Cryptocurrencies are seen as the new targets of ransomware hackers in 2023, according to a recent report on cybercrime.
Fortinet, one of the leading cybersecurity firms, released a report titled “Cyber Threat Predictions for 2023” where experts listed ransomware and other cyber threats that will likely pose dangers in cybersecurity next year.
— FortiGuard Labs (@FortiGuardLabs) November 25, 2022
In this document, Fortinet’s experts stated that they have recently observed cases of malware that were designed to target cryptocurrency credentials in digital wallets.
“Bank transactions and wire transfers used to be prime targets for cybercriminals. Yet as banks increasingly enhance their security measures—encrypting transactions and requiring multi-factor authentication (MFA)—it’s now more difficult for hackers to intercept these transactions,” the experts said.
“But as the saying goes, ‘When one door closes, another opens.’ As predicted, we observed more instances of malware designed to target stored crypto credentials and drain digital wallets. Digital wallets are easy targets for hackers, as they tend to be less secure,” they added.
They cited the following cases of crypto-related attacks this 2022:
- Last February, attackers stole $1.7 million worth of non-fungible (NFTs) from users of a marketplace called OpenSea.
- Discord, an encrypted messaging application, was not spared from attacks by hackers last May. Reports said that hackers managed to compromise several Discord servers of NFT projects.
- Last July, a group of hackers reportedly stole $400,000 worth of NFTs from another prominent platform called Premint.
These observations were presented during a media roundtable event held at Ascott Makati Hotel on December 7.
The full report can be viewed here: WP-threat-prediction-2023.pdf (fortinet.com).
The Philippine National Police-Anti-Cybercrime Group (PNP-ACG) similarly advised Filipinos about a fake cryptocurrency app that aims to target their Christmas bonuses.
The PNP-ACG said that scammers will use this app to trick potential investors to cash in their hard-earned bonuses through the fake app, and then steal the money once their investment grew.
“ACG reminds everyone to be cautious in making online Crypto Investments,” the agency said.
The Cyber Kill Chain
Daniel Kwong, field chief information security officer (CISO) of Fortinet Southeast Asia and Hong Kong, explained that this type of malware runs in a seven-step process called the “Cyber Kill Chain.”
Kwong noted that it is a military weapon developed by a company called Lockheed Martin.
The seven steps are as follows:
- Weaponization of a deliverable
- Delivery of the weapon to the potential victim via email, USB, etc.
- Installation of the malware
- Establishment of a command and control
- Execution of actions to accomplish their goals
Kwong said that the best way to stop such an attack is to target it at the early phase of the process—the reconnaissance.
“If you can stop the kill chain in any phase, you actually stop the attack. But the best thing is you stop the kill chain in the early phase—the reconnaissance phase. If you can stop that, you stop the attack,” he said.
The Fortinet executive said that it can still be stopped during the latter phases of the chain. However, it might be too late by then.
“But even if you stop it at ‘action on the object’, you still stop it but it’s a bit too late. It’s a bit dangerous,” he said.
In its report, Fortinet also advised investors to use a “non-custodial” wallet.
“Using a non-custodial wallet is preferred, as it gives the crypto user full ownership of their cryptocurrency holdings and control over their private keys. A custodial wallet—or one owned by a third party—is riskier, as the user doesn’t have total control over their wallet,” the experts said.