These days, consumers and businesses are both becoming increasingly comfortable with transacting digitally; with a click of a button. This digital world is successful for regular users and cyber criminals alike.
Advancements in FinTech have led to the development of cryptocurrencies, which have been taking the world by storm. They decentralised transactions and make investment opportunities accessible to everyone. By 2021, 3.4% of Australians held some form of this currency. However, the anonymity cryptocurrency offers has been attracting cyber criminals like nothing else. They can now evade taxes, launder money, extort money and move it across borders, all without having their wallet address traced back to them. The ability to have multiple, unlinked crypto wallets on different platforms further facilitates cyber criminals in transferring money and accessing it through different channels.
This combination of advanced technology and anonymous transactions affects businesses and individuals alike on a daily basis. This article discusses how cybercriminals use cryptocurrency in their crimes against businesses. Here are a few popular tactics:
- Ransomware: Demanding Crypto Payments as Ransom
Ransomware is a form of malware that cybercriminals use to either block a user out of their account or threaten to publish sensitive data. It works by employing encryption to block access to critical data and files, ultimately spreading across the network and attacking databases and servers to paralyze the entire organisation
This malware can reach your network through an employee visiting an infected site or clicking an email containing a malicious attachment. You may believe that the chances of such an incident are low, but 80% of Australian organisations were hit with ransomware in 2021 alone. The growing popularity of cryptocurrency facilitates ransomware attacks as threat actors can ask for payments without feeling threatened with identity exposure.
Using preventative measures by training your employees not to open such links is the best way to guard against ransomware, as there may be no way around it once your computers are compromised.
- DDoS Extortion: Demanding Crypto Payments to Remove Traffic
A Distributed Denial-of-Service (DDoS) attack sends unusual, overwhelming traffic to its target to disrupt the normal flow of traffic. The effect is similar to receiving several phone calls at once – you can not respond to them. For your system, this means that the service or network will either ignore many user requests or reply to all of them in a delayed manner. Essentially, the cyber criminal disrupts the network and demands a ransom in return for stopping the DDoS and letting the site resume normal operations. Australia is the third most common target for DDoS attacks.
Typically, businesses that provide online services are targeted in this manner. From casinos to cryptocurrency exchanges themselves, DDoS can target everything. On average, 33% of such attacks take down services for an hour, 60% last less than a full day, and 15% last for a month. Given the nature of this attack, tracing it back to a single source is difficult. The use of cryptocurrency payments in DDoS also makes tracing transactions impossible, further obscuring the threat actor from sight.
Maintaining network security and detecting the attack early on is your best bet to protect your business against the brunt of the attack.
- Cryptojacking: Mining Cryptocurrency On Others’ Devices
Cryptojacking involves using compromised devices to mine cryptocurrency without the users' or owner’s knowledge and consent. For your organization, this means:
- Increased power consumption (and bills)
- Slowed devices
- Deteriorating or overheating batteries
- Device failure.
All devices, from smartphones and PCs to IoT devices, are susceptible to cryptojacking. Cryptojacking generally increases when the cryptocurrency market is active, as criminals can make more profit at such times. Australia has had its fair share of crypto-jacking. Installing unverified apps, clicking on email attachments, and using weak passwords can all make your devices vulnerable to this crime.
- Phishing: Socially Engineering Credentials Out
Phishing can take many forms. In essence, phishing emails are masked as emails by genuine organisations, but the emails ask for credentials like bank account details or certain passwords to extort money. The senders can disguise themselves as employers asking for a quick favor or work, non-profit organizations asking for donations. The use of cryptocurrency protects their identity so they can not be traced once they receive the money. As with many of these crimes, building employee awareness is crucial to protecting your organisation against phishing.
Protecting Yourself Against Cryptocurrency-Related Cyber Crimes
Proactivity is the key to successful digital ventures. A reactive approach is often of no use in cryptocurrency-related crimes as no one will be able to trace the identity of the cyber criminal
through transaction details. Protecting your network and devices needs to be your priority, so you need to consider the following:
- Is all your software updated?
- Are your firewalls up, and is your antivirus working?
- Do you have a password policy regarding password strength and changing schedules?
- Do you have a policy for remote work?
- Do you actively back up your data?
- Do you employ specialised tools to protect yourself against attacks like DDoS?
- Does your staff have security awareness training? Can we put this at the top of the list please
- Are you using a Password Manager?
- Do you have Multi-Factor authentication?
- Do you have adequate access controls in place?
Legacy software and IT infrastructure can not withstand advanced attacks, and not having an antivirus exacerbates the risk. If your employees are using old, weak, or, worse, default passwords, it's a matter of time before a determined cyber criminal figures them out.
If you do not have a remote work policy, a compromised home network will give a threat actor access to your business’s servers. Backups shorten the downtime of businesses and help with business continuity in the case of serious disruptions, including third-party interference with systems. These days, businesses require technology to protect themselves: Investing in specialized tools is among your best option
Did you know that employee neglect is among the leading causes of cyber security risks to organisations? No matter how well-protected your systems are, an email with attached malware will get to it regardless. With cryptocurrency’s power, the attacker may forever elude you unidentified as well.
We can help you protect your business by training your workers in the ways of the digital world and its security. At Phrendly Phishing, we aim to create long-lasting employee behaviour change. Our award-winning training programs are designed and certified by cyber security experts and personalised for each learner. Request a personalised demo if you want to safeguard your organisation against cyber attacks.