SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Tue, 29th Jun 2021
FYI, this story is more than a year old

Bitcoin-inspired cyber attacks surged by nearly 200% since October 2020, according to new research.

New analysis by Barracuda Networks found phishing impersonations and business email compromise attacks designed to steal victims' bitcoin surged by 192% between October 2020 and May 2021, closely following the rising demand and increasing price of bitcoin over the last eight months.

Bitcoin themed cyber attacks have typically been used in extortion and ransomware attacks in the past, but hackers have now started to incorporate cryptocurrency into spear phishing, impersonation, and business email compromise attacks, the analysis revealed.

Barracuda's Threat Spotlight shows that this is because of rising demand, increasing price valuations and more holders of the cryptocurrency than ever before. What's more, cryptocurrency payments are decentralised and unregulated, giving cyber criminals the means to extort victims' bitcoin whilst remaining completely anonymous.

Barracuda researchers observed and intercepted multiple attack campaigns that saw hackers impersonate digital wallets and other cryptocurrency related apps with fraudulent security alerts to steal log-in credentials. In the past, attackers impersonated financial institutions targeting banking credentials, and now they are using the same tactics to steal valuable bitcoin.
Barracuda's analysis also observed that cybercriminals have included bitcoin as part of their business email compromise attacks impersonating employees within an organisation. They target and personalise these emails to get their victims to purchase bitcoin, donate them to fake charities or even pay a fake vendor invoice using crypto currency.

Additionally, Barracuda identified the most commonly used key phrases in bitcoin-inspired email attacks – typically, cybercriminals will create a sense of urgency, with the phrases ‘urgently today', ‘day runs' and ‘nearest bitcoin machine' coming out on top, followed by terms that play on victims' sentiment, such as ‘charity donation'.

“Accelerating interest and demand for bitcoin has provided cyber criminals with a payments method that is virtually untraceable, enabling a multi-billion pound economy of ransomware, cyber-extortion and impersonation attacks, primarily targeting individual investors and private companies," says Fleming Chi, CTO for Barracuda Networks.

“Thus, it's more important than ever for organisations, workers, and investors to keep their data and financial assets completely secure," he says.

"Continuing to train users and employees to recognise the latest tactics used by hackers is imperative to maintaining blanket security for any given organisation, and all businesses and potential victims are heavily encouraged to back-up their data with a third party cloud-based data backup solution to prevent data loss, reduce downtime in the event of a cyber attack, and insure themselves against surging ransomware threat levels.