Banks are the usual target of hackers because that is where the money is. But money is not always the main reason for the attack. According to the Group-IB’s Hi-Tech Crime Trends Report because in some countries, banks are considered part of the national critical infrastructure, state-sponsored hackers target these institutions to gather intelligence information and disrupt the operation of target banks.
In recent years, despite efforts by regulators and banks to fortify the infrastructure against hacking, cyber criminals have expanded their attack vectors including target staff’s penchant to use personal email using the firm’s Internet connection.
But the increase media coverage around Initial Coin Offerings and the rising popularity of cryptocurrency exchanges may just be what banks are looking for – a break from being the target of choice for hackers.
According to Group-IB, hackers are turning their attention to the crypto industry, including ICO, wallets, exchanges, and funds, particularly with awareness of large capitalization and funds flowing into this group.
In technical terms, the attacks against service providers in this sector are no more difficult than against banks, however the information security in place and maturity of blockchain companies is significantly lower. A further motivation for criminal attackers is that blockchain technologies are more anonymous and unregulated – this considerably reduces the risk of being caught during money withdrawal.
To date, the attacks on the cryptocurrency industry has reached US$168 million. Group-IB estimates income from attacks on cryptocurrency exchanges varies from US$1.5 million (Bitcurex) to US$72 million (Bitfinex). In comparison, a successful attack on a bank nets criminals only about US$1.5 million on average.
Group-IB says attacks on cryptocurrency exchanges are conducted in the same way as targeted attacks on banks with similar or sometimes identical tools and tactics. E.g. cybercriminals use fake ID to get victim’s SIM-card to recover passwords and gain control over accounts in cryptocurrency services
The fact attackers are “retargeting” popular banking Trojans such as TrickBot, Vawtrak, Qadars, Tinba, Marcher to collect logins and passwords of cryptocurrency users suggests that they have found a new niche and might focus outside of the traditional banking sector in the nearest future.
Targeted attacks on cryptocurrency exchanges will be carried out not only by financially motivated hackers but by state-sponsored attackers as well.
Hacked cryptocurrencies in 2017
In just 13 minutes into its crowdsale, a hacker changed the Ethereum address posted on Israeli startup CoinDash’s ICO website and steal US$7 million of funds. In what may well be a classic phishing attacked the theft continued to the next day as netting the hacker US$10 million in total.
In July 2017, an attacked used a vulnerability in the Parity multisig wallet version 1.5+ to steal 153,037 Ether worth US$32 million. The funds were from previous ICOs (Edgeless Casino, Swarm City, and æternity blockchain).
Also in July 2017, Veritaseum claimed that 36,000 tokens were stolen and quickly exchanged for ether. The theft was valued atUS$8 million.
The following month, a hacker broke into Enigma’s website, Slack group, and fraudulent messages sent to its members asking for money who obligingly donated 1,500 Ether or US$500,000.