Crypto Threats Surge By 500%, And It's All About The Money.

 

Previously reserved for early adopters and tech-savvy consumers, cryptocurrencies have gone mainstream -- with tech entrepreneurs and prominent financial institutions leading the charge.

In the past year, rapidly increasing cryptocurrency rates, the introduction of new currencies, and the official trading of cryptocurrencies have called into question the threats posed by crypto mining abuse and cryptocurrency scams.

In this blog, we'll examine how escalating currency rates and the continued adoption of cryptocurrencies impact the threat landscape -- and what our data can tell us to expect in the future.

Malicious Crypto Mining Malware Traffic.

In the past few years, malware variants that infect both personal computers and corporate servers have become an increasing trend. Their objective is to utilize infected device computing resources for crypto mining activities. Sampled DNS traffic data between January 2020 and March 2021 shows a correlation in the surging increase in traffic from crypto mining malware and the price increases of both Bitcoin and Ethereum cryptocurrencies.
We believe the increase in malicious traffic is driven by the increase in cyber criminals' motivation to execute crypto mining activities. As cryptocurrency prices grow, and the potential benefit from malicious mining activities increases, cyber criminals gain momentum as well.

Phishing Attacks Abusing Crypto Consumers.

Because phishing is one of the most prominent and growing threats, we looked into phishing attack trends involving crypto exchange consumers. In such scams, cyber criminals will create fake websites that mimic the appearance and functionality of crypto exchange websites to deceive victims into giving away their credentials. Once credentials are stolen, cyber criminals own the victims' crypto wallets and execute fraudulent transactions.

Similar to malicious crypto mining activities, rapidly growing cryptocurrency rates have most likely increased the demand for compromised crypto exchange accounts in the dark market, leading to a surge in phishing attacks.

Ransomware And Cryptocurrency Affairs.

Ransomware has made headlines this past year by causing significant financial damage to organizations around the globe. One noticeable example, the recent attack on the Colonial pipeline, caused the company to temporarily shut down operations, and the incident once again garnered mainstream media attention.

As opposed to crypto exchange phishing or crypto mining attacks, cryptocurrency is not directly motivating cyber criminals to execute ransomware attacks. With ransomware attacks, cryptocurrency enables attacks that use cryptocurrency as a payment method because it gives cyber criminals a layer of anonymity.

Ransomware attacks have gained momentum in the past year, and we believe cryptocurrency has enabled and supported that trend. According to sampled DNS traffic, we saw an increasing trend in the volume of traffic to ransomware-associated malware websites between January and April 2021, with more than a 250% increase in traffic. 

Elon Musk Scam.

Another scam that has recently gained strong momentum includes a social engineering technique that convinces victims to send crypto coins to cyber criminals' wallets with the promise of repayment that is double the original amount.

We saw a good example of that in the wild with the Elon Musk scam, which abused Musk's reputation as an entrepreneur and Tesla as an organization that advocates for the use of cryptocurrencies. This scam presented a reliable and trustworthy airdrop event on a phishing website that appeared to be supported by Musk and Tesla. An airdrop event occurs when a cryptocurrency or organization decides to distribute tokens or coins to users for any reason.

According to the scam phishing website, Tesla HQ declares that, as a supportive action to the crypto community, it will give back each participant twice the amount that was initially sent by the user. Needless to say, when it's too good to be true, it probably is; victims did not get their coins back.

This scam used a variety of techniques to create a trustworthy and sustainable website, such as a newly registered domain that seems legit, giving the phishing website the look and feel of a well-known blogging platform, complete with fake comments from fake users indicating they just received repayment as promised. All these social engineering techniques helped gain victims' trust so they were more willing to take the risk and give away some of their coins.    

Summary

The same cryptocurrency technology that prevents users' identities from being exposed also motivates cyber criminals and explains why cryptocurrencies play a significant role in the modern cyber ecosystem. As a result, we can see more and more attack vectors, such as DDos extortions and ransomware, that request payment in the form of cryptocurrency.

As cryptocurrency becomes even more significant, the trends reported in this blog don't come as a surprise. Yet the strong correlation between crypto rates and level of attacks being reported is surprising and indicates that cyber criminals are motivated by commercial forces.

Because some crypto-associated threats, such as crypto mining and DDoS attacks, involve abusing servers or infected computational devices, the potential impact is relevant to both consumers and businesses. 

To apply proactive security monitoring and controls, we need to better understand the relationship between global events and what motivates cyber criminals to execute scams. Events that influence our lives, our economy, and our health will most likely trigger cyber criminals to target us by leveraging those events. Those attacks will happen when we're most vulnerable to lurking scams. 

As an InfoSec community, we need to increase awareness, evaluate our vulnerabilities, better understand cyber criminals' mindset, and as a result, try to predict what might come next -- and be ready for it.

 .