Cybersecurity form Sophos says that attacks such as ransomware will continue to make use of cryptocurrency. Over the past year and a half, ransomware attacks constituted 79 percent of all global cybersecurity breaches, it said. These incidents, investigated and remediated by Sophos' rapid response team, reveal that some of these attacks target crypto investors through fake app login screens.
The Sophos' 2022 Threat Report which was published over the weekend, aims to provide perspective on security threats and trends facing organisations in 2022 and the threat landscape in 2021, with additional insights on possible loopholes that could be breached in the future. The study talks about a mobile malware family that ran riot in 2021 known as Flubot as one of the predominant banking trojans affecting the Android platform.
The malware presents users with fake bank and cryptocurrency app login screens to steal the user's passwords for those services. In addition to robbing bank details, it also steals data like the contact list, which it then uses to spam the victim's friends and associates with messages that can lead to additional Flubot infections.
The malware spreads primarily through SMS text messages and mimics popular shipment tracking services from major international parcel shipment services like DHL, FedEx and UPS. The victim receives SMS alerts with a URL link, and occasionally an SMS that pretends to be a voicemail message – also with a web link.
Sophos also warns that automated botnet attacks like Mirai have gained in prominence too over the years, becoming the vehicle of choice to deliver crypto-mining malware. These bits of code infect various corporate assets such as servers and IoT devices, cyber-criminals can use the collective processing power of hundreds – or thousands – of machines to mine cryptocurrency and spread it to further devices.
“As a method of evading sanctions, cryptocurrencies are well suited to the task, which may be why criminals based in regions of the world that remain under traditional economic sanctions exclusively deal in cryptocurrency. Beyond that, because cryptocurrency is anonymous, it can be difficult to determine where the money ends up,” states the report.
“Sophos believes that the illicit use of cryptocurrency, both to evade sanctions and to obfuscate involvement in criminal activity, will continue to increase in 2022, with ransomware and crypto-jacking being the two most prominent ways that criminals can directly receive cryptocurrency payments from their victims,” the report adds.