Cryptojacking remains one of the most common threats on the Internet. The number of victims every quarter ranges from 300 to 500 000. The increase in NFT scams is definitely present as well!
Cryptocurrency is a target of hackers who use phishing, offering dubious cryptocurrency exchange platforms and initiating cryptojacking to illegally mine cryptocurrencies. Before, mining was mainly a threat to general users, but today miners steal power from large businesses and critical infrastructure. Cryptojacking is a fairly new threat that has emerged rapidly due to the impressive financial benefits of cryptocurrency mining. It is currently one of the top cyber security threats and internet users should take it seriously!
Cryptojacking in 2020 reached new records with 81.9 million visits, up 28% from 64.1 million the year before. We wrote in 2021 that cryptocurrency attacks now account for about 2.5% of malware-related issues in the enterprise, with about 10% of organizations reporting security-related issues. Verizon assumes that the actual rate of incidents is higher, as many such attacks go unreported.
After the recent turmoil in the crypto market, analyzing the cybersecurity side of the crypto landscape becomes necessary. A report from Atlas VPN shows that new modifications of cryptojacking software used to hijack a computer and exploit digital assets against a user’s will increased 3.8 times in the third quarter of 2022. About 153,000 new variants of the software Malware mining was discovered by Kaspersky during the third quarter of the year. In the second quarter, the number of new cryptojacking variants was around 41,000. Kaspersky, in a recent report, noted that ransomware negotiations and payments would depend less on Bitcoin as a value transfer, as increased regulation of digital assets and tracking technologies will force cybercriminals away from bitcoin and in other methods.
However, the data also shows that the number of victims of crypto theft has not changed significantly. In fact, it has dropped slightly. Analysts believe fraudsters were trying to take advantage of the anticipated boom in the crypto market. However, the predictions failed, the market failed to reach new highs and thus their strategy failed.
There are some techniques that are comparable to the distribution methods of any other type of malware. One of the most common ways is to use malicious files imitating pirated entertainment. Cybercriminals deliberately lure their victims by presenting them with movies, music, games and software known to distribute dangerous crypto mining programs. They can distribute them through torrent links as well as specially designed landing pages. Although the approach mentioned above mainly affects consumer devices, there are a number of distribution strategies to send miners to more powerful enterprise devices.
Cryptojacking is extremely attractive to cybercriminals: it does not require high technical skills and, unlike ransomware, offers a potential payout rate of 100%. Once compromised, the infected machine can immediately start mining cryptocurrency in stealth mode, regardless of its processing power or geographic location. Even low-end systems are useful as it is the size of the network of compromised machines, and therefore the total computing power, that really matters.
There are more and more threats related to cryptocurrencies such as fake hardware wallets, smart contract attacks, DeFi hacks, etc. In the rush for investment opportunities in cryptocurrencies, cybercriminals will take advantage of the production and sale of malicious devices with backdoors, followed by social engineering campaigns and other methods to steal the financial assets of victims.
Since the beginning of 2022, cybercriminals have stolen $3 billion from DeFi protocols, with 125 crypto hacks in total. According to the latest data on DeFi, 15 new scams deployed against smart contracts are discovered every hour. At this rate, 2022 will likely overtake 2021 as the biggest hacking year on record. The lack of modern security for smart contracts leads to attacks on these platforms and, depending on how the business model works, to the possible theft of a lot of money.
Kaspersky warns of increase in NFT fraud during the ongoing World Cup in Qatar. Scammers are likely to use techniques such as offering bonuses for bets on live event matches, among other tricks. NFT scams are likely to revolve around the sale of products such as virtual sporting goods. Fraudsters can collect users’ personal information in exchange for virtual soccer shirts or soccer balls.