These three hacking techniques can grab crypto from your W
Hackers demand payment in cryptoparticipate in scams that lead to crypto theft directly, or target crypto trading companies.
What can individuals and businesses do to protect crypto assets?
Here, we’ll go over some of the most prominent crypto-targeting cyber attack techniques that every user and business should know about in 2023 and what you can do about it.
Crypto scams to watch out for
As a person with funds in crypto, you are likely to encounter attempts at fraudulent investment schemes, giveaways, phishing attacks and more.
At the heart of most investment scams is the promise of an incredible financial gain if you send the person a certain amount of crypto.
While most phishing attempts happen via email, there are also cases of SMS phishing. For example, the recent data breach that occurred at the crypto trader Coinbase’s premises started with SMS phishing.
An employee received an SMS prompting them to click on a link and log in with their credentials. With that action, cybercriminals got all the data they needed to gain illegal access to the company’s systems.
Solution: Work on your personal cybersecurity hygiene
People who want to avoid fraud and subsequent crypto theft should:
● Avoid crypto handouts
● Update passwords regularly
● Avoid linking traditional bank and crypto accounts
● Know the signs of a scam report — time pressure and big promises that sound too good to be true often are just that
● Avoid clicking on links that lead to the login page
● Never provide your key – even if the request appears to be from the legitimate retailer
Extortion and ransom in the name of crypto
Since the majority of cybercrime is financially motivated, it is common for criminals to demand crypto (which is harder to trace) during ransom and extortion attempts.
For example, it recently emerged that an Australian citizen attempted to extort an unnamed emergency service for $5 million in crypto by threatening to start a forest fire. The service did not meet his requirementsand the man was charged as a result.
Ransomware cases (where cybercriminals lock documents and demand a ransom in crypto in exchange for access to files) are on the rise – putting affected users and businesses in a difficult situation.
Many companies have paid ransoms to regain access to important files.
Solution: Do not commit to the hacker’s demands
We understand that this is easier said than done – especially when you’re locked out of your entire infrastructure or can’t access sensitive files due to ransomware.
While in many countries it is not illegal to pay up to hackers demanding ransom, this decision may:
● Strike back when the public finds out you’ve paid the ransom – and thus affect your reputation
● Provide criminal funds for further activity – they may do the same to someone else or threaten you again
● Go wrong as there is no guarantee that the hacker will give you access to your system
Zero-day threats after crypto companies
Now we are in the territory of more sophisticated hacking attempts. In cybersecurity, this can refer to zero-day vulnerabilities or bugs in the system that IT teams have not yet discovered.
A company with unpatched critical bugs is open to possible hacking.
For example, a trojan called Parallax RAT has been discovered recently. The main target is cryptocurrency companies.
As with all other Trojan malware, this one hides in various documents to sneak the “gift horse” to targeted devices. This malicious software (AKA malware) can record keystrokes and take screenshots.
This means it can remember the password and username that a victim enters, as well as the key used for the account.
Solution: Robust security for crypto businesses
Users don’t have much power when it comes to fighting such advanced attacks. Crypto trading companies are responsible for securing assets as well as protecting their customers.
What can you do?
Be careful when choosing a crypto company. Check if they are reputable and if they have already experienced major cyber security incidents in the past. Pay attention to how they resolved the issue and communicated with the public about the data breach.
Advanced black hat (illegal) hackers and hacker groups usually go after companies that already have strong security, multiple solutions and teams to manage it. But can they handle more sophisticated techniques like the Parallax RAT?
How can companies prepare? Start with:
● Set up layered security
● Testing existing security solutions
● Strengthening security daily
A data breach that compromises crypto wallets can be prevented if the company has multiple security points and protocols that cover the entire attack surface (every piece of software and device that can be attacked).
In addition to setting up a strong defense strategy, it is important to continuously improve it tools such as automated breach and attack simulation which tests the security an organization has in real time.
It then updates the findings on the dashboard – guiding teams to uncover and patch critical weaknesses.
This AI-based testing solution is also interconnected with the MITER ATT&CK Framework – the knowledge base that showcases the latest hacking tactics and techniques while offering solutions on how to solve the problem.
Last two crypto cents
Today, cryptocurrency companies are up against more harmful and dangerous threats than ever before – from new versions of viruses that can enter the system undetected to persistent phishing attacks.
However, the method hackers rely on the most is social engineering. Phishing is also the technique with which individual users can do the most.
On a personal level, learning to recognize scam emails, avoid links designed to collect sensitive data, and choosing a reliable crypto device can save you a lot of money in the long run.