The rise of cryptocurrencies is creating more opportunities for cybercriminals to steal, according to Cisco Systems.
......We hope you appreciate our content. Subscribe Today to continue reading this story, and all of our stories.
Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods that are increasingly used, Cisco representatives told a attendees Wednesday at the Black Hat conference in Las Vegas.
Cybercriminals had been using cryptocurrencies as their preferred form of payment for ransomware attacks, cyber intrusions that prevent or limit a user from accessing their systems or data until a ransom is paid.
But as companies boost their defenses against ransomware and as more individuals venture into the cryptocurrency space, criminals are trying new avenues to crypto riches, said Cisco’s Artisom Holub, senior security research analyst, and Austin McBride, threat analytics researcher at Cisco.
Criminals are effectively using Google Ads to trick individuals into accessing their phishing sites, which look nearly identical to popular crypto exchanges such as Binance.com or Blockchain.info but have a slightly difference address, Holub and McBride told an audience of several dozen at the Mandalay Bay Convention Center.
The criminals are then able to capture login details for the real sites and steal cryptocurrencies.
Individuals and small companies accepting cryptocurrencies are most at risk, they said. Small companies, such as startups, often do not have the money for strong cybersecurity protection.
Cybercriminals often use both crypto phishing or cryptojacking, McBride said, and attacks will increase as the popularity of cryptocurrencies expands.
“It ebbs and flows, if the (cryptocurrency) market is down, phishing is going to go up. They will grow together but at different rates,” he said.
Criminals are also seeking out lesser known cryptocurrencies, known as alt coins, for malicious activity such as pump and dump, Holub and McBride said.
In a pump and dump, cryptocriminals drive up the price of an alt coin by hundreds or thousands of percentage points and then exchange it for a more popular cryptocurrency, like bitcoin, before it collapses.
Cisco is one of about 300 cybersecurity firms exhibiting at Black Hat. The annual conference attracts more than 17,000 cybersecurity professionals to Las Vegas for six days of training and briefings on the latest threats and products to counter them. Black Hat runs through Thursday.