Cryptocurrency remains a prime target for cyber attackers, with incidents targeting Bitcoin and other digital currencies experiencing significant growth. The recently released 2023 Data Breach Investigations Report (DBIR) by Verizon highlighted a 300% increase in attacks targeting cryptocurrency data, with 48 incidents reported in comparison to 12 the previous year. While it remains to be seen if this trend will continue throughout the year, David Hylender, the senior manager of threat intelligence for Verizon, suggests that changes in the circumstances may also lead to changes in attackers’ focus on this type of data.
According to the DBIR, approximately half of the attacks submitted to Verizon utilized an exploit, while more than 40% involved stolen credentials. Additionally, about a quarter of the attacks incorporated a phishing attack, and over 10% used email as a vector. However, the majority of attacks compromised the user’s account through either a web application or an application programming interface (API). It is important to note that Verizon’s dataset only included dozens of reports, a relatively small number compared to other types of compromises analyzed from various sources.
Cryptocurrency has become an integral part of the cybercriminal ecosystem over the past decade, providing attackers with the means to pay for offensive-security services and receive payments from ransomware victims. Moreover, the allure of quick and substantial financial gains has attracted speculative investors, making them attractive targets for scammers seeking to exploit their enthusiasm. Kurt Baumgartner, a principal security researcher with Kaspersky, highlights the multiple ways in which cryptocurrency enables cybercrime, such as pilfering cryptocurrency exchanges, trojanizing trading apps, using it for payments to cybercriminal groups, and as a method of payment for ransomware and extortion crimes.
Despite the volatile nature of cryptocurrency markets, it remains a popular financial instrument for cybercriminals to exploit. Kaspersky reported a 40% increase in cryptocurrency-related phishing attacks targeting its customers, with 5.0 million attacks recorded in 2022 compared to 3.6 million in 2021. One noteworthy campaign utilized a trojanized Tor browser to steal cryptocurrency from over 15,000 users across 52 countries, resulting in at least $400,000 in losses. In another campaign, cyber thieves employed a loader known as DoubleFinger to install a Trojan called GreetingGhoul, which replaced the login window of common cryptocurrency wallets with a duplicate aimed at collecting sensitive information.
Kaspersky’s Baumgartner emphasizes that malware like DoubleFinger and GreetingGhoul demonstrate significant advancements in both malicious technologies and techniques, targeting the highly valued object of online theft that cryptocurrency represents. As individuals adopt more secure measures like cold wallets to protect their digital assets, cybercriminals are continuously evolving their methods to exploit vulnerabilities. Therefore, it is crucial for both individuals and organizations to remain vigilant against these increasingly sophisticated attacks.
The growing number of attacks targeting cryptocurrency and the significant financial losses associated with them should serve as a reminder of the importance of robust cybersecurity measures. The dynamic and evolving nature of the cryptocurrency landscape requires constant adaptation and proactive defense strategies to mitigate risks effectively. As the popularity of digital currencies continues to rise, it is essential for individuals and businesses to prioritize cybersecurity to safeguard their assets and protect against potential threats.