Lazarus Campaign and LoopX Scam Show That Cryptocurrency Industry Still Fraught With Dangers
The past weeks have seen a slew of reports on cryptocurrency-related hacks and scams. Two more incidents made the news recently: one concerning a new campaign from the threat actor known as the Lazarus Group, and the other involving a scam by one of the many new cryptocurrency startups.
As with yesterday’s news, the issues with these two separate incidents are but a part of the many dangers that still plague the Wild West known as the cryptocurrency industry. While the technology of cryptocurrencies, and most of its implementation, is useful, the lack of regulation and the current hype attached to the industry often lead to cybercriminals and scammers taking advantage of people who want to get in on the fad.
Lazarus Strikes Bitcoin Owners, Financial Organizations
The cybercrime group known as Lazarus, which was responsible for some of the most notorious cyberattacks in recent memory (notably the Sony email hacks and various attacks on financial organizations), often goes where the money is — and right now, there is a large amount of it to be made from cryptocurrencies. Thus, it’s not surprising to see the group reemerge with a new campaign targeting bitcoin owners, in addition to its usual victims of financial organizations.
The campaign was discovered when security researchers found a phishing email, disguised as an email sent by a recruiter, with an embedded Dropbox link. The link contains a document with a job description for a bank executive who will be based in Hong Kong. The document then leads to a Visual Basic macro implant which scans the affected system for signs of Bitcoin activity. It then drops a second implant that is designed for long-term data gathering and persistence.
According to the report, the tactics and techniques used in the campaign are similar to some of Lazarus’ previous attacks. However, the use of the dropped implants is a new activity and shows that the group’s tools for its malicious operations are constantly evolving.
There is still no information as of now regarding the scope of the new campaign or the exact regions where it is occurring. But given how widespread the group’s previous attacks were, in addition to the group’s access to a wide variety of tools and resources, it’s reasonable to believe that the group is not limited by geographic factors.
LoopX Apparently Scams Its Investors of US$4.5 Million
With the large number of groups wanting to cash in on the cryptocurrency fad, it might be difficult to keep up with all the new coins launching in the market. LoopX, a cryptocurrency startup that managed to raise US$4.5 million in a series of initial coin offerings (ICOs) and had a legitimate online presence complete with website and social media accounts, seemingly disappeared from the face of the Earth, taking with it the money of its investors.
LoopX’s website and other accounts across various social media platforms have already been taken down. However, an existing thread in bitcointalk.org details many of the cryptocurrency’s “features,” which include a “revolutionary” trading platform and a supposedly advanced trading algorithm.
Lessons to be Learned
The two incidents mentioned in this entry are just a few examples of the many kinds of attacks and scams involving cryptocurrencies that users can realistically encounter. Over the past few months, cybercriminals have used cryptocurrencies or things related to cryptocurrencies in a wide variety of malicious activities, including the following:
- Distribution and use of cryptocurrency miners, which can work behind the scenes without the user knowing anything about it
- Luring unsuspecting users to download ransomware via the use of a fake cryptocurrency, as seen in the Spritecoin incident
- Using social media as a way to fish for cryptocurrency donations
- Hijacking cryptocurrency websites to redirect victims to different domains for malicious purposes
- Using malicious advertisements as a way to deliver web miners
- Setting up botnets with the purpose of mining cryptocurrencies
The truth is that the number of attack methods is almost as varied as the number of cryptocurrencies themselves. Users have to understand more than ever that the industry is still nascent and therefore fraught with threats at this point. Awareness and caution are some of the best weapons to combat the rising number of threats.
Users can also apply security best practices that apply to the specific incidents mentioned in this article. For the Lazarus campaign, for example, users and organizations should always follow techniques in identifying and dealing with phishing attacks. This is especially important when it comes to campaigns by groups such as Lazarus, which possesses both the experience and expertise to trick even the most discerning users.
When it comes to cryptocurrency security, being an informed and smart user and consumer or investor is important. Although some offerings might sound like a great opportunity to get in “before the rush,” fear of missing out also exposes people to the risk of malicious attacks or scams. There is nothing wrong per se with investing in new cryptocurrencies. However, exercise due diligence and consider every aspect of the project with a keen mind and ten grains of salt.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.