7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies

7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies

Stealing Directly from Crypto Exchanges

South Korean crypto exchange Conrail is just the latest in a laundry list of cryptocoin exchanges getting hit this year with hacks, which are resulting in tens or even hundreds of millions of dollars in losses. Conrail’s loss was about $37 million, but more dramatic incidents like the one at Coincheck added up to over $500 million in stolen currency.

Loading...

Cryptojacking (Cryptomining Botnets)
Beyond straight coin theft from exchanges, cryptojacking has proved to be one of the biggest growth markets for cybercriminals in 2018. The idea behind cryptojacking is to steal compute power - typically through some form of malware-delivered botnet infrastructure - from legitimate machines in order to get them mining cryptocoins. That stolen compute can come from Internet of Things (IoT) devices, cloud buckets, web servers, mobile devices, and individual PCs. Basically, if your system has a processor and is connected to power, the bad guys are looking to recruit it. Some of the latest estimates show that up to one in four businesses are targeted by cryptojacking in the cloud.
'Last year, we saw a spate of breaches where hackers went after valuable data in the public cloud,' says Zohar Alon, co-founder and CEO of Dome9. 'But data is not the only valuable asset in the cloud. Now we're starting to see hackers steal compute cycles for cryptomining. By flying under the radar, these illegal mining operations can go undetected for months, racking up the public cloud bill and costing millions.'
It's a call to arms for enterprises, which need to get better at fending off cryptojacking attacks that piggyback off of their IT investments.
Image Source: Adobe Stock (alphaspirit)

Cryptojacking (Cryptomining Botnets)

Beyond straight coin theft from exchanges, cryptojacking has proved to be one of the biggest growth markets for cybercriminals in 2018. The idea behind cryptojacking is to steal compute power — typically through some form of malware-delivered botnet infrastructure — from legitimate machines in order to get them mining cryptocoins. That stolen compute can come from Internet of Things (IoT) devices, cloud buckets, web servers, mobile devices, and individual PCs. Basically, if your system has a processor and is connected to power, the bad guys are looking to recruit it. Some of the latest estimates show that up to one in four businesses are targeted by cryptojacking in the cloud.

“Last year, we saw a spate of breaches where hackers went after valuable data in the public cloud,” says Zohar Alon, co-founder and CEO of Dome9. “But data is not the only valuable asset in the cloud. Now we’re starting to see hackers steal compute cycles for cryptomining. By flying under the radar, these illegal mining operations can go undetected for months, racking up the public cloud bill and costing millions.”

It’s a call to arms for enterprises, which need to get better at fending off cryptojacking attacks that piggyback off of their IT investments

Wallet Stealers
Since late last year, security researchers have been following an uptick in criminal scanning for insecure crypto wallets on the Internet. 
'It is important to have a basic understanding of how crypto transactions work to protect assets. It might help to imagine your crypto wallet as a safety deposit box that exists in a room with everyone else's deposit boxes,' explains James Lerud, head of the Behavioral Research Team at Verodin. 'It is a public room where anyone can put an asset into your safety deposit box so long as they know where it is. The only way to take money out of the box is to have a key. How you store that key, or who you trust to store that key for you, is the most important decision an investor can make to safeguard the assets within the deposit box.'
The methods of wallet pick pocketing continue to get creative, but they often follow some tried-and-true cybercriminal playbooks. For example, in April, Zscaler reported a surge in a remote access Trojan (RAT) called njRAT that was used not only as a ransomware tool, but also as a Bitcoing wallet stealer. Another piece of malware called ComboJack, first identified by Palo Alto Networks researchers, stole crypto wallet addresses from owners' clipboards, as many of them copy and paste them during transactions because of the long length of the addresses.
Image Source: Adobe Stock (davidevison)

Wallet Stealers

Since late last year, security researchers have been following an uptick in criminal scanning for insecure crypto wallets on the Internet.

“It is important to have a basic understanding of how crypto transactions work to protect assets. It might help to imagine your crypto wallet as a safety deposit box that exists in a room with everyone else’s deposit boxes,” explains James Lerud, head of the Behavioral Research Team at Verodin. “It is a public room where anyone can put an asset into your safety deposit box so long as they know where it is. The only way to take money out of the box is to have a key. How you store that key, or who you trust to store that key for you, is the most important decision an investor can make to safeguard the assets within the deposit box.”

The methods of wallet pick pocketing continue to get creative, but they often follow some tried-and-true cybercriminal playbooks. For example, in April, Zscaler reported a surge in a remote access Trojan (RAT) called njRAT that was used not only as a ransomware tool, but also as a Bitcoing wallet stealer. Another piece of malware called ComboJack, first identified by Palo Alto Networks researchers, stole crypto wallet addresses from owners’ clipboards, as many of them copy and paste them during transactions because of the long length of the addresses.

Stealing Directly from Legit Miners
Attackers are also on the hunt to scam legitimate miners of cryptocurrency by seeking out vulnerabilities in the software or hardware running on mining rigs. One example of this was an attack campaign found by Bitdefender targeting EthOS, an operating system designed for Ethereum mining. The attack scanned for open SSH connections to EthOS, seeking to change default login credentials and take over these rigs and the coins stored within them.
Most recently, a report from security firm Qihoo 360 Netlab shows that hackers have managed to steal $20 million from both coin-mining equipment and individuals' wallets by scanning for exposed RPC interfaces on port 8545. This interface is for API access to Ethereum-based services; when insecurely configured, it opens up legitimate miners to complete liquidation by the bad guys.
Image Source: Adobe Stock (pickup)

Stealing Directly from Legit Miners

Attackers are also on the hunt to scam legitimate miners of cryptocurrency by seeking out vulnerabilities in the software or hardware running on mining rigs. One example of this was an attack campaign found by Bitdefender targeting EthOS, an operating system designed for Ethereum mining. The attack scanned for open SSH connections to EthOS, seeking to change default login credentials and take over these rigs and the coins stored within them.

Most recently, a report from security firm Qihoo 360 Netlab shows that hackers have managed to steal $20 million from both coin-mining equipment and individuals’ wallets by scanning for exposed RPC interfaces on port 8545. This interface is for API access to Ethereum-based services; when insecurely configured, it opens up legitimate miners to complete liquidation by the bad guys.

Malware-Laden Fake Wallet Platforms
Simply playing off of the excitement and interest in Bitcoin and other cryptocurrencies is offering cybercriminals a valuable lure for a range of malware scams. One particular favorite is convincing users to download fake wallet platforms that are actually delivering some form of malware onto their machines. For cryptocurrency owners, at best these malware deliver some kind of spyware or ransomware. At worst, they're being used to siphon off valuable crypto coins.
Image Source: Adobe Stock (Gorodenkoff)

Malware-Laden Fake Wallet Platforms

Simply playing off of the excitement and interest in Bitcoin and other cryptocurrencies is offering cybercriminals a valuable lure for a range of malware scams. One particular favorite is convincing users to download fake wallet platforms that are actually delivering some form of malware onto their machines. For cryptocurrency owners, at best these malware deliver some kind of spyware or ransomware. At worst, they’re being used to siphon off valuable crypto coins.

Phishing Scams Galore
If there's one thing that veteran security pros will tell you, it is to never discount the power of phishing. This mantra holds true in the world of cryptocurrency, where scammers are phishing investors to devastating effect. For example, attackers managed to steal $4 million from various cryptocurrency investors by leading them to a phishing website that mimicked a site that generates 'seeds,' or 81-character strings used in the creation of crypto wallets. This ensured that users were creating wallets based on malicious seeds that could be accessed at will by thieves.
Meantime, another recent phishing campaign uncovered by RiskIQ targeted Ethereum owners by directing users to a MyEtherWallet phishing page that not only sought to steal their credentials, but which also ran a script into active web sessions designed to quietly execute bank transfers just after the scammers logged into users' cryptocurrency accounts.
Image Source: Adobe Stock (Amy Walters)

Phishing Scams Galore

If there’s one thing that veteran security pros will tell you, it is to never discount the power of phishing. This mantra holds true in the world of cryptocurrency, where scammers are phishing investors to devastating effect. For example, attackers managed to steal $4 million from various cryptocurrency investors by leading them to a phishing website that mimicked a site that generates “seeds,” or 81-character strings used in the creation of crypto wallets. This ensured that users were creating wallets based on malicious seeds that could be accessed at will by thieves.

Meantime, another recent phishing campaign uncovered by RiskIQtargeted Ethereum owners by directing users to a MyEtherWallet phishing page that not only sought to steal their credentials, but which also ran a script into active web sessions designed to quietly execute bank transfers just after the scammers logged into users’ cryptocurrency accounts.

Theft During ICOs
According to a report out earlier this year, experts with Ernst & Young found that over 10% of the proceeds from initial coin offerings (ICOs) were stolen by hackers.
'The speed and size of the ICO market draw hackers' attention,' the report explains. 'Hackers are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility, and information chaos.'
The report notes that the ICO projects themselves, as well as the investors are both targets, and that the risk is usually high because project founders are focused more on attracting investors than prioritizing security.
'Hackers successfully take advantage - the more hyped and large-scale the ICO, the more attractive it is for attacks,' the report states.
Image Source: Adobe Stock (Sashkin)

Theft During ICOs

According to a report out earlier this year, experts with Ernst & Youngfound that over 10% of the proceeds from initial coin offerings (ICOs) were stolen by hackers.

“The speed and size of the ICO market draw hackers’ attention,” the report explains. “Hackers are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility, and information chaos.”

The report notes that the ICO projects themselves, as well as the investors are both targets, and that the risk is usually high because project founders are focused more on attracting investors than prioritizing security.

“Hackers successfully take advantage – the more hyped and large-scale the ICO, the more attractive it is for attacks,” the report states.

Source:- darkreading

Share:
Loading...
Loading...

About sahaskrit