Cryptocurrencies continue to be a favorite target for attackers, with attacks targeting Bitcoin and other currencies growing at a rapid pace.
In the recently released 2023 Data Breach Investigations Report (DBIR), Verizon noted that attacks on its dataset specifically targeting cryptocurrency data increased 300% during 2022 to 48 reported incidents, up from 12. from the previous year. Whether the trend continues this year remains to be seen, says David Hylender, a senior manager of threat intelligence at Verizon.
"The rise of cryptocurrencies presented many opportunities for attackers to gain access to many valuable crypto assets," Hylender says. "However, circumstances have changed somewhat over the past year and may lead to corresponding changes in the degree to which attackers will target this type of data."
Of the attacks submitted to the Verizon DBIR, about half used an exploit, more than 40% used stolen credentials, and about a quarter incorporated a phishing attack, according to the report. While some of the attacks (more than 10%) used email as a vector, most compromised user account via the web application or an application programming interface, the report stated.
Verizon's Hylender noted that the company had received only dozens of reports, far smaller than the hundreds or thousands of other types of compromises the company analyzed from other sources.
"We did note in the report that even though it's quadrupled, it's still a relatively small number compared to all other types of data," he says.
Volatile markets, stable cybercrime
Over the past decade, cryptocurrency has become an integral part of the cybercriminal ecosystem, allowing would-be attackers to pay for a variety of offensive security services and receive payments from ransomware victims. Increasingly, the potential for rapid and substantial financial gains has attracted speculative investors who, in turn, are targeted by fraudsters seeking to exploit this enthusiasm for their own gain, says Kurt Baumgartner, principal security researcher at Kaspersky.
"Cryptocurrencies enable cybercrime in multiple ways," says Baumgartner. โWe have seen stolen cryptocurrency exchanges, Trojanized cryptocurrency trading apps and their related websites compromised for use as command and control, cryptocurrency used by individuals and cybercrime groups for employment and service payments, โฆ and cryptocurrency used as an easy method of laundering sometimes massive payments by victims for millions of ransomware and other extortion crimes."
Despite the fact that the value of cryptocurrency fluctuates wildly in the market, it remains a popular financial instrument for cybercriminals to use. and abuse. Last year, the number of cryptocurrency-related phishing attacks targeting Kaspersky clients grew 40% to 5.0 million, up from 3.6 million in 2021, the company said.
One campaign used a trojanized Tor browser to steal cryptocurrency from more than 15,000 users in 52 countries, stealing at least $400,000, according to Kaspersky research. In another campaign, cyber crooks used a loader dubbed DoubleFinger to install a trojan, dubbed GreetingGhoul, which replaces the login window of common cryptocurrency wallets with an information-gathering duplicate.
"DoubleFinger, along with GreetingGhoul, is a breakthrough for the elements of crime, both in terms of stealth technology and targeting when it comes to cryptocurrency theft," says Kaspersky's Baumgartner. "As cryptocurrency remains a highly valued target of online theft efforts, with people protecting themselves with cold wallets and the like, malware like this demonstrates a breakthrough in both malicious technologies and techniques."
