Following the news, you are quite likely awed by the boost in cryptocurrency, especially Bitcoin has made the (financial) headlines. Founded in 2009, it has risen to levels we have seldom seen before. Needless to say, many other cryptocurrencies jumped on the bandwagon and are now catching up with Bitcoin. As detailed in the Global Cryptocurrency Benchmarking Study 2017 of the University of Cambridge, other cryptocurrencies have gained many followers and are traded much higher than ever before.
As we all know, anything of value is of interest to cybercrooks. Looking at the spectacular value gain that Bitcoin and the like were able to achieve during 2017, it did not take long for them to focus on ways to benefit from it. Bitcoin is already familiar territory for them, since it is their favorite currency to be paid in for ransomware extortion. But they did not want to use it only for payments, they quickly focused on ways to get more cryptocurrency with minimum effort. What better way to create a new income stream than by stealing cryptocurrency directly from their owners, end users, and cryptocurrency companies? So what did they do? They are using their still effective cyberattacks methods (such as phishing and browsing to legitimate websites that were infected) to entice users to download their mining malware through payloads and scripts. They also use watering hole attacks and even social media shares on e.g., Facebook messenger to get their hands on their victims’ cryptocurrency. Unfortunately, those attacks are quite successful. As usual, social engineering is still the secret sauce for their attack success.
They use “cryptojacking” to use their victims’ computing devices to mine cryptocurrency without their victims even being aware of the attack. Although this attack vector in itself is not entirely new, it is still highly effective and has surged during the last months of 2017. To state it plainly - hackers have found a way to ride the cryptocurrency boom. From Bitcoins to Litecoins, Ethereum, Ripple and Iota, - nothing is safe from those cybercrooks.
Sadly enough, we can presume that millions of users worldwide might already have been victimized, which would translate into millions of dollars in illegal gains for those cryptocurrency hackers. We already know that attacks have been carried out by e.g., infecting legitimate websites such as the CBS Showtime website, UFC live-streams and even governmental websites of countries such as Moldova and Bangladesh.
As 2017 comes to a close, we at Cymulate want to warn all legitimate owners and miners of cryptocurrency worldwide that sadly enough, they are under attack. Cybercrooks have branched out to become cryptocurrency hackers who are launching new forms of malware to harvest by hook and by crook the digital tokens that use the processing power on their victims’ computers for their own benefit. Their effective attacks are likely to already have affected millions of users. It this crime trend continues, many more will be victimized and their illegal gains will total millions of dollars. To illustrate, the Slovenian mining marketplace NiceHash was hacked on December 6, 2017 by a professional attackers using sophisticated social engineering. Approximately 4,700 bitcoin were stolen with a market value of close to $64M (at December 7, 2017 prices).
To protect your cryptocurrency, we advise you to store them in a cold wallet (a physical device, such as a USB flash drive, that is disconnect from the web and can be plugged in when needed) instead of a hot wallet which is an internet-connected account that potentially can be accessed by hackers.
To protect users and organizations, we advise to check regularly if the infrastructure has been compromised. Since social engineering remains popular, organizations need to be vigilant and make sure that their employees will not fall victim to emails containing malware or phishing attacks that will trick them in downloading the malicious cryptomining script. By using the Cymulate platform, enterprises can run simulations anytime and from anywhere to check how resilient their infrastructure is against such attacks. To learn more, click here.