The anonymity, popularity and growing market capitalisation of cryptocurrencies are too tempting to resist for cyber criminals, recent Kaspersky findings revealed.
The increasing popularity of cryptocurrencies, as well as their growing acceptance and market capitalisation, has made online currencies ripe targets for financial hackers, with crypto hacks tipped to be on the horizon for 2022. These were the findings of Dmitry Bestuzhev, Santiago Pontiroli, Fabio Assolini and Seongsu Park in Kaspersky’s Securelist this week.
According to the findings, many hacking groups and cyber criminals who traditionally target banks and larger financial institutions have turned their attention to the growing cryptocurrency industry.
“After the Bangladesh bank heist, the BlueNoroff group is still aggressively attacking the cryptocurrency business, and we anticipate this activity will continue,” the group wrote.
These attacks do not just focus on the creators of the currency, rather the entire cryptocurrency supply chain.
“While some people consider it risky to invest in cryptocurrencies, those who do realise that their wallet is the weakest link. While most infostealers can easily steal a locally stored wallet, a cloud-based one is also susceptible to attacks with the risk of losing funds. Then there are hardware-based cryptocurrencies wallets,” the group observe.
It appears though that nothing will be off limits for threat actors to gain access into users’ wallets. The group expect that malicious actors will not only undertake standard spear-phishing campaigns but will go as far as to distribute compromised devices to gain a backdoor.
“In the scramble for cryptocurrency investment opportunities, we believe that cyber criminals will take advantage of fabricating and selling rogue devices with backdoors, followed by social engineering campaigns and other methods to steal victims’ financial assets,” the report noted.
According to the findings, the COVID-19 pandemic and the ongoing digitisation of the economy has seemingly given threat actors more exploitable loopholes in the online environment. As well as cryptocurrencies and DeFi, the growing use of fintech apps has enabled cyber criminals to gain access to yet further financial data.
“Thanks to online payment systems and fintech applications, lots of important personal information is stored on mobile. Many cyber crime groups will continue to attack personal mobile phones with evolved strategies such as deep fake technology and advanced malware to steal victims’ data,” the group argue.
While these are expected to increase in 2022, threat actors have long targeted cryptocurrencies.
Recently, Nick Lowe from CrowdStrike explained why organisations need to be on guard against mounting threats in the crypto space including the growth of cryptojacking.
“Cryptojacking describes the practice of deploying cryptocurrency coin mining software or leveraging malicious code embedded within web pages to hijack a victim’s computing resources for financial gain,” Lowe argued.
“Cryptojacking tools can be easy to deploy – in many cases, the tools can be installed with just standard user-level accounts, meaning adversaries do not require administrative credentials to deploy their tooling. With hands-on cryptojacking on the rise, organisations need to recalibrate their understanding of the risks posed by financially motivated adversaries.”
Cryptocurrency hacks have increased roughly 40 per cent annually over recent years.