Earlyworm wrote on Jan 22, 2021, 17:49:
The article also references "the prevalence" of threat email over the summer of 2020, at the time when the price of bitcoin was very low!

Because you always have some group, or groups, doing constant dragnets. To me it's a constant background noise. The number of emails that I have received, both personally and professionally, that mention a phone, some sort of porn, and a threat to release the video of me jerkin' my gherkin to said video to all my contacts is pretty close to a thousand by now. They all have the same formatting, misspellings, and bad grammar. So you know it's either the same group or its a service that some bought time on where they just swap out one wallet ID for another wallet ID.

In CS, there's really no simple explanation of A causes B. It's a constantly shifting battlefield that you have to pay close attention to so that you aren't blindsided. At points, you'll have rolling waves of DDoS attacks. Just sheer botnet driven attacks because renting a botnet is cheap and there are many of them to choose from. At other points, you'll have zero day exploitations mixed with a concentrated phishing campaign against your company.

Obviously, I am simplifying this tremendously so that it's easier for the layperson to try and make some sense of it. However, you can always tell when it is going to get worse and that's when some crypto-currency goes up in value because it starts attracting the script kiddies and the wannabes. As the article points out, a lot of these emails are claiming association or outright representation of some well known, more than likely state sponsored groups. Which, typically, isn't the style of the actual state sponsored groups who care much more about penetration, laying low for quite some time, and using RATs to exfiltrate sensitive information out in a drip feed.That's even if all they want is information. Sometimes they want to stealthily do a full take over.

Also, that ZDNet article isn't even a quarter page in length and is only specifically mentioning a single aspect, so I wouldn't take it as a deep debrief or anything more than a single example of a much larger and more complext ecosystem.

But the jackpot isn't any higher. The jackpot isn't the price of bitcoin, it is the amount of USD the companies can afford. The companies have to buy the bitcoins with dollars.

The article also references "the prevalence" of threat email over the summer of 2020, at the time when the price of bitcoin was very low!

Mr. Tact wrote on Jan 22, 2021, 16:14:
Yeah, I understood the premise you were suggesting, BoP. It might even be right. But it does lack some logic, I mean if you are going to be a crook, you are going to be a crook. Does it matter if you are asking for 5 Bitcoin or 1,000 Bitcoin as long as the cash equivalent is worth $150k? Then again, high intelligence isn't a common thing among crooks -- so the idea Bitcoin value has spiked might be sufficient motivation for the idiots isn't the craziest thing I've heard in the last week..

I think it's more like how people pile in to buy lottery tickets when the jackpot's high. People who might not have stooped so low or gone to the effort & risk when the price of Bitcoin was (relatively) low might do so when it's astronomical.

Mr. Tact wrote on Jan 22, 2021, 16:14:
Yeah, I understood the premise you were suggesting, BoP. It might even be right. But it does lack some logic, I mean if you are going to be a crook, you are going to be a crook. Does it matter if you are asking for 5 Bitcoin or 1,000 Bitcoin as long as the cash equivalent is worth $150k?

What you're missing is that when "Bitcoin fever" hits, it starts creating a larger amount of people who want to get in on the action. You already have your state sponsored actors and organized syndicates who are pretty much a constant. As the article says, as the value goes up, they start reprioritizing their efforts. Because .001 Bitcoins may be worth $150K today...but it might also be worth $250K tomorrow or in a few days. To them, it's a low risk/high reward equation.

Then you get all the noobs as I mentioned previously who are also suffering from the same fever and see the value amount. Let's put it at a more realistic number since few are asking for a full coin or more. So they want $15K worth of Bitcoin because, where they're from, $15K USD is a shitload of money that may take them a decade or more to earn legitimately. But they only have to hit one target who pays and they're set. They also know that, to the average organization, $15K isn't even a line item in the budget. So you then you have groups A, B, and C all trying to perform the same task when, previously, you might have only had group C performing that task.

It's a linear increase shaded by the whole spectrum of value that these people are trying to extort. It's not a direct "We all want $150K worth of Bitcoin". Also, because it is a low risk/high reward proposition, you have more people who are willing to become "crooks" because now the concept of jail time is worth it in their eyes. They also know that they are more than likely going to get away with it since their country is not likely to cooperate with other countries or even care that it's happening. Especially the much poorer countries.

What BoP said.

Bitcoin goes up, all forms of cyber extortion goes up, including Ransomware that encrypts your data.
DDoS Threats are much easier to buy / perform than getting a piece of Ransomware Malware into a decently fortified organization, so it makes sense that the lowest effort extortion method would rise.

Mr. Tact wrote on Jan 22, 2021, 16:14:
Yeah, I understood the premise you were suggesting, BoP. It might even be right. But it does lack some logic, I mean if you are going to be a crook, you are going to be a crook. Does it matter if you are asking for 5 Bitcoin or 1,000 Bitcoin as long as the cash equivalent is worth $150k? Then again, high intelligence isn't a common thing among crooks -- so the idea Bitcoin value has spiked might be sufficient motivation for the idiots isn't the craziest thing I've heard in the last week..

They usually adjust the amount of Bitcoin demanded to what they think the organization can / is willing to pay. For example... a small organization they may only demand .3 bitcoin which is around 10k right now.
The rate of more attacks is just more "bottom feeders" trying their hand at attacking due to a value spike... aka perceived easy money.

Yeah, I understood the premise you were suggesting, BoP. It might even be right. But it does lack some logic, I mean if you are going to be a crook, you are going to be a crook. Does it matter if you are asking for 5 Bitcoin or 1,000 Bitcoin as long as the cash equivalent is worth $150k? Then again, high intelligence isn't a common thing among crooks -- so the idea Bitcoin value has spiked might be sufficient motivation for the idiots isn't the craziest thing I've heard in the last week..

OK, I'll explain it since what is obvious to me (since security is part of my job) is apparently not obvious to others.

When a semi-anonymous crypto-currency starts reaching incredible value, it acts like a magnet for new ne'er-do-wells to buy their way in to botnets so they can use them to extort organization, and to a lesser degree people, because they see it as a way to get rich (relative to their current economic status and country's economy) quick. Think of it like the gold rush in the Yukon and American West. You had lawyers, doctors, farmers, and others who absolutely got nailed with gold fever and suddenly decided to take up mining as a profession so they could "strike it rich".

Same principal applies here. Typically, on my UTM, I'll see the usual smattering of Russia, China, Brazil and occasionally India. These are what we expect to see. Intrusion attempts, brute force attacks, DDoS, and exploit leveraging on the digital side. However, when crypto-currency starts to rise in value, now we see much more activity from places that you don't see regularly like countries in Eastern Europe, Vietnam, Thailand and some of the Arabian countries to name a few examples.This happens every time Bitcoin starts climbing to high values.

In addition to this, you'll also see a rise in spearphishing, phishing, vishing, and other meat side related shenanigans, too, for ransomeware and cryptoware installation for extortion purposes.

If you have a decent firewall, one that tracks IPs and geolocates them as part of a robust IPS and IDS solution, you can track this for yourself. You'll get a whole raft of script kiddies coming out of the woodwork and mass scanning literally every IP on the planet. Then they'll follow it up with mass port probes looking for open ports on such ports as 22, 25, and 3389 (because, yes, there ARE dumbasses who expose RDP to the public).

It's a tick-tock effect that you can count on with a certain regularity.

I have to agree, no reason for the price of Bitcoin to cause a rise in this activity. It implies the attackers would ask for 5 to 10 Bitcoin no matter what the value was, which is obviously silly and all but certainly not true.

I am not sure if you are being serious yourself, because this is just stupid.

If you run an extortion operation you will set a price tag like a normal business. If you think the company is willing to pay $100 000 then that is the price you ask them to pay, converted to bitcoin (or preferably to another cryptocurrency which is less traceable).
Do you think if the price of bitcoin went down to $100 they would just stop the DDoS extortions, instead of, you know, set the price to ₿1000?

Earlyworm wrote on Jan 22, 2021, 12:07:

As Bitcoin price surges, DDoS extortion gangs return in force

Why on earth would the price of bitcoin have any effect on DDoS extortion, this is just silly!

Not sure if you're serious. This last year has severely whacked the calibration on my sarcasm meter.

As Bitcoin price surges, DDoS extortion gangs return in force

Why on earth would the price of bitcoin have any effect on DDoS extortion, this is just silly!