Cybercriminals identify users to use their information in other attacks such as phishing
Cybercriminals identify users to later use that information in other attacks such as phishing
The cryptocurrency market in Latin America has experienced significant growth, especially in Argentina , a country in which, according to the co-Founder of Platzi, Christian Van Der Henst, it is not necessary to explain the importance of digital tokens and where there is talent to be exploited.
However, virtual currencies are no stranger to problems cybersecurity or cyber attacksorchestrated by cybercriminals. They are actually vulnerable to these dangers and therefore need to be aware of existing risks.
In the case of ESET, the cybersecurity company , a report has been issued warning of a new type of risk that could affect people who keep savings or have money invested in cryptocurrencies.
The dusting attack or “dust attack” refers to a type of attack directed at virtual wallets and that has the objective of revealing your identity, since an important aspect of cryptocurrencies is the anonymity that it offers to users.
Once the identity of the owner of that wallet is exposed, cybercriminals will have the possibility to carry out attacks in other ways, so the risk does not end in the short term, but the victim is becomes a hotspot for recurring attacks.
The dusting attack targets virtual wallets with the aim of revealing their identity and attacking users with other methods . REUTERS/Dado Ruvic/Illustration/File
This modality is called “dust” (powder) because the The cybercriminal responsible for them carries out transactions that are small and imperceptible to the owner of the cryptocurrency wallet. It is due to these movements that criminals can identify users and generate other violations of their privacy.
The “dust” is known as virtual residue which occurs after making transactions between two wallets, most of which have a minimum value of 0.00000547 BTC in the case of Bitcoin and that represents 10 US cents, a minimum amount of the real value of a virtual currency.
These attacks have identified three stages, according to the research team of the cybersecurity company.
– Recognition: In which criminals generate a list of people or users they intend to attack. Usually also includes targets with large amounts of cryptocurrencies which they can attack progressively until they get a small but considerable amount of coins.
– Execution: At this stage, the dusting attack begins, since the attackers can make a detailed analysis of the information and data they can obtain from the wallet.
The attack using the dusting attack method has three phases: recognition, execution and revenue. In all of them the privacy of the user is at risk. EFE/Oskar Burgos/Archivo
– Revenue: Once the person who owns a virtual wallet has been identified, the attackers have the ability to use that information, in addition to another of a private nature resulting from the previous stage, to carry out other types of attacks such as phishing and others that are intended to violate the security of the accounts for access and other services.
According to Martina López, Computer Security Researcher at ESET Latin America, in addition to the aforementioned consequences, “there is the possibility that the wallet victim is marked as spam or potentially malicious by those who manage it, which could result in another unintended consequence for the victim: the loss of their crypto-assets”.
As part of Some preventive measures that users should take include taking care of personal data, since cybercriminals can access them. Information such as personal email addresses, phone numbers, full names, and documents are some of the most sought after data by cybercriminals.
Also, it's good to always be up to date. stream of transactions that occur in virtual wallets, so if any are detected that are suspicious, they can be reported quickly.
It is also useful to use wallet services that have protections against these attacks, such as Samurai and Wasabi, two wallets created with the aim of strongly anonymizing the entire cryptocurrency exchange process.