How vulnerable are western banks to state-sponsored cybercrime?

How vulnerable are western banks to state-sponsored cybercrime?

The world breathed a sigh of relieve when Donald Trump de-escalated the tensions between the United States and Iran, which started when an American drone killed General Qasem Soleimani early in January and continued a few days later when Iran fired 15 missiles at several Iraqi military bases housing American and coalition forces.

Nevertheless, punitive sanctions remain in place and there has been an intense standoff since the United States withdrew from the Iran nuclear agreement. Iran knows it must pursue an asymmetric warfare strategy, which it is waging mainly through sponsorship of various allied militia in the Middle East, some of which are designated terrorist organizations by the United States and the European Union.

But there is another weapon that Iran has used in the past and may pick up again: cybercrime, and in particular, in order to destabilize the western banking system. It has form. Between 2012 and 2013 hackers brought down the internet sites of several American financial institutions, including global firms such as Bank of America, Morgan Chase, Citigroup and Wells Fargo. Seven Iranians, who worked for the IT company that serves the Revolutionary Guards were subsequently arrested and sentenced.

As a form of warfare, cybercrime has the two distinct advantages of being much less expensive than traditional military warfare, and much harder to detect. Directly after the killing of Soleimani, Neil Walsh, who leads the UN’s cybercrime initiative from Vienna, warned both countries not to resort to cybercrime as a means of retaliation. Walsh cautioned that targeting computer systems can have as much impact as physical attacks – and that nation states should think twice before carrying them out. As reported in the New Scientist magazine, there is a rather bizarre etiquette evolving around cyberwarfare. “There is an ongoing cybersecurity diplomatic process, which is where countries sit together to discuss what they can and can’t do against each other in cyberspace, and try to agree norms,” Walsh said. He too emphasized the difficulty of detecting cyberattacks and identifying the people behind them, and the dangers of misattribution of cyberattacks. “If a country sends a missile up from one place to another, you see where it came from, you know where it went. In terms of attribution, that’s relatively easy to do,” he said. But attributing cyberattacks can be much more difficult, increasing the risk of escalation. “That gap between is it an individual, is it a criminal, is it a terrorist, versus an intelligence agency, a military body or an advanced persistent threat group, is so grey now that for one to say it was a criminal or state-based activity might be incredibly difficult to do.”

As Iran’s record already shows, it is not just the military-industrial complex that has a legitimate concern about cyber terrorism and state-sponsored cyberattacks. Attacks on businesses by state-sponsored sources have significantly increased over the past few years for businesses.  In this form of warfare, financial services companies are in the frontline, while healthcare and retail businesses are not far behind.

Iran is not the only culprit here. State-sponsored cybercrime is on the increase worldwide. The Centre for Strategic & International Studies has been tracking major incidents for some time. In December 2019 alone, it recorded the following:

  • Microsoft won a legal battle to take control of 50 web domains used by a North Korean hacking group to target government employees, think tank experts, university staff, and others involved in nuclear proliferation issues.
  • An alleged Chinese state-sponsored hacking group attacked government entities and managed service providers by bypassing the two-factor authentication used by their targets.
  • Chinese hackers used custom malware to target a Cambodian government organization.
  • Unknown hackers stole login credentials from government agencies in 22 nations across North America, Europe, and Asia.
  • Iran announced that it had foiled a major cyber-attack by a foreign government targeting the country’s e-government infrastructure.
  • A suspected Vietnamese state-sponsored hacking group attacked BMW and Hyundai networks.
  • Russian government hackers targeted Ukrainian diplomats, government officials, military officers, law enforcement, journalists, and nongovernmental organizations in a spear phishing campaign.

Some businesses already take the threat seriously, which has resulted in a massive growth in the cybersecurity industry. Gartner Inc. values at $124 billion per annum. In a recent survey report into financial crime, cybercrime was identified as by far the biggest external threat and 20% of the respondents said their organizations had been the victims of financial cybercrime in the previous 12 months. Among publicly listed companies, that figure rose to 26%. Refinitiv calculated the total losses from cybercrime by the 2,373 global companies surveyed at $ 241 billion. According to the insurance brokerage and risk management consulting firm Marsh, cybercrime cost half a trillion dollars in economic damage in 2018, far more than the $300 billion in economic losses from natural disasters. Yet spending on cybersecurity insurance premiums ($4 billion in the USA) is dwarfed by the that spent on property insurance ($180 billion).

The threat of state-sponsored cybercrime was back in the news at the end of January, as the British government debated whether to award lucrative 5G network contracts to the Chinese firm Huawei. It decided not to ban the company outright, but to set clear limits that would exclude Huawei from any infrastructure that the UK government deems sensitive (what it calls “core” as opposed to “peripheral” infrastructure). At most only 35 percent of 5G or gigabit network traffic will be allowed to pass through equipment made by “high risk vendors”, and only 35 percent of cellular base stations can include equipment from those vendors. Without mentioning Huawei by name, the UK Culture Secretary said, “The government is certain that these measures, taken together, will allow us to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals, or state sponsored attacks.”

The European Union issued similar guidance. But the US government is less sanguine. It effectively bans carriers from using the company’s equipment in US networks; it has long warned that Huawei could build backdoors into its products that could be accessed by the Chinese government, something the company denies it has done or would do.

Warnings from experts in the field of cybersecurity suggest that setting percentage limits or distinguishing between “core” and “peripheral” could be ineffective. The demarcation lines between the two are blurring as all components become more software driven. As a result, even the simplest equipment can be vulnerable to hacking. As UC Berkeley security researcher Nicholas Weaver told Wired magazine, “5G antennas aren’t simply wires, but complex computers in their own right doing a lot of signal processing.”

The concerns in the United Kingdom, expressed by a number of prominent MPs in the House of Commons, have focused mainly on personal privacy and the security of defense and intelligence establishments such as GCHQ. As one MP put it, Huawei has more people employed in its research department (90,000) than the UK has servicemen and intelligence personnel. But the potential for cybercriminals, state sponsored or otherwise, to exploit vulnerabilities in new networks should not be underestimated. Even if the Chinese government is not directly involved in cybercrime, it is not entirely unreasonable to assume that Huawei will pay rather less attention to network security matters in the UK than it would in China itself. We know this because only last year the UK’s National Cyber Security Centre reported that Huawei has basic but deeply problematic flaws in its product code that create security risks, which it blamed on low standards of “basic engineering competence and cyber security hygiene”.

The bottom line is that the threats are there, and they come from an unknown number of invisible actors from many countries. And the attack could come at any time. It is certain that further attacks will come from “rogue” states such as Iran and North Korea, either directly from government intelligence and espionage agencies and departments or from proxies and freelances. The institutions that are most vulnerable to cyberattacks include, perhaps most significantly, small to medium sized banks and financial services companies that do not have strong cybersecurity processes and infrastructure in place. If they have not already done so, they should commission a security audit soon: antivirus and anti-malware apps are simply no match for today’s cyberterrorists and criminals.

Written by Paul Allen Hamilton and Volha Miniuk

To participate or join the AML Knowledge Centre go to

Money Laundering in a Digital Age – The Perfect Storm

Money Laundering in a Digital Age – The Perfect Storm

The new Black

With the rapid advancement of mobile technologies, the internet is now accessible from any- and everywhere. Open banking (PSD2) in the European Union, together with mobile wallets, instance payment initiatives and cryptocurrencies offer consumers a lot of ways to engage with financial institutions 24/7. Therefore, in today’s environment, customer expectations are constantly changing and it’s imperative that financial crime and Anti-Money Laundering units keeps pace.

No doubt that the widespread use of mobile devices is accelerating the rate and impact of financial crime. Today, mobile subscriptions outnumbered the world’s population as illustrated by Statista:

Which in turn, has spurred the use of mobile banking apps and the way consumers pay for generic services, in general altering us into a cashless society.

With new regulations such as the Payment Services Directive (PSD2), the European Union has set the rules for open banking, allowing FinTechs access to traditional financial institutions’ systems and customer data. Everyone is a winner, the benefits of open banking are enhanced customer service for under-served markets, new revenue streams, and improved margins.

While this presents major opportunities for everyone it places a lot of responsibility on those tasked with keeping a financial institution from being compromised by cyberattacks or used as a vehicle to launder money.  

How will current financial crime & anti-money laundering systems work in a digital world?

It’s difficult enough for financial institutions to monitor and detect violations of transactions taking at best 24 hours to clear. With digital payments clearing in real time the impossible becomes totally impossible using conventional methods as transactions clear in a matter of milliseconds. By conventional, we mean systems focused on a rule-based approaches, where suspicious transactions are put in a queue and investigated in an overnight batch mode.

Even in a world operating in batch, AML systems generate too many false positives (typically between two and 15% of all transactions) and therefore imposes a huge workload on banks and financial investigation units (FIU).

Number of Suspicious transactions reported to UIF in the UK: +51% (’12-16), from 67K in 2012 to 101K in 2016

As digital payments continue to increase, this problem is greatly scaled because banks are under pressure from customers and consumers to clear transactions as quickly as possible and still make sure that risk and compliance systems flag all risks and suspicious activities. 


The Internet of Things

Once upon a time, cybercriminals focused their efforts on PCs. However, with the average user spending about five hours per day on a mobile device, with roughly 70 percent of those smartphone devices not having an anti-virus program installed on them, sensitive data (e.g. contacts, passwords, emails, documents, photos, etc.) are exposed to cyber threats. Therefore, we have witnessed a sharp increase in new mobile malware, because criminals will always take the path of least resistance.

The Internet of Things (IoT) is driving the interoperability of physical devices, vehicles, home appliances and other electronic equipment through sensors and software enabled apps.

The number of online-capable devices was believed to have increased to 8.4 billion by 2017 and by 2020 experts estimated that 30 billion objects would be online, with a global market value of $7.1 trillion.

The Nokia Threat Intelligence Report 2H 2016 estimated that more than 100 million devices worldwide have been infected by malware, including mobile phones, laptops, notepads and a broad range of IoT devices. 

The same report stated that smartphones were more often targeted, accounting for 85 percent of all mobile device infections and smartphone infections increased 83 percent during July through December, compared to the first half of the year. 

According to Check Point Mobile Threat Research’s 2017 report (“Mobile Cyberattacks Impact Every Business”) financial institutions, as the custodians of their customer’s money and data are a much sought-after target for cyberattacks.  Malware attacks by industry:

With the number of mobile devices already infected and the connectivity of devices rapidly expanding, cybercriminals have more routes to target than ever before.  

As crazy as it once seemed, cybercriminals attacking financial institutions via a coffee machine, smartphone or even an employee’s wearable health-check device is no longer science fiction. Also, this malware storm isn’t a regional threat but it’s path of destruction is universal.   The most impacted regions according to Check Point mobile threat researchers:

Source: Check Point Mobile Cyberattacks Impact Every Business

The Eye of the Storm


That said, financial institutions appreciate the importance of digital technology and are embracing an ecosystem that includes FinTechs. These ecosystems can help to provide more customer value and open new customer segments. At the same time, they bring new types of operational risks with them, such as:

  • Risky user behaviour. For example, 70 % of smartphone users have never installed an anti-virus program on their mobile device.
  • 24/7 connectivity of mobile devices to hotspots.
  • WI-FI networks and Bluetooth technologies making it easier for attackers to carry out a fraud campaign.
  • Rogue mobile applications, repacking of apps and ransomware are on the rise.
  • Advance malware & viruses for online as well as mobile devices continue to increase.

Currently, the data on mobile fraud isn’t as robust as with other channels. These operational risks need to be continually assessed to build reliable mobile fraud models without jeopardizing the customer experience. 60 percent of digital banking fraud originates from the mobile channel, according to figures published by RSA in 2018. This mobile banking fraud almost always involves thieves using RDC to deposit fraudulent checks, or cybercriminals using stolen identity credentials to hijack consumer bank accounts. This actually caused a dip in the growth of mobile banking as users sensed insecurity. Security and fear of fraud are the top two concerns about using mobile banking for up to 55 percent of consumers, according to Javelin Research. And with more than 25 million mobile devices infected by a single malware variant alone (Agent Smith) it is hardly surprising. The exact number of malware-infected mobile devices is hard to quantify, but in 2018 Kaspersky Labs and products detected:

  • 5,321,142 malicious installation packages
  • 151,359 new mobile banking Trojans
  • 60,176 new mobile ransomware Trojans

A point often overlooked is that your ecosystem is the weak link when trying to protect against external threats. One lesson learned is the degree of difficulty to detect a compromise until bad things start to happen, examples:

The Carbanak malware set in the banks’ computer systems for months, sending back vital information to hackers, who were then able to impersonate bank officers carrying out internal procedures at more than 100 banks around the world.

With complete control of mission-critical systems, they managed the transfer of millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into fake bank accounts set up in other countries.

If not for a video surveillance camera filming an ATM machine in Kiev, the Carbanak malware might never have been detected.

From the US$ 81 million stolen from the Bangladesh Bank in February 2016 only US$ 15 million has been recovered and there is still no word on who was responsible. Cyber attackers illegally transferred US$ 81 million from the Central Bank of Bangladesh (CBB), to several fictitious bank accounts around the world, by subverting their SWIFT accounts.

The Bangladesh Bank heist is a perfect illustration of the future complexity involved in monitoring instant payments.

The WannaCry virus, quickly infecting more than 200,000 businesses in 140 countries. locking computers until a ransom was paid.

Fighting Back with Innovation

The only credible answers are detection and transaction monitoring systems built on new technology, with machine learning and artificial intelligence at the core and not relaying only a rule-based approach.

Criminals don’t use rules


Algorithms that continue to improve, with the support from financial crime and AML professionals, these systems learn to identify suspicious activity where there is a higher probability of a financial crime committed and/or money laundering actually occurring. Therefore, bank staff can focus on the real alerts and not get swamped down in false positives.

Another technology-based approach that continues to develop, provides insights by taking large amounts of account data and generating a visual map. Suspicious relationships and payments can be tracked as they move between bank accounts, regardless of whether the payment amount is split between multiple accounts, or those accounts belong to the same or different financial institutions. The software creates a visual map of where and when money has moved, providing new insights and intelligence for fraud and compliance teams to take action.

By bringing together transactional data from multiple financial institutions and running sophisticated algorithms, such solutions can identify the so-called “mule accounts” that are used for money laundering and other illegal activity. Many of these accounts are not set up directly by the criminals themselves but via a number of scams including phishing, spam email, instant messaging etc.

It is worth pointing out that while technology is a necessary condition for successful financial crime and money laundering prevention, however, it is not the only tool. In addition, financial institutions will need to review their compliance procedures, risk assessments, and their service offerings to strike the optimum balance between competitiveness and security.

What should be the upper threshold look like?

Should priority to VIP and profitable customers be given when reviewing suspicious transactions? What about social and political issues? (For example, Muhammad is the world’s most common name, and also appears a lot on sanctions list. But that also means a significantly large number of false positives, which could lead to claims of unfair profiling.)

And finally, even with advanced technology and effective redesign of processes and procedures is meaningless without a sufficiently well-trained staff to detect suspicious customer behaviour and be reliable gatekeepers, especially at on-boarding of new customers.

Author Paul Allen Hamilton

For more articles on financial crime and Anti-Money Laundering join the AML Knowledge Centre at

Blockchain Fraud: New Policies and Technologies to Stop Crypto Criminals

Blockchain Fraud: New Policies and Technologies to Stop Crypto Criminals

Blockchain fraud continues to be a massive problem that has hindered the possibilities of new user adoption. Crypto criminals primarily participate in three types of fraud: tax evasion, money laundering, and terrorist funding schemes. Let’s take a look at each of those categories and how legislation and blockchain technology can reduce, or even eliminate, these and other crimes in the near future.

Tax Evasion

Tax evasion is one of the most widespread types of blockchain fraud. Prior to 2017, there wasn’t much crypto-related legislation in existence in most countries. Plus there was little enforcement of what regulations did exist. As we have previously reported, this began to change drastically in 2017.
Despite the fact that regulations are tightening, crypto-related tax evasion is still prevalent. In November 2017, LendEDU conducted a survey that included 564 US-based bitcoin investors. According to the results, approximately 36% of participants planned to knowingly avoid paying capital gains taxes in their 2018 tax filings.

There aren’t any stats to determine if this was the actual result. Still, it’s obvious that many people didn’t view crypto tax evasion as a major crime. And it’s possible that those surveyed weren’t exactly sure how to follow the tax regulations. In 2018, however, there are several guides online on how to follow crypto taxation laws in specific countries. Information is even available on specific categories like taxation on cryptocurrency mining.

New Tax Regulations

Investors need to understand and comply with cryptocurrency tax regulations. In some cases, compliance can be beneficial beyond avoiding the obvious consequences of jail time or fines. For example, it’s possible to report capital losses on crypto investments when filing taxes.

Even in the bear market of 2018, regulatory agencies are focusing more on crypto taxation policies. These efforts aren’t just limited to individual, domestic government policies. International collaboration appears to be on the rise as well. For example, a coalition of five governments (Australia, Canada, the Netherlands, the United Kingdom, and the United States) joined together to form the Joint Chiefs of Global Tax Enforcement (J5). According to the IRS, this organization aims to “reduce the growing threat posed to tax administrations by cryptocurrencies and cybercrime.”

Blockchain Fraud: An image of a phone showing bitcoin on top of 4 $20 bills, displaying fiat and cryptocurrency
Tax evasion is one of the most common types of blockchain fraud.

Money Laundering

There are several major cases involving the use of cryptocurrencies to launder money. Jerome Powell, Chairman of the U.S. Federal Reserve, said in a House Financial Services Committee testimony in July 2018 that “they are very challenging because cryptocurrencies are great if you’re trying to hide or launder money, we have to be very conscious of that.”

Evidence shows that crypto-based money laundering is indeed a major issue. For example, according to a Q2 2018 report released by CipherTrace, crypto criminals laundered $1.2 billion through bitcoin tumblers and privacy coins in a one-year time period during 2017-2018.

Similar to policies dealing with crypto tax evasion, governments are increasing international collaboration to tackle this type of blockchain fraud. G20 member countries are reviewing a possible global anti-money laundering (AML) standard on cryptocurrency before an October 2018 deadline. In addition, member nations have called upon the Financial Action Task Force (FATF) – an intergovernmental organization formed to combat money laundering and terrorist financing – to review how AML standards that are already in place can potentially be applied to regulate cryptocurrencies.

Blockchain fraud: An image showing a dark hallway of jail cells
Governments are collaborating on an international level to stop crypto criminals involved in money laundering.

Terrorist Funding

Some financial institutions (including the Bank of England) and regulatory agencies have warned against the potential use of cryptocurrencies in terrorist funding. For the most part, various studies don’t show any alarming correlation between crypto and terrorist funding. For example, the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs conducted tests on the risks of cryptocurrencies. According to the results, cryptocurrencies don’t pose a greater risk than fiat when it comes to enabling terrorist funding.

Since 2017, there has been a push to enact legislation that would try to prevent this kind of blockchain fraud. For example, U.S. lawmakers introduced the “Homeland Security Assessment of Terrorists Use of Virtual Currencies Act” in May 2017. They also proposed the “Financial Technology Innovation and Defense Act” in January 2018. Additionally, another bill called “The FinCen Improvement Act of 2018″ was introduced in the US House of Representatives in July 2018. This bill mentions, “anti-terrorism and anti-money laundering initiatives, including matters involving emerging technologies or value that substitutes for currency, and similar efforts’’.

As of August 2018, none of these bills have gained much traction. Only the “Homeland Security Assessment of Terrorists Use of Virtual Currencies Act” has been able to pass the U.S. House of Representatives.

Blockchain Fraud: A photo of the United States Capitol.
The US Congress has introduced a few bills to stop terrorist funding through cryptocurrencies.

Using Blockchain to Combat Blockchain Fraud and Other Crimes

Yes, in some instances, blockchain fraud makes certain crimes easier for criminals to commit. However, it’s also crucial to understand that many of the above-mentioned crimes have been going on for many decades in the fiat economy.

Even though blockchain fraud is a major issue, blockchain technology has also made it possible to stop many types of crime. For example, some blockchain technologies like Ricardian smart contracts aim to vastly improve the future enforcement of legal agreements. In addition, KYC and AML-focused projects can make transactions in the crypto-based economy much more transparent than what’s possible in the current fiat-based economy.


Crypto criminals do exist and present a challenge to the mainstream adoption of digital currencies. Nonetheless, technical innovation should not be viewed as the foundations for a future dystopia. Likewise, the legislation doesn’t have to stunt the progress of technology.

When it comes to stopping crime and fostering innovation, there isn’t a simple solution. How the future will play out depends a lot on how technologies and legislation develop in the coming years. The reality is that both regulations and technologies are needed in order to empower a future where blockchain can benefit society and mitigate the possibilities of blockchain fraud.

This article was originally published on Coincentral.


Delton Rhodes

I enjoy researching new, innovative, and interesting blockchain/crypto projects that have the potential to impact the world. Whenever I’m not writing, I’m usually playing sports or producing music.


“Top Misconceptions of Cryptocurrency as a Payment System”


Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

What Is Cryptojacking? Protect Yourself from This Year’s Biggest Cyber Crime.

What Is Cryptojacking? Protect Yourself from This Year’s Biggest Cyber Crime.

It sounds like an adrenaline-packed adventure sport. You can almost imagine telling your friends you went cryptojacking down a volcano whilst on vacation in Costa Rica. But no, sadly the only thing that will get high doing cryptojacking is your power bill. And probably the hacker behind it, filling his or her virtual wallet with Monero. So, what is cryptojacking again?

What Is Cryptojacking?

Cryptojacking is where a device is unexpectedly taken over to use its computational power to mine cryptocurrency. There are several ways this can happen. And just because you have a robust anti-virus in place doesn’t necessarily mean you’re safe. It’s fairly simple to download malicious code from a seemingly innocent vector, like a free content management system.

You don’t even need to download the code to get cryptojacked since there are plenty of websites that are infected with JavaScript code. This in-browser cryptocurrency mining isn’t so much of a problem, and, in fact, several sites are exploring it as a potential replacement revenue stream for advertising. You simply consent to help mine for the time you use the site.

That said, the majority of websites that are infected with mining malware are unaware. Earlier this year, for example, over 300 websites using the Drupal content management system got infected with Coinhive JavaScript software used for mining Monero. These victims included the San Diego Zoo, UCLA, and even Lenovo.

Coinhive is the most popular code for in-browser mining since it’s easy to deploy and often goes unnoticed. Even plugins like NoCoin for Chrome and Firefox may fail to detect Coinhive infected sites. In fact, as much as 82 percent of infected sites go undetected.

It’s a pretty safe bet that most of San Diego Zoo’s visitors aren’t into cryptocurrency. So, if you think that it’s an industry-specific problem, think again. You can get cryptojacked just about anywhere, at any time.

Cryptojacking is the biggest cybersecurity threat of 2018, with one-quarter of all businesses already falling victim to it. It’s not mega businesses the hackers are after either. It’s not cryptocurrency exchanges, ICOs, or even HODLers that they want. It’s anyone with a mobile phone, personal computer, server, or even IoT device.

What Is Cryptojacking Capable Of?

There’s good and bad news about cryptojacking. Unlike some more malicious attacks like Ransomware, the hackers aren’t aggressively taking hold of your device. You may not even realize that it’s happening, as long as they don’t set the code to use a very high amount of computational power.

What you may notice is that your device overheats or lags in performance. But, if you’re used to a device that runs less than optimal, let’s be honest, cryptojacking can pass by undetected – until a big power bill hits you at the end of the month. While this is a drag to be sure, it’s certainly not as bad as having your Ether wallet hacked or your data leaked.

In some cases, though, cryptojacking can damage your device. If the hacker gets too greedy with the amount of CPU, he or she takes your computer could be sent into an irreparable tailspin.

What Is Cryptojacking Prolific On?

Everyone knows that mining cryptocurrency takes a high amount of computational power. This means that company servers are the best target. Yet, cryptojacking is more about taking a little bit of power from a lot of devices, rather than one major attack. With that in mind, cryptojacking is now prolific on any device, from mobile phones to IoT devices.

According to Kaspersky Lab, once mobile mining becomes more profitable, cryptojacking will explode in proliferation. The sheer number of mobile devices worldwide makes them an obvious target.

Major Cryptojacking Incidents to Date

Although cryptojacking is a non-aggressive form of cybercrime, that shouldn’t make you more sympathetic to its perpetrators. They’re making a lot of money mining cryptocurrency illegally using other people’s devices without authorization.

Some of the most high-profile cases so far have been the Shominru mining botnet that infected over 500,000 machines. It targeted Windows’ servers and forced them to mine over $3.5 million of Monero.

Another major cryptojacking incident was the Siacoin Internet Cafe hack when hackers across China mined around $800,000 million in Siacoin by infecting internet cafes with malicious cryptojacking code.

Other Cool and Creepy Facts About Cryptojacking

  • You don’t need technical skills to do it! According to a Digital Shadows’ report cited in CSO Online, you can buy “cryptojacking kits” on the dark web starting at just $30.
  • In Q4 2017 incidents of cryptojacking exploded by 8,500 percent.
  • Malvertising is a popular channel for infecting devices with crypto mining botnets.
  • Android users are more susceptible to cryptojacking, with 60 million already hit by crypto miners this year.
  • At least 13,000 WordPress Plugins contain critical security vulnerabilities that make them easy prey for hackers.
  • Social media is also a big vector, especially through phishing tactics using official-looking emails asking users to click through to a site, which then runs a code on your computer.
  • In-browser mining happens only when you visit the infected site. Close the site, stop the mining. Mining botnets downloaded to your device will sit and mine from now until infinity unless you get them removed.
  • Avast Software found that Github was a popular vector for cunning crypto miners. They simply create forks of existing legitimate products and hide the malware within.


Can You Prevent Cryptojacking?

You may not be able to prevent cryptojacking. You may just get unlucky. But there are certain cyber hygiene practices that you can adopt. Never click on a link in an email. Don’t be fooled even by an HTTPS site, as it may still contain malware. Try running an anti-phishing software, antivirus, and adblocker. Plugins like NoCoin and MinerBlock may also help prevent some incidents.

Companies looking to prevent their servers from getting cryptojacked need to carry out good patch management and educate their employees on what to look out for to prevent phishing attacks.

It’s not always easy to detect cryptojacking since most desktop antiviruses won’t notice the malware. But you will see your battery getting extra hot or draining down quickly or your computer taking longer than usual to complete tasks.

Companies should have an easier job of detecting cryptojacking since it’s fairly easy to see when using network monitoring solutions, which most organizations should have. IT departments should also constantly monitor their website files for any new JavaScript code or file changes.

Closing Thoughts

What is cryptojacking? It’s 2018’s biggest cybercrime, which is growing in popularity. So, if you think your device may be infected, don’t wait. Go and get it checked out today.

This article was originally published on Coincentral.


Christina Comben

Christina is a B2B writer and MBA, specializing in fintech, cybersecurity, blockchain, and other geeky areas. When she’s not at her computer, you’ll find her surfing, traveling, or relaxing with a glass of wine.


“Top Misconceptions of Cryptocurrency as a Payment System”


Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)

Europol Busts Cybercrime King Pin Responsible for Laundering €1bln with Cryptocurrency

Europol Busts Cybercrime King Pin Responsible for Laundering €1bln with Cryptocurrency

€1bln in Stolen Bank Funds “Hidden” with Crypto

A recent cybercrime bust has given civil authorities more fodder to feed the argument that popular cryptocurrencies attract criminal activity and money laundering.

Earlier this week, Europol, the European Union’s leading law enforcement agency, recently apprehended the ringleader of the hacking group responsible for stealing more than €1bln from over 100 financial institutions worldwide.  According to Europol’s press release, the cybercriminals nabbed the funds from banks and financial institutions in more than 40 countries, laundering their loot with cryptocurrencies to hide it from local and international authorities.

The cybercrime organization, known as the Carbanak gang, has been conducting remote, malware-driven heists since 2013. Derived from a precursor program called Anunak, a malware known as Carbanak became the gang’s primary weapon from 2014-2016, hence their team’s moniker.  Using company emails as their vector of attack, the team would send out seemingly legitimate emails to bank employees that contained phishing malware.  If an employee clicked on the email’s malicious links, the criminals were granted access to the financial institution itself or, in some cases, its ATM networks.

From 2016 on, the team utilized a more sophisticated malware known as Cobalt that allowed them to steal as much as €10mln per hack.  As with Carbanak, Cobalt allowed the criminals to breach into a bank’s central server or network through phishing attacks, giving them complete control and access over a variety of functions.  This allowed the gang to steal funds by “‘voluntarily’ [spitting] out” money at predesignated ATMs, directly wiring funds into criminal accounts, or modifying databases to inflate customer accounts so money mules could collect the difference.

After the thefts, the team converted the funds into cryptocurrencies using prepaid cards.  Once in their wallets, they used the digital funds to purchase high-end cars, houses, and other luxury items.  The press release did not specify which cryptocurrencies were used in the laundering.

A Concerted International Policing Effort

Europol’s report stressed that the international policing community’s united effort was responsible for the ring leader’s arrest.  Such cooperation, the post conveys, was necessary given the global scale of the operation.

“International police cooperation coordinated by Europol and the Joint Cybercrime Action Taskforce was central in bringing the perpetrators to justice, with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world,” the press release reads.

The gang’s leader, whose identity remains undisclosed, was arrested in Alicante, Spain “after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cybersecurity companies.”

Moreover, the release indicates that Europol and other investigation agencies couldn’t have succeeded had it not been for its cooperation with private sector entities, namely the European Banking Federation (EBF).  Wim Mijs, the CEO of the EBF, stated that “[this] is the first time that the EBF has actively cooperated with Europol on a specific investigation,” touting that the success of the bust “demonstrates the value of [this] partnership” for “effectively fighting digital cross-border crimes like [this] one.”

In regards to the arrest,  the head of Europol’s European Cybercrime Centre, Steven Wilson, chalks it up as a significant victory for the international cybersecurity community:

“This global operation is a significant success for international police cooperation against a top-level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top-level cyber criminality.”

This article was published on CoinCentral.


Colin Harper

Colin is a freelance writer and crypto-enthusiast based in Nashville, TN.



“Top Misconceptions of Cryptocurrency as a Payment System”


Which can be read on Amazon Kindle Unlimited for Free  You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)