January 8, 2018 By David Strom 2 min read

As the price of Ethereum and other cryptocurrencies rise, cybercriminals are beginning to create blockchain exploits to invade these digital marketplaces. Many of these threats involve stealing funds directly from mobile wallets and coin exchanges, but some can impact your overall enterprise and endpoint security.

DDoS Attacks, Mobile Wallet Theft and Blockchain Exploits

Perhaps the most devastating incidents have been distributed denial-of-service (DDoS) attacks, either on blockchain-based exchanges or other sources of cryptocurrency. The first such attack targeted the DAO joint Ethereum investment fund back in 2016, but security researchers have reported numerous other DDoS exploits since then.

Another popular blockchain exploit aims to infect mobile wallet apps and online exchanges where cryptocurrency is stored. In recent months, fraudsters have written specialized phishing lures to penetrate these systems.

But wallets aren’t the only sources of digital funds. Last year saw the rise of the initial coin offering, a funding event similar to an initial public offering (IPO), but using new cryptocurrencies that could hold value if the startup gains any traction.

While this sounds very exotic, the method of compromising one offering was fairly old school: Criminals replaced the Ethereum address on the Enigma cryptocurrency investment platform with their own address and collected $500,000 in investment funding for the startup before anyone from the company noticed the change. The replacement was a simple password attack that helped the actors gain access to the Enigma website. Although the money was eventually returned, the cryptocurrency and security communities should expect more of these attacks in 2018.

Mining Malware and Endpoint Security

Fraudsters have also been known to take over unsuspecting endpoint computers and use them to mine or create new crypto coins. Others, meanwhile, have gotten particularly creative in response to the increasing value of these cryptocurrencies. The Neptune exploit kit, for example, enables threat actors to hide their mining payloads in seemingly innocuous hiking advertisements. These tools register the attacker’s email address as the source of the mining operation before infecting the victim’s PC with malware.

Some browser-based malware scripts run in the background even after the user closes his or her browser session. This places the burden on endpoint detection tools to find these infections, which could allow fraudsters to process cycles from corporate PCs.

Mining malware often uses tools favored by other threat actors, such as the EternalBlue exploit, which was used in the WannaCry ransomware outbreak. Take Adylkuzz and CoinMiner, for example. Both use EternalBlue to infect other endpoints once they reach one PC on a network. These mining programs can be very hard to detect because they are often combined with other techniques, such as fileless methods, to hide their tracks.

Finally, NiceHash said it lost about $64 million worth of bitcoin during an attack on its systems in December. The Slovenian bitcoin trading marketplace enables customers to mine for cryptocurrencies by leveraging unused CPU cycles. Although NiceHash is a legitimate mining method, users should exercise extreme caution when using this and similar services.

The Future of Financial Cybercrime

The skyrocketing value of cryptocurrencies has ushered in a new wave of financial cybercrime. These blockchain exploits and mining schemes are growing more sophisticated and more effective every day as investors flock to buy up digital funds. Users should closely monitor their cryptocurrency wallets and implement robust endpoint security measures to protect their increasingly valuable digital funds from this burgeoning threat.

Download the Ransomware Response Guide from IBM Incident Response services

More from Fraud Protection

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today