Cryptocurrency and cyber crime

August 6, 2021
| No comments

Share post

Cryptocurrency and Cybercrime: How Bitcoin and Co. are fueling cyber extortion, BEC and ransomware. Cryptocurrency is a type of currency that is only available in digital form. Due to its decentralized nature and lack of regulation, it has become a preferred means of payment for cyber criminals.

Traditionally it has been used for blackmail and ransomware attacks, but hackers have now also started using it for spear phishing, impersonation and business email compromise (BEC) attacks. The following article examines how cybercriminals operate and explains protection strategies.

Bitcoin exchange rate and email threats rise

The volume of attacks related to the growing price of Bitcoin (Image: Barracuda)

As the price of Bitcoin tends to rise sharply and public interest in cryptocurrencies increases, cyber criminals are also taking advantage of the resulting opportunities to increase their profit prospects. A Barracuda analysis of phishing impersonation and BEC attacks sent between October 2020 and May 2021 showed that the volume of attacks related to cryptocurrencies is closely related to the growing price of Bitcoin. Bitcoin's price rose nearly 2020 percent between October 2021 and April 400. Impersonation attacks increased by 192 percent over the same period.

Cyber ​​extortion, phishing and BEC attacks

Hackers use Bitcoin to get paid for extortion attacks. The criminals claim to have a compromising video or private information that they can make available to the public if the victim does not pay. This practice has been around for some time, but as the price of Bitcoin skyrocketed, cybercriminals used increasingly sophisticated attacks to take advantage of the Bitcoin mania. A number of phishing impersonation and BEC attacks have also emerged over the past eight months, which are closely related to the rising Bitcoin price. Hackers pretended to be digital wallets and other cryptocurrency-related apps with fraudulent security alerts to steal login credentials. In the past, attackers posed as financial institutions to steal banking information; today they use the same tactic to steal valuable bitcoins.

Typical language in BEC attacks related to Bitcoin

Using AI natural language processing capabilities, Barracuda analyzed the choice of words used in BEC attacks related to cryptocurrencies. Similar to classic BEC attacks, cyber criminals create a sense of urgency by using phrases such as “urgent today” or “today”. Your call to action is typically that your victim should go to the “next bitcoin machine”.

Cryptocurrency and ransomware

With the rising value of Bitcoin, ransomware attacks are more damaging than ever. Cryptocurrency seems perfect for criminal activity: it's unregulated, difficult to track, and increasing in value. All of this gives criminals additional motivation to attack. In addition, ransomware-as-a-service is flourishing on the dark web. This makes this type of attack more accessible to criminals. The number of ransomware attacks and ransom amounts have increased steadily over the past few years. In 2019, ransom demands ranged from a few thousand dollars to $ 2 million. By mid-2021, most claims were in the millions, with a significant number in excess of $ 20 million.

While it's difficult to say why the ransom demands have skyrocketed, there are a few reasons that may have contributed. First, fewer companies actually pay the ransom and accept the damage. Second, ransomware payments are no longer as difficult to find as they used to be. Unsurprisingly, ransom demands are increasing to make an attack worthwhile for hackers. Ultimately, cyber criminals may still be asking for the same amount of Bitcoin, but as the price of cryptocurrency increases, it becomes more expensive for businesses to pay out the ransom.

Strategies to protect against cryptocurrency-related attacks

  1. Protect users from phishing attacks: Hackers often use current events for their attacks. If they used to attempt fraud in the past, for example in connection with the purchase of gift cards, they are now abusing the Bitcoin issue. Organizations need to stay abreast of the latest trends in email attacks to keep their users safe.
  2. User training on the latest email threats: Companies should continuously train their employees to recognize the latest cybercriminal tactics. Regular phishing simulations should be part of the security training.
  3. Web application protection: Online applications such as file sharing services, web forms and e-commerce sites can be compromised by attackers and used to smuggle in ransomware. Organizations should deploy a WAF-as-a-Service or WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection, and ensure that it is configured correctly.
  4. Secure data: In the event of a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss and quickly restore systems, regardless of whether the files are on physical devices, in virtual environments or in the public cloud.
  5. Don't pay ransom: Many businesses and consumers who are victims of a ransomware attack do not know what to do other than pay the ransom. This encourages cyber criminals to carry out further attacks in which they make even higher demands. If it can be avoided, victims should not pay and turn to law enforcement for an alternative solution.

Future of cryptocurrency and cyber crime

Cryptocurrency has fueled a billion dollar economy of ransomware, cyber extortion, and impersonation attacks. These attacks are not only directed against private companies, but also against critical infrastructures and are increasingly posing a national security risk. After successful attacks such as those on the US pipeline operator Colonial Pipeline and the world's largest meat producer JBS - in both cases the companies paid ransom - Hackers will try to target other critical industries such as energy or water supply.

These high profile attacks are likely to generate increased interest in Bitcoin regulation and make it harder for criminals to hide. In the case of Colonial Pipeline, the US Department of Justice has already managed to track down the hackers' digital wallet and recover a large part of the ransom money paid. As Bitcoin becomes more and more mainstream, the value of this currency will continue to rise, but so will the number of government interventions and regulations. This will make the currency less useful for criminals.

More at Barracuda.com

 

[starboxid=5]

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

Barracuda, Stories
, , , ,