The first quarter of the year saw cybercrime hit targets that may not have been considered worthwhile in previous quarters. Multiple Bitcoin exchanges found themselves the victims of various attacks and were forced to close shop. The most high-profile victim Mt. Gox, which had been, at one time, the leading Bitcoin exchange in the world.
Exchanges were not the only target. With more than 12 million Bitcoins in existence – with a value of 6-8 billion US dollars – it was only a matter of time before Bitcoins were targeted for theft in the same way that real-world currencies are. Multiple malware families targeted the Bitcoin wallets of users in order to steal their contents.
Despite the best intentions of the creators and many users of Bitcoin, its perceived anonymity and privacy has meant that many cybercriminal elements have adapted the cryptocurrency as well. For example, CryptoLocker ransomware frequently asks for payment in Bitcoin. In many cybercrime marketplaces, underground tools are also bought and sold with Bitcoin as the form of payment.
This shouldn’t be taken to mean that ordinary cybercrime threats have gone away. Take conventional online banking malware: it is up over the same period last year, with the United States, Japan, and India the three most affected countries.
Figure 1. Countries Most Affected by Online Banking Malware
Ransomware in the form of CryptoLocker also continued to affect users. As has been the case with previous ransomware threats (like the Police Trojan), CryptoLocker and similar threats have become “regional”, with variants specifically targeting users in Hungary and Turkey. Only 28% of ransomware victims are in the United States, so these tactics make perfect sense.
Figure 2. Countries Most Affected by Ransomware
Large-scale cybercrime threats continued as well. Multiple large-scale incidents of malware affecting point-of-sale (POS) terminals resulted in millions of credit card credentials being stolen, resulting in millions of dollars of losses. These attacks used techniques that would not be out of place in a more sophisticated targeted attack; they highlighted the importance of custom defence strategies.
Mobile malware continued its inexorable growth, with the total number of mobile malware and high-risk apps exceeding two million. More than 647,000 apps of these were found in the first quarter alone. Adware surpassed premium service abusers in number, in part due to pushback from cellular service providers. In addition, security vulnerabilities were also found in Android that could leave users in an infinite boot loop.
For more details about these and other security threats in the first quarter, check our security roundup titled Cybercrime Hits the Unexpected.