Cryptocurrency startup Bee Token confirmed that scammers conned its investors out of at least $928,000 worth of ethereum when it ran its initial coin offering (ICO). The fraudsters who phished the investors posed as the Bee Token team, urging them to quickly capitalize on the ICO to gain a significantly higher return on investment. The scheme involved the phishers sending would-be buyers an Ethereum address or a QR code that redirects them to the address. The earliest transaction occurred on January 31, nearly the same time Bee Token ran its ICO.
Cryptocurrency’s real-world leverage is indeed drawing cybercriminal attention. But phishing isn’t the only favored technique—in fact, the use of cryptocurrency-mining malware and botnets that turn devices into resource-stealing zombies are increasing.
Just this week, a worm-like Monero-mining malware (ADB.Miner) is currently gaining ground in China and South Korea, which so far is affecting Android-powered devices. It abuses Android Debug Bridge (ABD), a command-line tool that facilitates various functionalities, such as installing and debugging applications. ADB.Miner has scanning capability of the infamous Mirai, searching for open port 5555 (which is part of ADB’s port range). And it’s not just cybercriminals. Cyberespionage campaign PZChao was recently seen deploying custom-built information stealers and remote access Trojans that also mines bitcoins.
The surge of malicious cryptocurrency mining activities would only translate to cybercriminals looking for more ways to zombify devices — from abusing legitimate services and exploiting vulnerabilities and system weaknesses to using tried-and-tested techniques such as phishing. These incidents highlight the significance of defense in depth, or arraying defenses at each layer of the infrastructure to mitigate and lessen exposure to threats.
In cases like Bee Token’s, apply best practices against phishing: Beware of suspicious emails with equally dodgy requests, such as those that ask for more personal information than necessary. The sender’s display names can also reveal phishing red flags. Bee Token investors were duped by scammers using fake email addresses instead of ones officially used by the Bee Token team. Phishing emails, like those used in Business Email Compromise attacks, are also written with a sense of urgency. Social engineering is a vital component in phishing, so users and businesses should be more security-aware: If the phishing email offers something that seems too good to be true, it usually is.
About IntelliTeK Pty Ltd
IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditations from the world’s leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007.
IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at firstname.lastname@example.org, fill out the web form, or have a Live Chat with us below.