Cryptocurrency-related cyberattacks are on the rise: Report

Our Bureau Updated - June 30, 2021 at 10:48 AM.

Cyberattacks are quickly followed by impersonation attacks, which led to its growth by 192 per cent.

With the growing popularity of cryptocurrency, cybercriminals are taking advantage of the opportunities this creates to trick potential victims and increase the profits they can make from their attacks, according to cybersecurity firm Barracuda.

Researchers at Barracuda recently analysed phishing impersonations and business email compromise attacks sent between October 2020 and May 2021. They identified that the growing price of bitcoin has led to an increase in the volume of cryptocurrency-related attacks.

As certain organisations started to announce that they will accept payments in bitcoin, interest in cryptocurrency increased. “Fueled by the chaos around bitcoin,” to cryptocurrency’s price increased by almost 400 per cent between October 2020 and April 2021.

With this, cyberattacks quickly followed impersonation attacks, which led to its growth by 192 per cent, the report said.

Murali Urs, Country Manager, Barracuda Networks-India said, “The digital format of Cryptocurrencies make them decentralized in nature and without any regulations, they have become the currency of choice for cybercriminals. It fueled and enabled a multibillion economy of ransomware, cyber-extortion, and impersonation.”

“These attacks are targeting not just private businesses, but also critical infrastructure, so they increasingly pose a national security risk. The recent high-profile attacks on organisations like Colonial Pipeline and JBS in the US are likely to bring greater interest in Government’s intervention and regulation of bitcoin,” added Urs.

Extortions

Hackers are asking to get paid in bitcoin during extortion attacks where they claim to have a compromising video or information that will be released to the public if the victim does not pay to keep it quiet.

“While this scheme has been around for some time, as the price of bitcoin climbed, cybercriminals started including it as part of their business email compromise attacks impersonating employees within an organisation,” the report said.

Hackers used targeted and personalised emails to get victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency.

The firm has been leveraging artificial intelligence and natural language processing capabilities to analyse the language used in cryptocurrency-related BEC attacks and determine key phrases and calls to action that hackers used to incite their victims.

Phrases usage

As per the research, cybercriminals tend to use phrases such as “urgent today” or before the “day runs” out to create a sense of urgency. Their call to action is typically for their victim to go to the “nearest bitcoin machine.” They also play on their victims’ sentiments to request that a payment be made as a “charity donation,” making them believe they are doing a good thing.

Ransomware attacks have also been significantly damaging owing to the rapid growth in the perceived value of bitcoin. In 2019 ransom demands ranged from a few thousand dollars to $2 million at the top end. By mid-2021, most demands reached millions, with a significant number over $20 million.

“The possible reasons contributing towards the skyrocketing demands are: Fewer organisations choosing to take the hit by actually paying the ransom; Ransomware payments are getting traced by law enforcement agencies and strict actions are being taken; and, with the price of cryptocurrency going up, it is costing more for organisations to pay out to the cybercriminals,” it explained.

Hackers have also been conducting phishing attacks at frequent intervals asking victims for wire transfers and gift cards. They are now they are looking for their victims to buy and send them bitcoin.

“Organisations need to protect their users from such attacks by training them on the latest email threats so that they are able to recognize the latest tactics used by hackers. They should make phishing simulation a part of their security awareness training,” it said.

Published on June 30, 2021 04:55