Amidst another year inundated with data breaches it can be dizzying to even keep track of those that may impact you. It is important to remember that threat actors are indeed keeping track. For many, it can also be difficult to connect the dots between when a breach happens and how that stolen data may be leveraged against you.
Our Threat Analysts have been paying extra close attention to Bitcoin related scams given its historic rise in value over the past weeks. We have observed various attacks looking to take advantage of this meteoric rise, but one also illustrates well how attackers will leverage even what may seem like relatively benign data to launch scams, phishing and even malware attacks.
This morning we found threat actors are now sending personalized email threats to Bitcoin investors. These email threats rely on data stolen from cryptocurrency solution provider Ledger earlier this year. Reports have stated that, “The name, mailing addresses and phone numbers for 272,000 customers have been recently released by hackers.” It seems that cybercriminals made fast use of this stolen data after it was posted recently on Raidforums. Ledger customers were reassured in a statement by the provider, “This data breach has no link nor impact on our hardware wallets, the app or your funds.” However, that is not to say there will not be any indirect fallout. Namely, at least some of these customers are now subjected to personalized scams like we see so often after data like this is released.
The emails themselves appear to be addressed to the Ledger account holder and include, in the body of the message, the recipient name and address of record (redacted in the screenshot below for privacy). We have certainly seen scams of all ilk, but this may be the first to threaten home invasion.
And while it is our opinion that the threats made within the email are a sham, there are always a few people in any large group who will take the bait and pay the ransom. This is what these threat actors typically rely on in attacks like these - playing the numbers.
Today cybercriminals upped the ante in their efforts to take advantage of the Ledger breach news. Attackers are now launching phishing attacks which seek to gain access to Ledger accounts with the ultimate goal of stealing users crypto-assets. These emails are well-crafted and contain personalization within the body of the message, as well as a personalized link.
The URLs embedded in the body of these emails leads to a well crafted phishing page designed to harvest passphrases and pin numbers from the user. As you can see, the domain name being used could certainly look legitimate at first glance, but was registered by the threat actor just yesterday.
With the price of Bitcoin at all time highs, we expect more related attacks and scams to surface in the coming weeks.