Cryptocurrency Risk and 3 More Nasty Security Threats to Watch

Under the Radar Threats Like Cryptocurrency Risk Can Bring Businesses Unwelcome Surprises

---

The cybersecurity landscape is always in flux, with risk ebbing and flowing around various threats based on market opportunity, success rates and a host of smaller (and sometimes unpredictable) factors that drive cybercrime trends. While it can be a challenge to try to keep an eye on those trends to determine what hazards businesses might be looking at in the near future, there are a few standouts right now. Exploring hazards like cryptocurrency risk and making sure that they’re on the radar of cybersecurity teams can give businesses a valuable edge in staying a step ahead of cybercriminals.

---

---

Malicious Insider Risk 

---

No one wants to believe that someone on their team may not actually have the best interests of that team at heart, but sadly, malicious insider risk is a specter that haunts every organization. It’s also a growing area of danger for businesses. Insider threat risk rose about 40% in 2020, tripling in the last three years, with malicious insider actions responsible for almost 25% of confirmed breaches. What’s driving this increase in malicious insider threats? Money. Economic challenges, increased opportunity due to remote work and a thriving dark web economy that’s paying top dollar for employee credentials and company data plus cryptocurrency risk created by easy, profitable cryptoming is a mix that is proving too tempting for many employees to pass up. 

The Verizon/Ponemon Institute Data Breach Investigations Report 2021 breaks down the reasoning behind incidents like credential compromise, malware and data theft that resulted from the actions of malicious employees. An estimated 70% of malicious insider breaches are financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web. In economically challenging times like these, that fact needs to be top of mind for anyone who is working on defensive strategies to combat insider threat risks. It’s also worth considering cryptocurrency risk as part of your money-motivated malicious insider threat calculation too since cryptomining and bot deployment are very lucrative. Another 25% of the malicious insider incidents surveyed were motivated by espionage, like selling formulas, sensitive data or company secrets. The final cause of malicious insider incidents, around 4% was vengeance by angry employees who just wanted to damage the company. 

---

---

Cryptocurrency & Cryptomining 

---

You might not be considering cryptocurrency risk or cryptomining a threat to business cybersecurity, but you’d be dangerously wrong. In the recently released 2021 Cisco Cyber Security Threat Trends report, cryptomining was highlighted as a sneaky risk because of the traffic it generates and the people involved in doing it. Almost 70% of organizations experienced some level of unsolicited cryptomining. This is a particularly important risk since cryptomining is often a gateway to other serious and damaging cybercrimes that can do massive damage to an organization. The report also notes that the discovery of cryptomining in a company’s IT environment can indicate the presence of a bad actor. That could be a cybercriminal who has penetrated security and may then exfiltrate data or deploy ransomware or even a malicious insider that has set up a miner to earn extra income. Cryptomining can also threaten business IT through the actions of non-malicious insiders, like unsuspecting employees who add gaming apps to their work devices.  

Cryptocurrency is the preferred form of payment for everything on the dark web, and those who do business there are constantly looking for resources that they can abuse to gain more. That presents myriad risks for businesses. Malicious insiders can install cryptomining apps on company devices. That’s risky because many cryptomining apps are actually scams, but it may still be worth taking a chance on for some employees. Company devices can also be infested with cryptomining through non-malicious employee actions like installing games or utility apps. Employees who are hungry for extra income can manipulate their company’s IT environment in a number of dangerous ways to facilitate cryptomining, but they can also earn a handsome payment without going to all of that trouble through the booming cybercrime-as-a-service economy, which is nearly entirely fueled by cryptocurrency.  

---

---

Double (and Triple) Extortion Ransomware 

---

Ransomware is the superstar attack in the cybersecurity world today, with attacks absorbing plenty of column inches in the security and general media. Cryptocurrency risk can also open a gateway for ransomware. The villain of the year in 2020 was ransomware, as borne out by the data in the 2021 DBIR. The number of data breaches that were spurred by ransomware last year doubled as an estimated 61% of organizations worldwide fell victim to ransomware attacks in 2020. The outlook on this front for businesses in 2021 isn’t looking much better, with a forecast of heavy ransomware activity that threatens businesses of every size. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing.  

The most popular variety of ransomware used these days is double extortion ransomware. Accounting for 50% of ransomware attacks in 2020, this variety can combine crypto and locker aspects to make one big mess for businesses. In a successful double extortion ransomware attack, the malware that the gang uses creates two distinct adverse effects for the victim, like encrypting data or locking machines and threatening public shame. The gang then demands payment to undo both effects, like unlocking machines or decrypting data. Sometimes these negative effects can be less concrete, like cybercriminals who to only steal a company’s data, but also threaten to publicly embarrass them by releasing details about the security lapse. Following this pattern, bad actors have begun evolving a triple extortion variant that creates three adverse effects, requiring three extortion payments from the unlucky victim. 

---

---

Protect Business Systems and Data from Cryptocurrency Risk and Other Rising Threats 

---

Cryptocurrency risk and these three additional threats may be especially prominent right now, but businesses are faced with an array of similar threats every day that can quickly resolve into cyberattacks that do lethal damage – 60% of companies that are hit by a cyberattack go out of business within 6 months. These solutions can help prevent that result for smart organizations. 

Dark Web ID – Don’t let cybercriminals sneak into your network to set up cryptominers, deploy ransomware or steal your data with a compromised credential. Keeping an eye on this area can also quickly root out malicious insiders when you use dark web search to find all of a company’s compromised credentials in minutes. That protection also keeps running to alert you to new credential compromise risks through 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses. 

Passly – A major building block of Zero-Trust security, secure identity and access management is the cure for many of the headaches that plague IT teams and employees.  Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime.  Passly seamlessly integrates with over 1,000 common business applications for no-fuss configuration. Get quick and easy access to SSO applications and passwords with the ability to automatically fill in the blanks for web logins and automated password resets to make everyone’s life a little bit better. 

BullPhish ID – Create a strong security culture that boosts a company’s cyber resilience through security awareness training that can be quickly implemented and automated for easy management. A frequently updated library of preloaded phishing kits makes it a snap to make sure employees have been trained to resist the phishing lures they face every day. But they’ll learn about much more than just phishing including ransomware, compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices. 

Don’t wait until these threats are knocking on the door – contact an ID Agent solutions expert now to see how our digital risk protection solutions can give you the security boost that you need to handle cyberattacks today and tomorrow. 

---

---

---