Phishing Attacks on Bitcoin Wallets Surge as Bitcoin Price Skyrockets
During the past 24 hours, bitcoin price exceeded the $900 mark for the first time during the past 3 years. The reason behind this recent price surge is not completely clear, especially that the value of bitcoin has increased by more than 100% in less than 6 months.
Whenever the price of bitcoin surges, cybercriminals’ interest in cryptocurrencies in general rises too.
How the Bitcoin Price Surge Affected Cybercriminals?
The most commonly encountered cybercriminal activity related to bitcoin is more or less related to ransomware. Ransomware are malicious pieces of code, mostly in the form of trojans, that denies the victim’s access to his/her files by encrypting them and then a ransom in bitcoin is requested by the attacker in order to decrypt the files on the victim’s machine back again.
In 2015-2016, tens of thousands of ransomware attacks were recorded. Three main families of ransomware were mostly incriminated; Bitcryptor, CTB-Locker and Coinvault. A year or so ago, most ransomware authors set the ransom to 2 bitcoins, which was equal to around $900. Today, 2 Bitcoins equal more than $1800, which is relatively high, so most authors of ransomware tojans have reduced the ransom to 1 bitcoin, as can be clearly seen on Darknet’s ransomware markets.
Success of ransomware attacks are highly related to the modes of delivery of the carrier trojans rather than periods of bitcoin popularity. After all, ransomware trojans represent the malicious business model of a cybercriminal. Last November, there was a surge in infections with “Locky” ransomware, mainly because it was delivered via phishing. On the other hand, last June exhibited the least cases of ransomware infections in 2016, mainly when the “Angle Exploit Kit” lost its effectiveness.
The Bitcoin Price Surge and Wallet Phishing Attacks:
Whenever the price of bitcoin surges, the malacious wallet phishing activities prosper too. A Hacker will set a website that resembles a given 3rd party online wallet, such as Blockchain.info, with a domain name that is deceivingly similar to the wallet’s real original domain name. The hacker will implant a keylogger to phish the login credentials of a victim that gets deceived by the fake website and enters his/her login credentials.
Recently, members of OpenDNS’s Cisco team trailed a number of operators of bitcoin wallet phishing sites and linked them to other phishing domain names that are used to phish login credentials for other services such as Google, Apple, Amazon, Dropbox and others.
This image includes a group of phishing domains that are registered to connor123fox[at]writeme.com as published by Cisco’s OpenDNS investigation team:
In most cases, cybercriminals target Blockchain.info as it is the world’s biggest online wallet. Many have been using Blockchain.info’s wallet for years now, especially that the site doesn’t store the private keys of the bitcoins you own.
According to a report published on Cisco’s OpenDNS blog, the following represents the phishing domains that were created during the past 6 weeks (each shown with its day of registration), which corresponds to the period marked by bitcoin price surge:
BEWARE OF ANY OF THOSE PHISHING DOMAINS:
The algorithm used by Cisco’s OpenDNS team is helping in detection of such phishing campaigns shortly after they are live and in some instances, before even the domains are registered, which would help prevent occurrence of successful phishing attacks. Such algorithms are formulated via deep understanding of previous incidences of successful phishing attacks. The team’s algorithm is based on the popularity of the keywords related to bitcoin on search engines, during periods of bitcoin price surge, as stated by the blog post. The rise in online bitcoin wallets’ phishing attempts are also related to the rate of ransomware infections in a way or another.
According to a report published by Cisco’s OpenDNS team, phishing attacks on online bitcoin wallets have surged in response to the rise in bitcoin price during the past 6-8 weeks. 2 months ago, a man in Connicticut was arrested for phishing Darknet login credentials on some websites and stealing bitcoins, and it seems we will see more of such cases soon. There are also many other phishing scams on Clearnet sites. Bitcoin Success of ransomware infections are more related to the mode of delivery rather than the price of bitcoin.