As the price of bitcoin rises amid the growing public interest in cryptocurrency, cybercriminals are taking advantage of the opportunities this creates for them to trick potential victims and increase the profits they can make from their attacks. Researchers of Barracuda, a trusted partner and leading provider of cloud-enabled security solutions recently analysed phishing impersonations and business email compromise attacks sent between October 2020 and May 2021 and identified that the growing price of bitcoin has led to an increase in the volume of cryptocurrency-related attacks.
Until very recently, cryptocurrency was not used to pay for day-to-day goods in the real world. However, as some companies started to announce that they will accept payments in bitcoin, it generated more interest in cryptocurrency and started to drive its value up. Fueled by the chaos around bitcoin, its price increased by almost 400 per cent between October 2020 and April 2021. Cyberattacks quickly followed with impersonation attacks, which led to its growth by 192 per cent.
Speaking on the new threat vector, Murali Urs, Country Manager, Barracuda Networks-India said, “The digital format of cryptocurrencies make them decentralised in nature and without any regulations, they have become the currency of choice for cybercriminals. It fueled and enabled a multibillion economy of ransomware, cyber-extortion, and impersonation. These attacks are targeting not just private businesses, but also critical infrastructure, so they increasingly pose a national security risk. The recent high-profile attacks on organisations like Colonial Pipeline and JBS in the US are likely to bring greater interest in Government’s intervention and regulation of bitcoin.”
Hackers use bitcoin to get paid in extortion attacks where they claim to have a compromising video or information that will be released to the public if the victim does not pay to keep it quiet. While this scheme has been around for some time, as the price of bitcoin climbed, cybercriminals started including it as part of their business email compromise attacks impersonating employees within an organisation. They target and personalise these emails to get their victims to purchase bitcoin, donate them to fake charities, or even pay a fake vendor invoice using cryptocurrency. Barracuda has been leveraging its AI natural language processing capabilities to analyse the language used in cryptocurrency-related BEC attacks and determine key phrases and calls to action that hackers used to incite their victims. Attackers are creating a sense of urgency by using phrases like “urgent today” or before the “day runs” out. Their call to action is typically for their victim to go to the “nearest bitcoin machine.” They also play on their victims’ sentiments to request that a payment be made as a “charity donation,” making their victims believe they are doing a good thing.