Social Engineering – Future Of Cryptocurrency

This blog is a continuation of the previous blog that introduces the act of social engineering. It would be wise to read that blog before we can go ahead and explain how social engineering works in cryptoeconomics.

Phishing for Bitcoins

Social engineering attackers are also targeting cryptocurrency.

Researchers at Cisco’s Talos security group have identified a malicious advertising campaign they dub Coinhoarder, which appears to be based out of Ukraine and to have netted about $50 million in the past three years, including $10 million alone in the last three months of 2017.

For this campaign, which began last February, the researchers say attackers purchased Google Adwords to “poison user search results” and direct them to attacker-controlled phishing sites designed to separate them from their cryptocurrency.

“Cisco identified an attack pattern in which the threat actors behind the operation would establish a ‘gateway’ phishing link that would appear in search results among Google Ads,” the Cisco Talos researchers say. “When searching for crypto-related keywords such as ‘blockchain’ or ‘bitcoin wallet,’ the spoofed links would appear at the top of search results. When clicked, the link would redirect to a ‘lander’ page and serve phishing content in the native language of the geographic region of the victim’s IP address.”

At one-point last February, Cisco reports that DNS queries for the gang’s fake cryptocurrency sites exceeded 200,000 queries per hour. A significant number of them came from Nigeria, Ghana and Estonia, leading researchers to suggest that attackers were attempt “to target potential victims’ African countries and other developing nations where banking can be more difficult, and local currencies much more unstable compared to the digital asset.”

Cisco says it’s been sharing intelligence on the operation with Cyberpolice Ukraine.

DNS queries for “block-clain.info” domain. (Source: Cisco Talos)

Many of the phishing sites use real-looking but fake domain names – referred to as “typosquatting” or brand spoofing – for example featuring a word such as “blockclain” – instead of “blockchain” – in the URL, Cisco says. Such typos could be especially effective on users whose first language is not English or for anyone who’s using a mobile device, researchers say.

More recently, Cisco Talos reports that attackers have been refining their campaign by making their phishing sites look more legitimate. “A few months after we began tracking this particular group, we observed them starting to use SSL certs issued by Cloudflare and Let’s Encrypt,” the researchers say. “SSL certificate abuse has been a rising trend among phishing campaigns in general.” (DarknetVendors Sell Counterfeit TLS Certificates).

This is simply an example of how social engineering can be used to in the realm of cryptoeconomics to embezzle people of their digital assets. It is advised that you do not participate in activities that seem malicious.

Social engineering is a word used to encompass a broad range of malevolent activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first studies the intended victim to gather essential background information, such as possible points of entry and weak security protocols, needed to advance with the attack. Then, the attacker moves to gain the victim’s trust and offer stimuli for consequent actions that break security practices, such as revealing delicate information or giving away access to critical resources.

What makes social engineering dangerous is that it depends on human error, rather than weaknesses in software and operating systems. Mistakes made by genuine users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults. Let’s take a look all the techniques that are used to achieve malevolent interests.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infested with malware, encouraging them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim to perform a critical task.

Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts fitting to their victims to make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skilfully.

In tomorrow’s post we will discuss cryptocurrencies and social engineering so stay tuned.