Top Cyber Threats in the 2021 Crypto World For Businesses

Bitcoin and cryptocurrency in general have been exploding in recent years with no signs of slowing down, reaching an all-time high in April 2021. With a current market cap sitting at 1.7 trillion dollars, more and more, new investors are eager to take advantage of the digital gold rush taking the world by storm.  

Today, cryptocurrency is encroaching into our everyday life. Coinbase, a cryptocurrency exchange, has recently launched an IPO and India has recently got rid of a ban on cryptocurrencies. 

Even the criminals are getting on the action, with ransomware groups often using anonymous cryptocurrency transactions as their preferred payment method when extorting companies. 

Speaking of cybercriminals, another thing that is exploding right now is cybercrime, going up by 600 percent over the pandemic and also showing no signs of slowing down.  As a still-new industry with a lack of regulation in place, the cryptocurrency rush is quickly becoming the wild west, full of ill-knowing investors that haven’t quite done enough homework and threat actors aching to scam, steal and exploit them. 

But, what are the attack vectors and how can you safeguard yourself in the dazzling, fast-moving world of cryptocurrency? 

Common crypto attack vectors 

There are many ways that a threat actor can perform a cyber attack, where the hackers have a callous, somewhat indirect impact on a victim when they hijack their processing power to perform more crypto mining 

Below are some of the most common cybercrimes and attacks linked to cryptocurrency in 2021 that businesses need to look out for.  

Ransomware  

This may be cheating a little but, these days, ransomware and cryptocurrency are intrinsically linked. After all, the whole point of ransomware is that the threat actors are expecting their victims to pay the ransom. 

A problem which malicious actors face is the delivery method of the money and avoiding the authorities being able to track them down. In the 1989, the threat actor behind AIDs Trojan, a sort of proto-ransomware that rendered computers unusable by hiding directories and encrypted the names of all files on drive C: after 90 boots, demanded in a ransom note that 189 dollars from each victim be mailed to a post office box in Panama. 

Suffice to say, the method of how money travels from the victim to the threat actor has become increasingly refined and sophisticated since then. Cryptocurrency is less traceable than other payment methods, is instantaneous and it's very difficult to claw the money back once it’s gone. 

Once a company caves to a ransom demand, it’s very likely they won’t see that money again. It’s also very like that they’ve confirmed to malicious actors that they’re a viable target for another attack. 

Scams 

Notably, there are various sorts of scams and fraudulent schemes proliferating in the crypto world that you and your business can fall victim to in cryptocurrency, such as: 

• Investment Scams, where threat actors lure victims to seemingly-legitimate websites that claim an investment is growing. So, victims invest large sums of money but get nothing in return. 
• Imposter and Giveaway Scams, where hackers impersonate well-known investors and celebrities charitably urging investors to send their crypto, but instead of the victim’s investment growing the money just ends up right in the scammer's hands. 
• Initial Coin Offering (ICO) Fraud, which is a crypto scam where victims are tricked into investing in the launch of a new cryptocurrency that turns out to be bogus. 

There are various types of other scams to watch out for in the cryptocurrency and cybersecurity world. Scammers often make big promises of ‘guaranteed’ profits, returns and free, easy money, often without much explanation or detail to back them up.  

It's very important for business owners to verify the company name and cryptocurrency type and understand where their investment is going and the process. 

Dusting attacks 

Cryptocurrency “dusting” is a type of attack where threat actors send tiny amounts of crypto “dust” to multiple crypto wallets in an attempt to circumvent privacy and track them to their source. By monitoring the wallet transactions and analysing the different addresses on the blockchain, threat actors may be able to unmask the identity of a person or company behind each wallet. 

It’s important to remember that information is key in cybersecurity and computing. 

If a dusting attack is successful, threat actors could use the data they’ve collected to orchestrate more sophisticated, precise phishing attacks like spear phishing and whaling. For example, threat actors could pose as clients and list your wallet address and transaction amount as evidence in order to trick you into sending them large amounts of crypto. 

To mitigate dusting, it’s recommended that people and companies: 

• Generate a new wallet address for every single transaction instead of just reusing the same one.  
• Utilise wallets that allow you to parse received funds so you avoid using the “dust”, which can act like a sort of tracker, in transactions. 

Session Hijacking  

For good reason, many cryptocurrency platforms strongly promote two-factor authentication (2FA) methods such as authenticator apps to safeguard accounts. Authenticator apps prevent threat actors from just inputting credentials like passwords they’ve obtained via phishing or one-time passcodes they’ve intercepted via SIM swapping techniques and accessing your account and wallet. 

This is where reverse proxy phishing aka session hacking comes in. 

Reverse proxy phishing is a type of domain-spoofing, Man-in-the-Middle attack where a threat actor listens to traffic going between two parties in a session. This is commonly used to bypass two-factor authentication (2FA) and gain access to victims’ crypto accounts. 

The attack utilises a trojan login page to trick users into inputting their details and performing two-factor authentication. The domain is hosted on a malicious reverse proxy server positioned between the victim’s infrastructure and the legitimate server hosting the real login page as a sort of unknown middleman.  

Any traffic passing through the reverse proxy server can be monitored and controlled by the threat actor, completely exposing the victim. 

The attack can be broken down into these 4 stages: 

1. Victim is sent a phishing email by a threat actor that convinces them to click on a link and log into their cryptocurrency account. 
2. Link takes the victim to a trojan login page that perfectly mimics the real page the user thinks they are on because the malicious server retrieves and loads a copy of the legitimate login page, using fraudulently obtained SSL certificates to make sure the victim's browser doesn’t detect that fact. 
3. When the victim inputs their login credentials and is asked to perform two-factor authentication, the malicious server passes on these credentials and 2FA code to the real server and login page. 
4. Real server verifies credentials and grants account access, mistaking the reverse proxy server, the middleman, for the victim client and giving the threat actor completely hijack the session. 

From there, the threat actor can do whatever they like with your account and cryptocurrency, including moving it to their own infrastructure. The only 2FA method not vulnerable to this is having a security key, but this still isn’t a common option.  

So, like with all phishing, to safeguard yourself you should: 

• Be wary of emails with links (and attachments). 
• Always double-check the sender’s email address. 
• Check if the URL is correct without any deviation, no matter how minor. Threat actors like to create URLs that match the real thing as much as possible. 
• If you need to log in to your account, never go to ‘the site’ via the link in the email. 

Cryptocurrency clipping 

Similar to URL redirection in a way, cryptocurrency clipping is where a threat actor utilises to steal cryptocurrency by utilising a backdoor trojan malware that automatically substitutes the intended wallet address with the threat actor’s during a cryptocurrency transaction. 

When a person is pasting the wallet address of the recipient from their clipboard, the clipper that is monitoring the clipboard with the malware secretly substitutes the recipient’s address with a hijacked one under the threat actor’s control instead. 

Often, threat actors often infect machines with this malware via trojan tactics, such as disguising the malware as seemingly benign, third-party apps like PDF readers, mobile games, and COVID-19 tracers in order to trick the user into downloading it.  

Best ways to mitigate this attack are to: 

• Always double-check copied and pasted wallet addresses match.  
• Don’t download suspicious-looking apps from app stores.  
• Analyse the generic reviews for apps and check if there’s something off, such as them being from potential bot accounts. 
• Don’t give more permissions than necessary for the app to function. 

Sometimes it’s also a good tactic to send a tiny amount of money, as in an amount you’re okay with possibly losing, to the recipient to see if it gets there first before sending the full amount. 

How can you keep on top in the chaotic threat landscape? 

While it’s important to stay up-to-date with the current attack vectors, keeping track of threats and your infrastructure can feel like an insurmountable task. 

Cyberspace is a big place, after all. 

Securiwiser is a cyber threat detection monitoring tool that makes things more manageable by flagging up vulnerabilities and exploits in an easy-to-read dashboard. It checks for things like suspicious port activity, malicious domains and typosquatting, if malware is on your network and much, much more. 

Give yourself a free scan today!