- In the first half of 2021, phishing attacks jumped 22 percent according to a new report by PhishLabs, with crypto-targeted attacks up 10 times.
- John LaCour, the founder and CTO at PhishLabs talked to CNF on why the attacks shot up, how to keep your assets safe and why regulations could go a long way in curbing these attacks.
Phishing attacks have been on a rise in the first half of the year, a new report has revealed. The report by PhishLabs found that phishing attacks were up by 22 percent in H1. For crypto holders, there’s a reason to be more concerned, with the report revealing crypto-targeted attacks shot up by ten times from the same period last year. We talked to John LaCour, the founder and CTO at PhishLabs on why the attacks shot up and what crypto holders should do to better protect their assets.
In its August 17 report, the Charleston, South Carolina cybersecurity firm revealed that not only have the attacks increased in the first half of this year, the attackers are also modifying the attack vectors and targets as cybersecurity evolves.
One of the fields that have seen a surge in phishing attacks is social media platforms. Since the beginning of the year, the average business saw 34 attacks on social media per month. By June, these attacks had shot up to 50 per month.
Office365 has also seen a rise in attacks as corporate users become a more popular target. “Fifty-one percent of credential theft attacks found in corporate inboxes during the second quarter targeted Office365 accounts,” the report revealed.
However, all these fields pale in comparison to the attacks targeting cryptocurrencies. LaCour commented:
Bad actors continue to utilize phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.
Why the rise in crypto phishing attacks?
“As the cryptocurrency and digital asset markets mature, so have hackers’ approaches to compromising exchanges, asset owners, and other parts of the crypto-financial ecosystem,” LaCour told us.
Attacks on cryptocurrency have sharply increased, according to PhishLabs newly released Quarterly Threat Trends & Intelligence Report. Join our CTO & Founder, John LaCour, as he discusses key findings during our webinar today at 2 p.m. EST. https://t.co/dDMwu2HXZZ pic.twitter.com/S6dL4sQUyK
— Fortra's PhishLabs (@PhishLabs) August 17, 2021
In the past, hackers have been using cryptocurrencies as ransom payments. In the process, these hackers have acquired a deep understanding of the technology behind the cryptocurrencies and become “sort of experts” on things like “the various platforms in the space, the security controls they do or don’t have in place, and their potential weaknesses.”
And while the cryptocurrency market has been celebrating the continued adoption of these assets, it has had its bad effects as well. One of these is that hackers now have a bigger target market. Coinbase going public and Bitcoin hitting a new all-time high in the first half also drew a lot of new and inexperienced cryptocurrency holders.
LaCour expects cryptocurrency businesses to continue being targeted by these attacks over the rest of the year.
We anticipate cryptocurrency businesses will continue to be aggressively targeted by threat actors through social media due to the majority of their activity and communication taking place through social platforms.
It’s not all doom
As bad as it has been, there have been signs that the industry is headed in the right direction, LaCour believes. Recently, the Poly Network made history as being the biggest DeFi attack in history. However, the attack also revealed that the market has quite matured and is headed in the right direction, the cybersecurity expert told us.
The recent Poly network attack shows the industry’s willingness to work together on solutions (many exchanges and miners agreed to refuse transactions coming from the hackers addresses). In some ways, the ‘computational trust’ that digital ledger and cryptocurrency provide should enable these systems to be more secure in the long run.
In as much as all stakeholders are now working together to thwart attacks, individual teams need to shape up.
Strategically, security teams need more proactive intelligence spanning web (surface and dark), social media, email, and other digital channels so that these threats can be detected early in their lifecycle.
In recent times, several government agencies have shown a willingness to regulate the cryptocurrency market, LaCour, who founded PhishLabs in 2008 to offer digital risk protection through curated threat intelligence and complete mitigation, told CNF.
But while the power struggle between these agencies continues, investors are still essentially ‘on their own,’ without any of the protections afforded to other asset classes (such as FDIC insurance). As such, the crypto buyer/participant should exercise additional levels of diligence around where they hold their assets, and what kinds of security measures are offered.
In yet another sign that it could get better, PhishLabs found that phishing attacks reduced significantly in June – the first time in the previous six months that it had not shot up.
“…it’s interesting to see the significant dip from May to June 2021. We’ll continue to monitor through the summer and analyze if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”
