The value of Bitcoin continues to fluctuate. These past few weeks have seen its value plunge to an all time low for the first time since November when its value increased by over 180%. This is in part due to the popularity of ransomware and ransomware-as-a-service temporarily driving Bitcoin’s value up
When the value of bitcoin rises to astronomical levels, it becomes an attractive target for cybercriminals who are actively seeking to steal user credentials, access Bitcoin wallets and hack into cryptocurrency exchanges. As you can see, it’s a vicious cycle.
On top of this, the unregulated nature of Bitcoin transactions makes it easy for cybercriminals to easily cover up their tracks.
Cybercriminals are making hay with targeted phishing attacks
There have been several instances of targeted phishing attacks around Bitcoin aimed at exfiltrating user credentials and keys to steal bitcoin from digital wallets.
There are also reports of state sponsored attacks as well. For example, it has been reported that the Lazarus group from North Korea is launching spear phishing attacks against executives of companies that deal in cryptocurrency.
Another example of this came last month when hackers successfully stole over $70 million in Bitcoin from a leading marketplace, NiceHash by using stolen credentials to hack their way in.
These are just a few of several examples showing just how vulnerable digital currencies and digital wallet services are. This also poses a secondary threat to organisations, as cybercriminals can use data and credentials stolen through Bitcoin related phishing campaigns to compromise and target other parts of the organisation as well.
Mining for gold
It’s not just phishing attacks that criminals are using. Mining has become the latest way for attackers to generate income. Just last month it was reported that Tesla’s public cloud environment was used by attackers to mine cryptocurrency.
There are also cases of malware attacks that turn servers into mining computers. The Smominru miner has infected at least half a million Windows machines, reportedly generating millions of dollars for the criminals in charge.
There has been a sharp increase in the number of Android devices being targeted by adb.miner, a type of malware that turns the device into a botnet that mines Monero (XMR) cryptocurrency. This is naturally concerning for organisations, as Android devices could therefore potentially exfiltrate business data from the corporate network and possibly spread the malware.
In fact, a recent report suggests half a billion people are currently mining cryptocurrency but are totally unaware of it. Mining is big business for cybercriminals – and they’re targeting people and organisations all over the world.
It also comes with significant business losses that you may not realise – mining steals an organisation’s bandwidth, processing power (CPU) and energy in terms of electricity and cooling power. So even if you haven’t been directly hit by ransomware, you still could be losing out to the ransomware economy.
It’s time to take your security posture seriously
Organisations, Bitcoin owners, and cryptocurrency exchanges should seriously assess their security posture to avoid falling victim. As more organisations dealing in cryptocurrency fall victim to hackers, malicious activity will only increase with success and lead to more damaged reputations, compromised systems, cyber fraud and loss of integrity in cryptocurrencies.
Organisations and cryptocurrency exchanges need to implement security technologies that can detect and prevent targeted phishing emails as well as sanitize attachments and links in a sandbox environment.
Users should be trained not to share credentials/keys or click on links in attachments from unverified sources. They should also implement multi-factor authentication for their digital wallets, or better yet store their bitcoin in a hardware wallet instead.
Cryptocurrency exchanges should also ensure their network and application infrastructures are secure against infiltration, exfiltration and hacking.
Bitcoin is the flavour of the month at the moment, but the overall rise in phishing and spear phishing will continue to rise regardless of targeting Bitcoin investments or other attacker objectives.
Sourced by Sanjay Ramnath, VP of Global Marketing, Barracuda