As the price of bitcoin surged in the recent months, so too have the volume and sophistication of cyberattacks relating to the popular cryptocurrency. This is according to new research by Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, which found that impersonation attacks relating to cryptocurrencies grew 192% between October 2020 and April 2021 – aligning with the near 400% increase in the value of bitcoin over the same period. The report found that attackers are now expanding their range of cryptocurrency attacks from extortion and ransomware, to now incorporating digital currencies into spear phishing, impersonation, and business email compromise (BEC) attacks.
“Cryptocurrency seems to be a perfect currency for criminal activity it’s unregulated, difficult to trace, and increasing in value. For these reasons, it has fuelled and enabled a multibillion economy of ransomware, cyber-extortion, and impersonation,” said Fleming Shi, CTO at Barracuda. “The increased digitalisation of businesses since the onset of the pandemic has resulted in more data being created and stored in collaboration apps, and more information being exposed. This has created more targets and potential value for criminals. Combined with the increased price of bitcoin, these factors have presented strong motivation for cybercriminals to come up with more sophisticated schemes to cash in on bitcoin-mania.”
Cybercriminals have also included bitcoin as part of their business email compromise (BEC) attacks, impersonating employees within an organisation. They target and personalise these emails to get their victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency. Barracuda’s Artificial Intelligence (AI) based natural language processing of these BEC emails revealed the key phrases and calls to action that hackers are using to incite their victims. Most commonly, cybercriminals create a sense of urgency by using phrases like “urgent today” or before the “day runs” out. Their call to action is typically for their victim to go to the “nearest bitcoin machine.” They also play on their victims’ sentiments to request that a payment be made as a “charity donation,” making their victims believe they are doing a good thing.
As an unregulated and difficult to trace digital asset, cryptocurrency has long been the preferred payment method for ransomware demands. Now, as the value of cryptocurrencies has surged, the ransom amounts hackers are asking for have been going up as well. In 2019 ransom demands ranged from a few thousand dollars to $2 million at the top end. By mid-2021 most demands were in the millions, with a significant number over $20 million. “Cybercriminals might still be requesting the same amount of bitcoin, but with the price of cryptocurrency going up it costs more for organisations to pay out,” said El Inati.
Offering advice to businesses that have fallen victim to ransomware, Shi said, “When faced with ransomware attack, a lot of organisations and consumers don’t know what to do other than to pay the ransom. This feeds the appetites of cybercriminals, encouraging them to attack more and ask for even bigger ransoms. If it can be avoided, don’t pay up, and work with government agencies to get a resolution.”
“As bitcoin and other cryptocurrencies become more mainstream, their value will continue to grow. But so will government intervention and regulations. It’s a rapidly evolving threat landscape and organisations and individuals must remain vigilant as cybercriminals will continue to demonstrate their ingenuity in formulating new and convincing ways to exploit the hype and ambiguity that surrounds cryptocurrencies,” Shi concluded.