OpenDNS Labs has been tracking attacks on Bitcoin wallets over the last few weeks. The details of the attacks were released in a blog on the OpenDNS Labs website. Attacks on Bitcoin wallets are not new. OpenDNS Labs say they saw a similar surge in attacks during the June spike in price for Bitcoin. As of this morning, CoinDesk has the cryptocurrency trading at over $950. This is more than 50% above where many speculators thought it would be by the end of 2016.
OpenDNS Labs observing rise in phishing attacks
The attacks that OpenDNS Labs have spotted are being driven by a rise in phishing attacks. It says: “Although most of the phishing sites we detect are specifically setup for phishing purposes we are also seeing an increase in the compromise of legitimate sites in which they are modified to host Bitcoin wallet phishing along with other phishing content.”
The blog focuses on how the attacks are being carried out. One of the attack methods identified is the use of compromised Gmail accounts. OpenDNS Labs claims these are used: “to gain access to Google AdWords and improve SEO thereby percolating these Blockchain.info phishes to the top of search results.” According to the blog, this emerging use of compromised sites is an indication that online wallet phishing is here to stay.
No relationship between ransomware and Bitcoin price
Over the last month some security vendors have been drawing parallels between Bitcoin prices and ransomware. OpenDNS Labs says this is not the case. It plots the rise in ransomware and Bitcoin pricing. This shows that while there is a rise in both, Bitcoin prices have fluctuated while ransomware has risen consistently.
What is happening is that this is the combination of two different types of attacks. The blog gives an example of how this happens. In brief the timeline is:
- User infected with ransomware
- Follow unlocking advice and told to buy Bitcoins
- Search for Bitcoin sales and encounter forged AdWords
- Buys Bitcoins to pay off ransomware but has personal information compromised by secondary attackers.
All of this could reasonably be done by the same team. However the OpenDNS Labs team say that this is two groups because the goals are different. They say: “Stolen credentials are a lot cheaper than most ransoms, so ransomware authors would not try to steal credentials, but rather get paid.” This double attack approach is something that has not surfaced before. Avoiding it may be hard for many victims.
Bitcoin has had a chequered past when it comes to security. The official Bitcoin Wiki contains its own warnings over wallet vulnerabilities. Bitcoins users need to keep a regular check on their own security. Using different credentials for their Bitcoin wallets compared to other services is a start. Another is to be careful about the use of third-party wallets. If Bitcoin is to gain widespread adoption there is a need to rethink its current level of security.