The rising price of bitcoin is fuelling a rise in cryptocurrency-related cyber-attacks across Asia-Pacific and the world, according to a new study by Barracuda.
Barracuda researchers analysed phishing impersonations and business email compromise (BEC) attacks sent between October 2020 and May 2021, finding that the volume of cryptocurrency-related attacks closely follows the growing price of bitcoin. The study revealed that as the price of bitcoin increased by almost 400 per cent between October 2020 and April 2021, so too did impersonation attacks, which grew by an enormous 192 per cent over the same period.
Bitcoin is the world’s largest cryptocurrency by market capitalisation. Until recently you couldn’t use cryptocurrency in the real world to pay for day-to-day goods. However, as companies started to announce that they will accept payments in bitcoin, it generated more interest in cryptocurrency and started to drive its value up, which according to Barracuda, has seen cybercriminals adopting more sophisticated tactics in order to maximise their profits by cashing in on bitcoin-mania.
Still largely unregulated and difficult to trace, cryptocurrency has traditionally been used in extortion and ransomware attacks, however, Barracuda’s study reveals that hackers have now started to incorporate cryptocurrency into spear phishing, impersonation, and BEC attacks, seeing hackers impersonating digital wallets and other cryptocurrency-related apps with fraudulent security alerts to steal bitcoin log-in credentials, and targeting employees within organisations with personalised emails aiming to trick them into purchasing bitcoins, donating them to fake charities, or even paying fake vendors.
According to Barracuda, this trend is fueling a multibillion economy which not only targets private businesses, but also critical infrastructure, with successful high profile attacks on Colonial Pipeline and JBS where both organisations paid out ransoms, being just the tip of the iceberg, as even the most unsophisticated hackers seek to cash-in on bitcoin.
“You don’t need to be a technical genius to launch a ransomware attack. Ransomware-as-a-service — where you can hire a group to carry out an attack for you — is flourishing on the dark web, making ransomware more accessible to criminals, and driving an increasing number of attacks, said Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific.
According to Barracuda, as the volume of ransomware attacks continues to increase year on year, so have the ransom amounts hackers are asking for. The study found that 2019 ransom demands ranged from a few thousand dollars to US$2 million at the top end. By mid-2021 most demands were in the millions, with a significant number over US$20 million.
“While high-profile, higher value attacks will likely bring greater interest in the regulation of bitcoin, making it harder for cybercriminals to hide, this is still a way off, making it crucial for businesses across Asia-Pacific, to do what they can to stay protected,” he said.
Barracuda advises organisations to avoid paying ransoms and instead work with law enforcement agencies to find resolutions to attacks.
“Staying on top of the latest trends in email attacks and providing employees with security awareness training to identify and avoid attacks, should be high on your priority list when it comes to protecting against these kinds of attacks. While making sure you have watertight security solutions in place that provide bot mitigation, DDoS protection, API security, and credential stuffing to secure web applications against ransomware, while backing-up data to minimize downtime, data loss, and get your systems restored quickly following an attack, will give you much needed peace of mind in light of this rising threat,” he added.