Home / Cyber / Cyber threats of Cryptocurrency and Cryware

Cyber threats of Cryptocurrency and Cryware

Bitcoin is a digital currency that allows for the transfer of payment between two parties, without the help of a bank—and without government oversight. On average, more than 250,000 bitcoin transactions occur every day, and with a market capitalization in excess of $66 billion, bitcoin has become the largest cryptocurrency in the world. The proliferation of cryptocurrencies (CCs) and the popularity of these assets among investors have led us to question their nature, function, valuation, and potential development.

 

Unlike any currency that has preceded it, bitcoin has no physical form, cannot be touched, is not issued by any central bank or sovereign nation, and relies completely on a decentralized network of computers to process its transactions. Bitcoin’s appeal lies in how payments are processed (via the Bitcoin network), as transactions are recorded anonymously and securely in a public ledger, commonly known as the blockchain.

 

The rise and proliferation of cryptocurrency have also provided attackers with a new method of financial extraction.

 

Phishing is a technique hackers use to impersonate a credible firm, such as a crypto trading platform, to email subscribers and persuade them to do some action. It might be as simple as clicking on a malicious website or having them send their login credentials to you. Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds. Hackers use phishing scams to get crypto users to hand over their digital assets.

 

Further incentivizing the cybercriminal scheme are phishing-as-a-service (PHaaS) operators like BulletProofLink that offer phishing templates, spamming services, bulletproof hosting services, and credential collection services, among others. The kits, which are continually updated and expanded, are designed to mimic different brands such as blockchain[.]com as well as other NFT and other cryptocurrency wallet service providers.

 

“As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies,” Proofpoint said in a new report.

 

The crypto sector may have lost as much as $3 billion in hacks worldwide this year – but some are concerned it comes at the cost of privacy.

 

Malware

Crypto-malware, in essence, is a type of malware that allows unauthorized users to mine cryptocurrencies on another person’s computer or server. To infect someone’s computer, hackers will utilize one of two methods:

Victims are duped into installing malicious code on their PCs using phishing-like tactics. Malicious code is injected into websites or advertisements by cybercriminals. When victims engage with them, the code is activated, allowing hackers to gain access.

 

Earlier Kaspersky disclosed a financially-motivated campaign staged by the North Korea-based Lazarus Group, which involved targeting crypto companies with malware designed to drain funds out of hot wallets. Indeed, in 2021, they stole about $3.2 billion worth of cryptocurrency, which was a 516% increase compared to 2020, reports blockchain analytics firm Chainalysis.

 

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat “cryware,” with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet.

 

Cryware encompasses the following threats

Cryptojackers that surreptitiously consume a target’s device resources to mine cryptocurrency

Ransomware campaigns that make use of cryptocurrency as a ransom payment to avoid detection
Information stealers (e.g., Mars Stealer, RedLine Stealer, Arkei, and Raccoon) that are being increasingly upgraded to siphon hot wallet data alongside other valuable information stored in the system.

 

Users access their digital assets via a “private key,” which is effectively a complicated password code. Many people will keep their private keys on their computers, but this is dangerous. If hackers obtain access to your computer, they’ll be able to log in to your digital account using that private key. “To find hot wallet data such as private keys, seed phrases, and wallet addresses, attackers could use regular expressions – regexes – given how these typically follow a pattern of words or characters,” they write. “These patterns are then implemented in cryware, thus automating the process.”

 

ClipBankers (aka clippers) that steal cryptocurrency during transactions by monitoring the clipboard and replacing the original wallet address with the attacker’s address. Alternatively, cybercriminals have also been observed to leverage techniques like memory dumping to display the private keys in plaintext, keylogging to capture keystrokes entered by a victim, or designing lookalike wallet websites to trick users into entering their private keys.

 

“Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets,” Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report. “Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.”

 

Because cryptocurrency is still in its infancy, new trading platforms are springing up to acquire the trust of those considering investing in it. However, not all these sites are trustworthy.

 

Cryptocurrencies are decentralized, which means that no single agency, organization, or governing body is in charge of their production, management, or movement.

 

EU Lawmakers Vote for Stronger Cyber Protection for Crypto, Other Finance

European Union lawmakers showed support for strict cybersecurity rules on crypto providers and other financial firms in a 556-18 vote in Nov 2022. The European Commission proposed the bill in 2020 given fears that banks were outsourcing data to the same handful of major, unsupervised cloud computing companies – but the impact it will have on a crypto sector that is plagued by cyberattacks and other exploits remains disputed.

The Digital Operational Resilience Act (Dora) is “a cornerstone of our work on digital finance in the European Union, making sure that we support innovation and do it in a safe way,” European Commissioner Mairead McGuinness said in a Wednesday night debate on the law. “Protecting the financial system from cyber attacks and cyber fraud is vital.”

Financial institutions will have to monitor and report major cyber incidents and test defenses, and the big tech firms offering them services must submit to supervisory oversight, McGuinness said.
The vote formalizes a deal struck between the European Parliament and EU member governments in May. As well as banks and payment firms, it applies to crypto companies such as wallet providers who are set to be regulated under the bloc’s Markets in Crypto Assets Regulation (MiCA) and indeed the two laws were originally proposed as a package.
“After the vote on the cryptocurrency legal act and blockchain, this is one more step towards Europe’s digital sovereignty,” said centrist French lawmaker Stéphanie Yon-Courtin. “This will protect European investors on the one hand, but it will also prepare financial enterprises against cyber attacks on the other.

 

 

 

References and Resources also include:

https://thehackernews.com/2022/06/researchers-detail-how-cyber-criminals.html

https://thehackernews.com/2022/05/microsoft-warns-of-cryware-info.html

 

 

About Rajesh Uppal

Check Also

Indian Army Takes a Leap Forward with Secure Mobile Ecosystem: SAMBHAV

The Indian Army has introduced SAMBHAV (Secure Army Mobile Bharat Version), an end-to-end secure mobile …

error: Content is protected !!