Cryptocurrency Can Torpedo the Best-Laid Security Plans
Cryptocurrency is one of the hottest subjects in security as well as one of the biggest movers in the financial markets today. There were 68 million cryptocurrency wallet users (an account that enables storage and trade of cryptocurrency) by February 2021. Popular with investors from many walks of life, fans of cryptocurrency have faith that they’re getting in on the ground floor of the next big commodity – and those investors trust in the power of cryptocurrency to survive volatile conditions as a great investment. In fact, in a recent survey of more than 60,000 cryptocurrency users worldwide, 97% of them felt confident about the value of digital assets like cryptocurrency – and over half consider venturing into it as a source of income.
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
10 Essential Things to Know About Cryptocurrency
- Bitcoin (BTC) is the original cryptocurrency and it remains the gold standard.
- In Q1 of 2021, the market cap for Bitcoin was at $1072 billion
- 48% of all cryptocurrency token sales came from the US in 2020
- There are over 5,000 different currencies.
- Bitcoin is the most common, but not the only, digital currency used in ransomware attacks.
- Bitcoin hit a new all-time high price in April 2021 and broke that record in October 2021
- Ransomware groups snatched at least $81 million in crypto from victims by May 2021.
- The world is predicted to spend up to $15.9 billion in blockchain-related tech by 2023.
- The U.S. Federal Bureau of Investigation managed to recoup 63.7 of the 75 Bitcoins paid by Colonial Pipeline after their ransomware attack.
- Almost 80% of Americans polled in a recent survey were aware of Bitcoin and 32% were aware of Ethereum, two of the biggest brands in the cryptocurrency world.
Cryptocurrency Impacts Your Security
So how does this impact your business cybersecurity? As is frequently reported in the news, crypto is the currency of cybercrime, both through its ubiquity as the commodity that powers dark web transactions and its ability to facilitate cybercrime in and of itself. Cryptocurrency is a finite resource. There are only 21 million bitcoins that can be mined in total. As the preferred form of payment for everything on the dark web, that means that cybercriminals and the people who do business with them are constantly looking for resources that they can abuse to gain more. That resource could very well be your employees or your business. Crypto can impact your company’s security and endanger your IT environment (and your data) in several ways, and two of them are directly tied to phishing.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
Social Media Scams & Spoofing
The top way that bad actors use to snag unwary crypto fans into their traps is phishing, and that’s a problem for your business. How many employees are using their work laptops – or email accounts – to facilitate non-work communication? About 55% of employees check their personal email on work devices, and 1 in 4 employees use their work email account for personal communication. That brings risk related to cryptocurrency right to your doorstep. The popularity of cryptocurrency combined with the propensity of employees to blur the line between work and home devices or accounts could be your security plan’s kryptonite thanks to a single phishing message.
Cryptocurrency phishing threats can come in any form but two are head and shoulders above the rest. First, cryptocurrency phishing is a favorite tactic of social media phishing scammers. The US Federal Trade Commission is the agency that handles scams of this type, and the FTC recently revealed that it received nearly 7,000 cryptocurrency social media phishing scam reports in the last quarter of 2020 and the first quarter of 2021, 12 times the number reported over the same period a year earlier. Brand impersonation is another favored weapon of bad actors for cryptocurrency phishing. Experts estimate that almost 55% of cyberattacks that swindled people out of their cryptocurrency (or the passwords to their digital wallets) came from spoofing or impersonation schemes. Cybercriminals are passing themselves off as representatives of hot tech and retail brands, employees of cryptocurrency exchanges and celebrities or executives from an array of industries.
The Most Impersonated Brands & the Percentage of Phishing Emails That Fake Them
- Microsoft at 45%
- DHL at 26%
- Amazon at 11%
- BestBuy 4%
- Google 3%
- LinkedIn at 3%
What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>
Cryptojacking & Cryptomining
CSO defines cryptojacking as such “Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.” It’s easy to see that all of those consequences are the result of phishing.
Cryptomining itself is a major threat to business cybersecurity that may be flying under your radar. The recently released 2021 Cisco Cyber Security Threat Trends report pointed to cryptomining as a top overlooked risk for businesses, and that’s dangerous. Cryptomining generates a tremendous amount of traffic, occupies an outszie number of a company’s resources and brings everyone invilved into contact with bad actors. Cryptomining is almost inevitably tied to cybercrime in some way because it is an intrusion in your company’s IT environment, an access point that your security team does not control. That means that it’s open for the cryptominers and a vulnerability that can be exploited by other cybercriminals as well. The problem is much more widespread than many business owners and IT leaders may think. Almost 70% of organizations worldwide experienced some level of unsolicited cryptomining. A gateway to other serious and damaging cyberattacks, cryptomining can do the same kind of damage to an organization as a hacker.
In fact, it might clue you into one. The discovery of cryptomining in a company’s IT environment can indicate the presence of a bad actor right inside your company – a malicious insider that has set up a miner to earn extra income. Insider threat risk rose about 40% in 2020, tripling in the last three years, with malicious insider actions responsible for almost 25% of confirmed breaches. Employees who are hungry for extra income can manipulate their company’s IT environment in a number of dangerous ways to facilitate cryptomining, but they can also earn a handsome payment without going to all of that trouble through the booming cybercrime-as-a-service economy, which is nearly entirely fueled by cryptocurrency. Malicious insiders can install cryptomining apps on company devices. That’s risky because many cryptomining apps are actually scams, but it may still be worth taking a chance on for some employees.
5 Cryptomining Facts
- Miners are getting an estimated 6.25 Bitcoin per block in 2021
- That translates to about $330 000
- The number one country for Bitcoin mining is China
- The US is number two in bitcoin mining
- About 17% of all the world’s bitcoin miners are in the US
How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>
Lower Your Risk of Cryptocurrency Trouble with Graphus
Protecting your business from phishing-related cryptocurrency trouble is an important way to protect your business from some of today’s nastiest cyberattacks like ransomware, business email compromise and credential compromise. Graphus is the ideal partner in that effort.
Why should you choose Graphus? Because you’ll get cutting-edge protection from cybercrime at an excellent price. Using AI-powered, automated email security with an award-winning solution is a smart move for businesses of every size.
- You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.
- Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing email than a SEG or conventional security.
- Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.
- Click here to watch a video demo of Graphus now.
Don’t wait until cybercriminals are dangling tempting lures in front of your employees to take action and provide your business with best-in-class email security. Let us show you how the triple-layered protection that your business gets from Graphus is exactly what you need to keep your organization safe from phishing.
Addressing the dangers of phishing is a smart way for businesses to reduce their risk of a damaging data breach. One of the best ways to do that is to prevent the inevitable mistakes that employees will make by keeping them out of the picture with Graphus. Schedule a demo today=>