Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

All the Ways Cybercriminals Are Exploiting the Cryptocurrency Boom

If something involves big money, widespread adoption and insatiable curiosity - aka, if it's become fodder at the dinner table - you can bet organized cybercriminals are never far off. Their latest darling, cryptocurrency, fits those specifications, and they are attempting to get their hands on as much of it as they can, any way they can, without reaching into their own pockets to pay for any.

Malicious hackers have long sought digital coins in their attacks because they are anonymous and often untraceable. But these currencies are currently riding a wave of mass public appeal, especially since Bitcoin soared in value by more than 1,300 percent in 2017 (the price has since receded from those highs), attracting enormous numbers of new investors. In response, cybercrooks have been fine-tuning their exploits and machinations to commit more crypto-related crimes.

What exactly are they doing? We ripped a few examples from the headlines, so your business can work to stay ahead of those trying to cash in on the crypto craze.

1) Malicious Cryptomining 

Two primary ways exist to acquire digital currency: by buying it or by mining it. Cybercriminals, of course, prefer the latter option. Mining, however, is complex and requires computational power, which can be best be achieved by leveraging browser and machine CPUs to harvest cryptocurrencies, such as Bitcoin and Monero.

Cybercriminals can abuse mining with the help of advanced techniques and vulnerabilities that enable them to insert malicious, difficult-to-detect mining malware onto unwitting users' PCs, mobile devices and Internet of Things devices, or directly into compromised web pages. This racket, according to one study, is impacting roughly a quarter of businesses, amassing massive botnets and netting millions in profits for some organized crime groups, rivaling the success of ransomware.

Cryptomining can also be done under the guise of legitimacy, when website owners deploy mining software, such as Coinhive, as an alternative to advertisements (which users may already have blocked). However, rarely do websites request consent or offer the choice to opt-out of crypto-mining programs. (When cryptomining is done without this authorization, it is commonly known as "cryptojacking)."

While crypto-mining malware must be installed, scripts like Coinhive just need to be added to the website code. However, mining scripts have a notable drawback. They run only if the browser is open and stays on that affected website. As soon as the user closes the browser or navigates away from that site, the script will not run anymore. That's why these scripts work the best in sites where users usually spend a long time, such as pirate streaming sites.

To defend against malicious cryptomining, your business should follow the typical best practices - which we expound upon at the end of this post - for preventing, detecting and responding to threats. More specifically, you should consider ad blockers and browser extensions that specifically block crypto-mining scripts. The Trustwave Secure Web Gateway also contains detection logic to block miners.

2) Breaches

And then there is the holy grail for a malicious hacker: compromising the source that houses all of the money. Up until now, that meant going after the banks themselves, but in the age of crypto, it means attackers setting their sights on digital wallet providers,  crypto-mining marketplaces and cryptocurrency exchanges to steal breathtaking sums.

These operations make sense, especially the ones targeting the exchanges, which are online sites that allow you to trade between various cryptocurrencies or fiat money. Instead of going after individual users, cybercriminals are going after where users store their funds, allowing miscreants access to the whole shebang.

Experts have generally assigned blame for these incidents on vulnerable web servers and a general rush to make these platforms capable of trading coins quickly, before all security risks have been considered and resolved.

In addition, because of their popularity and reliance on uptime, these services have become a prolific target for DDoS attacks.

Users, meanwhile, must ensure they protect their own wallets. One type of malware making the rounds attempts to siphon cryptocurrency during transactions by using a novel method of theft. It arrives via a phony email related to a lost passport and attempts to install malware that alters and steals the content of a user's Windows Clipboard, in an attempt to trick victims into sending funds to the attacker's digital wallet. We'll discuss phishing threats in more detail below.

3) SEO Poisoning

The tactic of "poisoning" search results, also known as black-hat search engine (SEO) optimization, was particularly in vogue to start the decade, with some researchers hailing it as "the new spam." While companies like Google improved capabilities to index clean results and filter out the duplicitous, this cybercriminal method, which involves using SEO tactics to force malicious sites to appear as trustworthy links at or near the top of search results, is still a prominent way to trick well-intentioned web surfers into downloading malware - or in the recent case of users of a popular bitcoin wallet service, divulge their credentials by mistakenly clicking on a data-stealing website.

4) Phishing

Of course, attacks that capitalize on the notoriety of cryptocurrencies is another effective way to acquire the proverbial keys to the crypto castles or commit some other malevolent activity. These crypto-themed phishing schemes often work by jacking the name of a well-known and trusted company involved in the space to dupe users into taking some action. Just last week, a rumored hack against a major crypto exchange turned out to be a wide-scale phishing campaign against its users. And in another recent scenario, Bitcoin traders were targeted in sophisticated spear-phishing ploys. 

5) Malvertisements

Malicious advertisements are another lucrative way to infect users' computers. Saboteurs typically spread malicious ads across the advertising ecosystem by professing to be a legitimate advertiser - and then later sneaking malicious code into the ads and past the security filters of the ad network without anyone noticing before they are published on reputable websites. Related to cryptocurrencies, security researchers have uncovered scams directing users via drive-by attacks to exploit kits that install crypto-miners. In another instance, cryptocurrency-themed websites were used in a criminal campaign.

6) Mobile Applications

Cybercriminals are also invading the mobile world to capitalize on crypto mania. Their pernicious activities range from seeding apps with crypto-mining code to creating bogus wallet apps that live in the Google Play Store. Meanwhile, according to one study, most legitimate cryptocurrency applications contain vulnerabilities, which could allow thieves to intercept data or impact privacy.

How Should You Address These Threats? 

As documented above, the crypto boom has genuine business implications, but the way you should address it is not much different than how you handle any threat. Here are a few suggestions:

Assess Your Risk: The foundation of your security, risk assessments help identify key IT security deficiencies that put your business at risk and translate your assessed IT risks into business saving decisions.

Test for and Patch Vulnerabilities: A combination of vulnerability scanning and deep-dive penetration testing - including of mobile devices - combined with diligent patching helps reveal and fix your company's flaws and alerts you to the consequences of exploitation.

Hunt for and Detect Threats: While protection-focused technologies such as anti-malware, email security and intrusion prevention are an important part of a defense-in-depth approach, industries are struggling to detect highly sophisticated and targeted threats, and when they do, it's often months or even years after a cybersecurity incident before they finally flag that something is wrong. You should leverage behavioral analytics and proprietary threat intelligence to proactively identify threats and unauthorized access, and isolate malicious behavior.

Build Security Awareness - or Better Yet, Security Culture: Training can never be 100 percent effective, but there is real value associated with preparing employees to recognize things like dodgy emails and the importance of choosing complex passwords. Want to take awareness to the next level? Instill security into the fabric of your organization, and it will become ingrained into everything you do.

Respond to Incidents: If your organization does fall victim to an attack, you must have an incident response team available (either in-house or via a partner) who can address the issue by determining the scope of what happened, containing and eradicating the infection, and helping to recover.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

7188_c761893b-5fac-4fda-9cb8-8e56c922384b 

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More