomware,
persist and hide for future
attacks and so on. The
spread of malware is facilitated
by large user bases and the fact
that many social media sites share
user profiles across platforms, enabling
‘chain exploitation’, whereby malware
can spread across multiple social media
sites from one account.
“While adverts on Facebook or Instagram
may look like they’re promoting Ray-Ban
sunglasses or Nike shoes, they’re often
more sinister and deliver malware once
clicked,” explained Dr McGuire.
“Cybercriminals have been quick to see
how the social nature of such platforms
can be used to spread malware. They
imbed malware into posts or friends’
updates and use photo tag notifications
to persuade users to open infected
attachments.”
Social media enabling
traditional crime
Social media platforms are also hosting
a thriving criminal ecosystem for more
traditional crime. They serve as a
recruitment centre for money mules
used for laundering, with posts or
adverts offering opportunities to earn
large amounts of money in a short time.
“For the enterprise, this raises a very
real concern that the ready availability
of cybercrime tools and services make
it much easier for hackers to launch
cyberattacks.” “As we saw in the previous report,
platform criminality extends beyond
cybercrime, with traditional crime also
being enabled by platforms,” said
Dr McGuire. “These platforms have
brought money laundering to the kind
of individuals not typically associated
with this crime – young millennials and
Generation Z.
Social media platforms have become a
major source of malware distribution.
The research found that up to 40% of
malware infections on social media come
from malvertising and at least 30% come
from plug-ins and apps, many of which “Data from UK banks suggests there
might be as many as 8,500 money
mule accounts in the UK owned by
individuals under the age of 21 and
most of this recruitment is conducted
via social media.” u
21