People are more inclined to move their financial assets to a digital environment due to the ongoing advancements in technology and finance. Most financial services have been replaced by digital banking solutions known as fintech (financial technology), which makes it simpler for people to interact with their earnings and investments.
Fintech uses technologies such as API, artificial intelligence, and blockchain; they are also used in cryptocurrency operations, the most significant investment trend of recent years.
The threat actors’ primary purpose is to profit by stealing financial and personal information. They focus on fintech and cryptocurrency as these industries are constantly growing in today’s market.
Threats, Threat Actors, and Motivations
Attackers who target cryptocurrency businesses and fintech applications are aware of the continuous currency circulation in these industries and are typically motivated to steal those currencies or collect information they can put on sale.
Attackers use banking trojans or malware to enter networks and take advantage of vulnerable API endpoints to collect data.
Dark Web Threats
Threat actors can use compromised credentials leaked or sold online to take control of accounts on fintech apps and gain access to financial and personal information.
The coin mining procedure solves complex computational problems in exchange for currency but requires strong computing sources. Cybercriminals reduce mining costs by stealing others’ computing resources. They employ a variety of hacking techniques to gain access to systems.
Most often, a threat results from a user’s mistake. A user or an employee who has fallen victim to a phishing scam may become an attacker’s entry cause, or a developer may make an error and reveal a flaw in the context application. On rare occasions, an insider may intentionally leak data for their own benefit or to cause harm to others.
Attackers use security holes to launch reentrancy attacks on blockchain instances. By abusing functions to call an untrusted contract, an attacker can fake deposits into a contract while a previous transaction is still being processed. Using this method, an attacker could drain funds in a contract.
Hackers can overload an application with traffic during a distributed denial-of-service attack, causing it to crash. This could lead to a security breach in the application. DDoS attacks present a serious threat to many applications since the APIs used in these applications frequently lack rate limitation.
Hackers impersonate banks, business owners, and other entities in phishing attacks to deceive their targets. These attacks frequently pose a serious risk to users of fintech and crypto wallet apps. Scammers who deal with crypto exchanges favor initial coin offerings (ICOs) and investment or giveaway scams.
Attack Surface and Vulnerabilities
According to reports in 2019, up to %64 of global consumers used at least one fintech service. As more people adopt making payments, lending, and investing digitally, that percentage is anticipated to increase.
The global fintech market benefits from the increasing acceptance of digital payments, lending, and investments and the use of IoT devices and e-commerce platforms.
The attack surface is a major concern for blockchain applications in crypto exchanges and banking. This is due to a blockchain ledger’s immutability. The attack surface of a cryptocurrency also increases with its level of popularity.
- User network devices
- Distributed computing sources and blockchain
- Digital transactions
- Banking applications
- Investment services
- Online lending services
- Insurance services (Insurtech)
- Crypto wallets and connected instances
- DeFi platforms and apps (Decentralized finance)
- Fintech vendor network devices and databases
- Human errors, insiders, and data leaks
- E-commerce sites
- Cryptocurrencies, coins, and tokens
Cyber Attacks Targeting Fintech & Cryptocurrency Industries (As of 30 September 2022)
- Wintermute was hacked using a compromised wallet and lost $162M in DeFi operations.
- A hacking incident occurred on the multichain DeFi platform KyberSwap Network. The attacker used the platform’s frontend website to steal $265,000 tokens from a user’s wallet.
- Customers of Indian banks were the target of an SMS phishing campaign that used infostealer malware disguised as a rewards application for ICICI Bank.
- Various organizations in Spain and Mexico were targeted in a spear-phishing attack. Attackers faked payment and litigation notifications to deliver the Grandoreiro banking trojan.
- SharkBot malware’s improved version with cookie-stealing capability infiltrated the Google Play Store via two malicious apps with over 60,000 downloads worldwide. The malware focused on stealing banking credentials.
- As a malicious PDF application, the new Android variant of the Zanubis banking trojan was discovered to target over 40 applications with overlay attacks.
- An MEV arbitrage trading bot made $1 million in DeFi but lost it after being deceived into authorizing a fraudulent transaction.