Here’s how cybercriminals are using cryptocurrency as a scamming tool

How well does the cryptocurrency industry stand up to the cybersecurity standards?
Every industry and organisation have different cybersecurity needs; however, both need to respect and protect customer data at every cost – this is a fundamental principle to follow. We work closely with cryptocurrency organisations to double down on their security strategies, solutions and action. A holistic cybersecurity infrastructure can help in this matter.

How are cybercriminals using cryptocurrency as a scamming tool? What weak links do you identify on these blockchain-based platforms?
Imposter websites, scamming emails, fake social media updates and messages, and malicious mobile apps are four common ways cybercriminals use to scam people in the name of cryptocurrency.

It’s very easy to fall prey to imposter websites, given that they are set up to replicate the original site with little to no difference. If there isn’t a small lock icon indicating security near the URL bar and no ‘https’ in the site address, think twice before visiting the site. You may also find yourself suddenly directed to another platform for payment, although you clicked on a link that looks legitimate.

Sometimes people also receive an email from what looks like a legitimate cryptocurrency company. Is the email address and logo of the company you are aware of? Double check these minor details before you click on the link and invest. Similarly, impersonating bots are rampant even on social media. If someone asks for even a small amount of your cryptocurrency on social media, it’s likely you might never get it back. Just because others are replying to the offer, don’t assume it is legitimate. For example, discord cryptocurrency communities received private messages from trading platforms supposedly giving away cryptocurrency.

Potential victims received a link to register on the website of a cryptocurrency exchange, which was fake, but looked real. To get the free coins, they had to make a deposit and verify their account. To add to this, cybercriminals are also using fake news sites to lend credibility to their Bitcoin and Ethereum offers. Lastly, fake apps available for download through Google Play and the Apple App Store are also used as tools for scamming. While the risk is greater for Android users, every investor should be aware of the possibility. Look for odd things like misspellings in the content or the name of the app, the colours, branding and logo.

If they do not look authentic then take note and reconsider downloading the app.

Recently, your company uncovered a series of attacks by APT actor BlueNoroff against SMEs worldwide. Tell us about this.
BlueNoroff is part of the larger Lazarus group and has switched to attacking cryptocurrency startups by pretending to be a venture capital company. As most of cryptocurrency businesses are small or medium-sized startups, they can’t invest lots of money into their internal security system.

Plus, startups often receive letters or files from unfamiliar sources. The actor understands this point and has been taking advantage of employees working at targetted companies by sending them a full-featured Windows backdoor with surveillance functions under the guise of a ‘contract’ or another business file.

We uncovered over 15 venture businesses, whose brand name and employee names were abused during the SnatchCrypto campaign. If the document was opened offline, the file would not represent anything dangerous – most likely, it would look like a copy of some kind of contract or another harmless document. But if the computer is connected to the Internet at the time of opening the file, another macro-enabled document is fetched to the victim’s device, deploying malware.

Then the actor tracks victims for weeks and months: they collect keystrokes and monitor the daily operations of the user, while planning a strategy for financial theft. Having found a prominent target that uses a popular browser extension to manage crypto wallets, they replace the main component of the extension with a fake version.

What security measures should crypto exchanges take to prevent or detect attacks?
Cybercriminals are interested in crypto exchanges because these are mostly centralised applications. Typical threats for such applications include backdoors, embedded at the development stage, web vulnerabilities and phishing.

We recommend crypto exchanges to do the following:

• Provide their staff with basic cybersecurity hygiene training, as many targetted attacks start with phishing or other social engineering techniques.
• Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
• Install anti-advanced persistent threat and endpoint detection and response solutions, enabling threat discovery and detection, investigation and timely remediation of incidents capabilities. Provide the security operations centre team with access to the latest threat intelligence and regularly upskill them with professional training.
• Along with proper endpoint protection, dedicated cybersecurity services can help against high-profile attacks.

Taken from GB Invest February 2022 edition