As the price of bitcoin rises amid the growing public interest in cryptocurrency, cybercriminals are taking advantage of the opportunities this creates for them to trick potential victims and increase the profits they can make from their attacks. Researchers of Barracuda, a trusted partner and leading provider of cloud-enabled security solutions recently analyzed phishing impersonations and business email compromise attacks sent between October 2020 and May 2021 and identified that the growing price of bitcoin has led to an increase in the volume of cryptocurrency-related attacks.
Until very recently, cryptocurrency was not used to pay for day-to-day goods in the real world. However, as some companies started to announce that they will accept payments in bitcoin, it generated more interest in cryptocurrency and started to drive its value up. Fueled by the chaos around bitcoin, its price increased by almost 400% between October 2020 and April 2021. Cyberattacks quickly followed with impersonation attacks, which led to its growth by 192%.
Speaking on the new threat vector, Murali Urs, Country Manager, Barracuda Networks-India said, “The digital format of Cryptocurrencies make them decentralized in nature and without any regulations, they have become the currency of choice for cybercriminals. It fueled and enabled a multibillion economy of ransomware, cyber-extortion, and impersonation. These attacks are targeting not just private businesses, but also critical infrastructure, so they increasingly pose a national security risk. The recent high-profile attacks on organisations like Colonial Pipeline and JBS in the US are likely to bring greater interest in Government’s intervention and regulation of bitcoin.”
Hackers use bitcoin to get paid in extortion attacks where they claim to have a compromising video or information that will be released to the public if the victim does not pay to keep it quiet. While this scheme has been around for some time, as the price of bitcoin climbed, cybercriminals started including it as part of their business email compromise attacks impersonating employees within an organization. They target and personalize these emails to get their victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency. Barracuda has been leveraging its AI natural language processing capabilities to analyze the language used in cryptocurrency-related BEC attacks and determine key phrases and calls to action that hackers used to incite their victims. Attackers are creating a sense of urgency by using phrases like “urgent today” or before the “day runs” out. Their call to action is typically for their victim to go to the “nearest bitcoin machine.” They also play on their victims’ sentiments to request that a payment be made as a “charity donation,” making their victims believe they are doing a good thing.
Due to the rapid growth in the perceived value of bitcoin, ransomware attacks have also become more damaging than ever. In 2019 ransom demands ranged from a few thousand dollars to US$2 million at the top end. By mid-2021 most demands were in the millions, with a significant number over US$20 million. The possible reasons contributing towards the skyrocketing demands are: Fewer organizations choosing to take the hit by actually paying the ransom; Ransomware payments are getting traced by law enforcement agencies and strict actions are being taken; and, with the price of cryptocurrency going up, it is costing more for organizations to pay out to the cybercriminals.
Hackers have been conducting phishing attacks time and time again asking victims for wire transfers and gift cards. They are now they are looking for their victims to buy and send them bitcoin. Organisations need to protect their users from such attacks by training them on the latest email threats so that they are able to recognize the latest tactics used by hackers. They should make phishing simulation a part of their security awareness training.
Meanwhile, organizations should secure their web applications through WAF-as-a-Service or WAAP solution that includes bot mitigation, DDoS protection, API security, and credential stuffing protection — and make sure it is properly configured.
During a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss, and get the systems restored quickly, whether the files are located on physical devices, in virtual environments, or the public cloud.
Finally, organisations must ensure that even if they face a ransomware attack, they must not pay the ransom as this only encourages them to attack more and ask for even bigger ransoms. They need to work with law enforcement agencies to get a resolution.