Cybercriminals increasingly targeting cryptocurrency

As cryptocurrencies and non-fungible tokens (NFTs) become more mainstream, cybercriminals are increasingly turning to them as a new method of financial extraction, security experts have warned.

Researchers have observed multiple objectives demonstrated by cybercriminals relating to digital tokens and finance such as traditional fraud leveraging business email compromise (BEC) to target individuals, as well as activity targeting decentralized finance (DeFi) organisations that facilitate cryptocurrency storage and transactions for possible follow-on activity.

Studies by Proofpoint have found that both of these threat types contributed to around $14 billion in cryptocurrency losses in 2021. In fact, BEC topped the list of types of attacks CISOs in the UAE expect to face in the coming months, with 35 per cent of CISOs being concerned about potential BEC attacks.

Sherrod DeGrippo, vice president of Threat Research and Detection at Proofpoint, explained that the financially motivated attacks targeting cryptocurrencies have largely coalesced under pre-existing attack patterns observed in the phishing landscape prior to the rise of blockchain based currency.

“Common techniques observed when targeting cryptocurrency over email include credential harvesting, the use of basic malware stealers that target cryptocurrency credentials and cryptocurrency transfer solicitation like BEC,” she revealed. “These techniques are viable methods of capturing sensitive values which facilitate the transfer and spending of cryptocurrency.”

There are multiple DeFi applications and platforms – such as cryptocurrency exchanges – that people can use to manage their cryptocurrency, she added. “These platforms often require usernames and passwords, which are potential targets for financially motivated threat actors.

Despite public keys being safe to share, researchers are seeing actors solicit the transfer of cryptocurrency funds via BEC type emails that include threat actor controlled public keys and cryptocurrency addresses. These email campaigns rely on social engineering to secure the transfer of funds from targeted victims.”

Users, she stressed, should be aware of common social engineering and exploitation mechanisms used by threat actors aiming to steal cryptocurrencies.

In 2022, Proofpoint has observed regular attempts to compromise user’s cryptocurrency wallets using credential harvesting. This method often relies on the delivery of a URL within an email body or formatted object which redirects to a credential harvesting landing page. Notably these landing pages have begun to solicit values utilised in the transfer and conversion of cryptocurrencies.

Proofpoint researchers have also observed multiple examples of phishing threat actors creating and deploy phishing kits to harvest both login credentials to cryptocurrency related sites and cryptocurrency wallet credentials or passphrases. Phish kits give threat actors the ability to deploy an effective phishing page regardless of their skill level. They are pre-packaged sets of files that contain all the code, graphics, and configuration files to be deployed to make a credential capture web page.

DeGrippo explained that these are designed to be easy to deploy as well as reusable. They are usually sold as a zip file and ready to be unzipped and deployed without a lot of “behind the scenes” knowledge or technical skill.

She added that 2022 also saw an increase in BEC specifically for cryptos. Primarily these requests are observed in the context of employee targeting, using impersonation as a deception, and often leveraging advanced fee fraud, extortion, payroll redirect, or invoicing as themes. The initial BEC email often contains the safe for public consumption values, including public keys and cryptocurrency addresses.

“By impersonating an entity known to the user and listing an actor-controlled public key or address, actors are attempting to deceive users into transferring funds from their account willingly based on social-engineering content. This is like the way actors use routing and bank account numbers during BEC phishing campaigns,” DeGrippo said.

Copyright © 2022 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (

Source link


Cryptocurrency scams climbed to second riskiest in 2021, according to BBB report

ARLINGTON: Scams related to cryptocurrency jumped from the seventh riskiest scam in 2020 to second riskiest in 2021, according to the 2021 BBB Scam Tracker Risk Report.

According to a press release, although cryptocurrency scams made up only 1.9% of the scams reported to BBB Scam TrackerSM in 2021, the average reported median dollar loss reported for these scams was US$1,200 (RM5,048), much higher than the overall median dollar loss of US$169 (RM710) for all scam types. The annual report analyses scams reported to the Better Business Bureau.

A BBB report on cryptocurrency scams is expected to be released Thursday, March 24. The report will focus on digital currencies, the tactics scammers use to take advantage of people, and what consumers can do to protect themselves.

Online purchase scams maintained the top spot as the riskiest; this scam type made up 37.4% of all scams reported to BBB Scam Tracker in 2021, with 74.9% reporting a monetary loss. Employment scams dropped in 2021, from second riskiest to third. The susceptibility and median dollar loss of this scam type dropped slightly, while the number of reported scams increased from 7.1% in 2020 to 7.8% in 2021.

“Scammers shift their tactics constantly and appear to have expanded their use of cryptocurrency to perpetrate fraud,” said Melissa Lanning Trumpower, executive director of the BBB Institute for Marketplace Trust, which produced the 2021 BBB Scam Tracker Risk Report.

“Cryptocurrency scams were riskier in 2021 with 66% of those targeted by this scam type losing money and a reported median dollar loss of $1,200. Scammers are using social media and other means to promise investment opportunities with great returns and low risks, which is a huge red flag. We received many reports of people being targeted on a variety of social media platforms after their friends’ accounts were hacked.”

While susceptibility (the percentage of people who lose money when targeted by a scam) decreased in 2021, median dollar loss rose 47.0%. Credit cards remained the highest reported payment method with a monetary loss, followed by online payment systems. Payment made via cryptocurrency that resulted in a monetary loss more than doubled from 2020. The payment methods with the highest median dollar loss were wire transfer (US$1,450/RM6,100), cryptocurrency (US$1,200), check (US$900/RM3,786), and prepaid card (US$700/RM2,944).

Regarding age, online purchase scams were the riskiest for all age groups in 2021. Cryptocurrency scams were the second riskiest for ages 25 — 64. Employment scams were second riskiest and third riskiest across several age brackets. Interestingly, investment scams were third riskiest for ages 18 — 24 for the first time since BBB began publishing the risk report. The rise of cryptocurrency scams as the second riskiest overall in 2021 may play a role in the rise of investment scams for this age group.

More than 44% reported losing confidence or peace of mind because of the emotional impact of being targeted by a scam and about 35% reported losing personal information. About the same percentage of people (55.5%) reported losing time as reported losing money after being targeted by a scam.

“Time is money, and our survey results reflected this,” Trumpower explained in the release. “We can’t ignore the fact that there are many other non-financial impacts of being targeted by a scam.” – Richmond Register, Ky./Tribune News Service

Source link


This sextortion malware is DANGEROUS! Blackmails with cryptocurrency; here’s how to avoid it

MyloBot malware in a new avatar has been found sending sextortion malware mails. The malware can bypass most security protocols.

This sextortion malware is much more dangerous than you can even imagine! The MyloBot malware is back and this time, it has evolved in a way to take advantage if you consume pornographic content. The malware, which was first detected in 2018, is now known to infect your computer and send sextortion emails and demands the ransom in cryptocurrency Bitcoin. This new iteration of MyloBot can also hide itself well for the periods of 14 days, thereby avoiding antivirus and malware protection solutions.

First reported by The Hacker News, the evolved version of this malware is designed to abuse the victim by sending extortion emails based on his/her online usage. The extortion mails wait until you visit a pornographic website your computer and immediately send the mail, threatening to leak a video that it claims to have recorder from your computer’s webcam to your contact list.

MyloBot malware threatens to leak your video

The sextortion email even says that the malware has recorded both the screen grab of what you were watching alongside the webcam feed, thereby revealing your awkward expressions to your family and friends circle.

The email, however, gives a solution to avoid all that if you are willing to pay $2,732 to the hacker in Bitcoin.

“This threat actor went through a lot of trouble to drop the malware and keep it undetected, only to use it as an extortion mail sender,” Minerva Labs researcher Natalie Zargarov said. “Botnets are dangerous exactly because of this unknown upcoming threat. It could just as easily drop and execute ransomware, spyware, worms, or other threats on all infected endpoints.”

How to avoid sextortion email?

The best part is to avoid replying to such mails, since this malware only sends an extortion email. However, you will need to clear it up from your system. Hence, you should install a malware detection and cleaning tool with the latest updates. Do note that all malware detection tools should be updated with the latest definitions. Additionally, you can reset your entire computer to clean it up.

You should also avoid visiting suspicious websites that tend to throw a lot of these botnets, malware, ransomware, and other things on your system. Always ensure you visit ‘https’ websites to avoid these threat actors.

Source link


$320 million stolen from Wormhole, bridge linking solana and ethereum

The logo of cryptocurrency platform Solana.

Jakub Porzycki | NurPhoto via | Getty Images

One of the most popular bridges linking the ethereum and solana blockchains lost more than $320 million Wednesday afternoon in an apparent hack.

It is DeFi’s second-biggest exploit ever, just after the $600 million Poly Network crypto heist, and it is the largest attack to date on solana, a rival to ethereum that is increasingly gaining traction in the non-fungible token (NFT) and decentralized finance (DeFi) ecosystems.

Ethereum is the most used blockchain network, and it is a big player in the world of DeFi, in which programmable pieces of code known as smart contracts can replace middlemen like banks and lawyers in certain types of business transactions. A more recently introduced competitor, solana, is growing in popularity, because it is cheaper and faster to use than ethereum.

Crypto holders often do not operate exclusively within one blockchain ecosystem, so developers have built cross-chain bridges to let users send cryptocurrency from one chain to another.

Wormhole is a protocol that lets users move their tokens and NFTs between solana and ethereum.

Developers representing Wormhole confirmed the exploit on its Twitter account, saying that the network is “down for maintenance” while it looks into a “potential exploit.” The protocol’s official website is currently offline.

An analysis from blockchain cybersecurity firm CertiK shows that the attacker’s profits thus far are at least $251 million worth of ethereum, nearly $47 million in solana, and more than $4 million in USDC, a stablecoin pegged to the price of the U.S. dollar.

Bridges like Wormhole work by having two smart contracts — one on each chain, according to Auston Bunsen, co-founder of QuikNode, which provides blockchain infrastructure to developers and companies. In this case, there was one smart contract on solana and one on ethereum. A bridge like Wormhole takes an ethereum token, locks it into a contract on one chain, and then on the chain at the other side of the bridge, it issues a parallel token.

Preliminary analysis from CertiK shows that the attacker exploited a vulnerability on the solana side of the Wormhole bridge to create 120,000 so-called “wrapped” ethereum tokens for themselves. (Wrapped etherum tokens are pegged to the value of the original coin but are interoperable with other blockchains.) It appears that they then used these tokens to claim ethereum that was held on the ethereum side of the bridge.

Prior to the exploit, the bridge held a 1:1 ratio of ethereum to wrapped ethereum on the solana blockchain, “acting essentially as an escrow service,” according to CertiK.

“This exploit breaks the 1:1 peg, as there is now at least 93,750 less ETH held as collateral,” continued the report.

Wormhole says that ethereum will be added to the bridge “over the next hours” to ensure that its wrapped ethereum tokens remain backed, but it is unclear where it’s getting the funds to do this.

Ethereum founder Vitalik Buterin previously made the case that bridges won’t be around much longer in the crypto ecosystem, in part because there are “fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty.'”

CertiK noted in its post-mortem report of the incident that when bridges hold hundreds of millions of dollars of assets in escrow and multiply their possible vectors of attack by operating across two or more blockchains, they become prime targets for hackers.

Crypto platforms have faced a number of high-value exploits in recent months.

“The $320 million hack on Wormhole Bridge highlights the growing trend of attacks against blockchains protocols,” said CertiK co-founder Ronghui Gu. “This attack is sounding the alarms of growing concern around security on the blockchain.”

Source link