Posted on Mar 22, 2018
Bitcoin’s price soared from $985 to $19,300 in 2017, and they are just one example of the many cryptocurrency companies experiencing exponential growth last year. Astronomic valuations have caught the attention of cybercriminals, who are subjecting the currency to growing numbers of attacks, as criminals realize that this avenue too can be hacked. This turn of events is ironic considering that cyber criminals originally used cybercurrency as a an anonymous way to receive payments from ransomware attacks.
Old Exploits for a Modern Purpose
Hackers are repurposing a raft of old exploitative techniques to steal cryptocurrency. Criminals have come up with fake cryptocurrencies that convince victims they are buying units of a successful cryptocurrency when in fact they paying for numbers that show up on a website. Others trick newbie investors with fake Initial Coin Offerings (ICOs).
Even traditional cybercrime techniques are getting into the act. Phishing attacks use emails and fake websites to trick victims into giving them sensitive information regarding their cryptocurrency, such as login details from an exchange or online wallet.
SecurityScorecard, recently became aware of the latest hacker trick: Man-in-the-Browser attacks (MitB) are being used to potentially steal cryptocurrency.
Our testing confirmed that Web Injects, a type of MitB attack, have been used to target at least two cryptocurrency websites--coinbase.com and blockchain.info.
How to Outsmart Hackers Targeting Cryptocurrency
SecurityScorecard researchers analyzed how this exploit works. To help you prevent yourself from becoming a victim, here’s a few things you can check for
For more insights, read our white paper “Man-in-the-Browser Attacks Target Coinbase and Blockchain Websites: A Detailed Technical Analysis of Web Injects as a Threat to Cryptocurrency.”
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.
Download the detailed technical analysis of web injects and learn our analysis of MitB attack targeting.