Watch Out for Cryptocurrency Phishing & Phishing-as-a-Service Threats

Cybercriminals Are Branching Out With Cryptocurrency Phishing & Phishing-as-a-Service

---

The cybercrime world is always in flux with various threats rising and falling for myriad reasons. Just like nature, cybercrime abhors a vacuum. As one risk goes down, another risk comes up. Plus, the endless cat-and-mouse game between cybercriminals and cybersecurity professionals means that there are always fresh spins on classic scams or innovative new attacks emerging on the scene. Two up-and-comers have popped onto the radar as phishing operations use old tricks in new ways with devastating effect. 

---

---

Phishing is the Threat That Never Dies 

Phishing is a perennial problem for security teams. In this year’s ISACA State of Cybersecurity 2021 Survey, 35% of respondents reported that their enterprises are experiencing an increase in cyberattacks like phishing in 2021. That’s three percentage points higher than was recorded in that survey in 2020, a record-breaking year for phishing worldwide. The biggest risk that businesses face right now, phishing skyrocketed in 2020, up over 600% in Q2 2020 alone. That stratospheric rise is still going in 2021. While we’re certainly not seeing numbers that big, phishing (and ransomware risk along with it) still hasn’t leveled off.  

3 Telling Phishing Attack Trends 

• An estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months.
• The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average and 14% higher than the same period in 2020.
• More than 70% of UK organizations have suffered at least one data breach caused by phishing attacks in the last year. 

One contributor to the epic increase in phishing is an epic increase in email volume thanks to the sudden transition to remote or hybrid working presented by the global pandemic. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the complications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.  

---

---

Even Cybercrime Has a Subscription Box 

---

Who doesn’t love getting something useful or fun delivered every month? Subscription boxes bring a little joy into your life with a monthly box of coffee or a quarterly box of merchandise from your favorite show. Perhaps you’ve signed up for a weekly meal delivery subscription.  As the trend continues to grow, it seems like every product under the sun has a subscription box option. Enterprising cybercriminals wasted no time hopping on the bandwagon with their own subscription box style plans: Phishing–as-a-Service (PhaaS). 

Microsoft detailed a newly discovered PaaS operation in a recent blog post, dishing all of the details that give us a good look at just how this new twist on cybercrime works – and how it’s working out for cybercriminals. In the course of their work, researchers at Microsoft discovered something very suspicious: a phishing campaign that used a high volume of newly created and unique subdomains, boasting over 300,000 in one run. Digging deeper into that intriguing anomaly, the researchers uncovered a gem. They’d found one of the forays of a shadowy large-scale phishing-as-a-service operation called BulletProofLink. 

---

---

Phishing-as-a-Service is Phishing on a Budget

---

BulletProofLink (aka Anthrax), offers an enticing subscription model for cybercrime, and bad actors aren’t hesitating to make use of it. The scheme involves cybercriminals connecting with the Anthrax gang on the dark web, then contracting them by paying an operator to develop and deploy phishing campaigns on their behalf. According to Microsoft researchers, the monthly service has varying subscription prices dependent on a host of factors, but in general, the service can cost about $800 per month. BulletProofLink is a one-stop shop that sells everything you need for a successful phishing operation to launch your next ransomware attack or business email compromise scheme in one place including phishing kits, email templates, hosting, and automated services at a relatively low cost.    

Microsoft’s analysis of the data that it uncovered revealed that BulletProofLink is a successful, thriving PaaS operation. The brand’s services are used by multiple attacker groups as a launchpad for cybercrime operations like credential compromise, spear-phishing and ransomware attacks. With a wide variety of options for its customers to choose from, the group uses either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators. The operation offers over 100 available phishing templates that mimic known brands and government agencies or services that the researchers said were responsible for several prominent, ongoing phishing campaigns right now and in the past.  

---

---

Cryptocurrency Phishing Can Wear Familiar Disguises

---

If you’re buying goods or services on the dark web like stolen credentials, a PhaaS subscription or a do-it-yourself phishing kit, chances are high that you’ll be paying for it with some manner of cryptocurrency. The preferred currency of the dark web, crypto is so sought-after that almost 70% of organizations worldwide have experienced some level of unsolicited cryptomining in their environments. But cryptocurrency has gone mainstream in many ways, spoken and written about in the news with the same seriousness as any other currency. That shows that although it is a dark web darling, crypto has also gone legit – and that makes it an even bigger target for cybercrime. 

5 Essential Things to Know About Cryptocurrency 

• There are over 5,000 different currencies.
• Bitcoin is the most common, but not the only, digital currency used in ransomware attacks.
• Ransomware groups snatched at least $81 million in crypto from victims by May 2021.
• The U.S. Federal Bureau of Investigation managed to recoup 63.7 of the 75 Bitcoins paid by Colonial Pipeline after their ransomware attack.
• Almost 80% of Americans polled in a recent survey were aware of Bitcoin and 32% were aware of Ethereum, two of the biggest brands in the cryptocurrency world.  

The cryptocurrency world has just begun its journey into the mainstream business world, but it’s already witnessing an uptick in the kinds of cyberattack threats that were previously reserved for investment firms and financial institutions. In recent months, cyberattacks at two major crypto excahnges have demonstrated the danger that cryptocurrency is in as well as the danger that such a volatile investment presents for investors. 

The top way that bad actors use to snag unwary crypto fans into their traps is phishing. Specifically, social media phishing. While that is a growing area of phishing for cybercrime in general, it’s the king of the con in the cryptocurrency industry. Experts estimate that almost 55% of cyberattacks that swindled people out of their cryptocurrency (or the passwords to their digital wallets) came from threat actors impersonating representatives of hot tech and retail brands, employees of cryptocurrency exchanges and celebrities or executives from an array of industries on social media. But it’s just as much of a danger to businesses too – social media threats targeting enterprises have increased 47% since January 2021.  

---

---

ID Agent Can Help Keep These Threats Away from Businesses 

---

A cybersecurity risk can quickly give way to a cyberattack. Unfortunately, many cyberattacks cause mortal wounds to the businesses that fall prey to cybercrime –  60% of companies that are hit by a cyberattack go out of business within 6 months. These solutions can help reduce the risk of a successful cyberattack caused by all sorts of threats from phishing to crypto scams for smart organizations.  

Dark Web ID – Don’t let cybercriminals sneak into your network to set up cryptominers, deploy ransomware or steal your data with a compromised credential. Keeping an eye on this area can also quickly root out malicious insiders when you use dark web search to find all of a company’s compromised credentials in minutes. That protection also keeps running to alert you to new credential compromise risks through 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.  

Passly – A major building block of Zero-Trust security, secure identity and access management is the cure for many of the headaches that plague IT teams and employees.  Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime.  Passly seamlessly integrates with over 1,000 common business applications for no-fuss configuration. Get quick and easy access to SSO applications and passwords with the ability to automatically fill in the blanks for web logins and automated password resets to make everyone’s life a little bit better.  

BullPhish ID – Create a strong security culture that boosts a company’s cyber resilience through security awareness training that can be quickly implemented and automated for easy management. A frequently updated library of preloaded phishing kits makes it a snap to make sure employees have been trained to resist the phishing lures they face every day. But they’ll learn about much more than just phishing including ransomware, compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices. Plus, security awareness training reduces a company’s chance of a cybersecurity disaster by up to 70%.

Don’t wait until these threats are knocking on the door – contact an ID Agent solutions expert now to see how our digital risk protection solutions can give you the security boost that you need to handle cyberattacks today and tomorrow. 

---

---

---