The Year in Bitcoin Malware and Cyber Crime

Posted: 17th December 2013

Where there’s money there’s malware. And as the lights shone brightly on bitcoin this year, cyber criminals were increasingly active in exploiting security vulnerabilities related to the digital currency.

Trend Micro reported yesterday more than 12,000 PCs were affected by bitcoin-mining malware from September to November based on data from their Smart Protection Network security platform. The three-month number isn’t staggering on its own, so we’ll add context from the InfoSec Institute’s research on the ZeroAccess botnet known to use infected system resources for bitcoin mining: “[as of July 2013] it has affected around 9 million systems.”

Just how did malware and attacks on exchanges evolve this year? Using Recorded Future, we plotted out the discovery of bitcoin-related malware and cyber attacks on various exchanges and web properties related to the currency during 2013.

Significant events referenced in the timeline above:

  • In April, Fortinet reported ZeroAccess, which can be used to download software onto compromised computers in order to mine bitcoin, as the number one malware threat.
  • Multiple services for bitcoin were hacked during March and April including broker BitInstant, which saw $12,000 in bitcoin stolen, and digital currency storage Instawallet. The breach of information for the latter effectively shut the service down.
  • In early April, bitcoin exchange Mt.Gox was targeted and severely slowed by DDoS attacks.
  • During November, major thefts occurred on bitcoin exchanges hosted in Poland, the Czech Republic, and Australia.

General attention to bitcoin increased as 2013 progressed, which you can see in the below graph. This media attention tracked the currency’s rise in value this year. Unsurprisingly, high profile attacks surged after early October as the price took off. The types of attacks also changed from malware using infected systems’ resources for bitcoin-mining to outright theft.

As alluded to above, it wasn’t a singular method being used to mine or steal bitcoin. The below network graph shows malware and attacks methods used against bitcoin exchanges and consumer systems to be leveraged for mining.

These methods range from ransomeware and trojans such as ZeroAccess to DDoS attacks against exchanges believed to be a tactic for nuking the market so attackers can buy into the currency at a dramatically lower price.

Outside of the extremely volatile rates for bitcoin, which lost nearly half of its value over the past two weeks and is currently trading at ~700BTC/$1USD, significant security challenges remain for bitcoin.

Commonly used software such as Skype was leveraged as a platform for distributing bitcoin-mining malware in parallel to sophisticated social engineering attacks hunting for personal information linked to the currency. And this is all without mentioning the potential for vulnerabilities in digital currency banks, few of which provide anything close to the protection of FDIC-insured institutions, which we’ve already seen result in the loss of millions of dollars worth of bitcoin.

What Lies Ahead

Despite all of the security shortcomings, there are analysts out there still claiming bitcoin will be the hottest investment in 2014. We’re also seeing various bitcoin-related start-ups and partnerships planned for next year that could support implementation of consumer safeguards.

All that said, the inherently cryptic nature of bitcoin makes it difficult to back-up or insure. We’ll now wait and see if bitcoin can prove to be a secure form of investment and survive amid ever growing attention from cyber criminals during 2014, which Kaspersky is forecasting as the “year of trust.”

And if one post on Pastebin is to be believed, perhaps we’ll even learn about the currency’s pseudonymous founder Satoshi Nakamoto.

Conduct your own threat intelligence analysis using Recorded Future.