Bitcoin Forum
November 19, 2024, 06:06:57 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Seemingly simple hacker tactic yet effective against exchange employees  (Read 242 times)
Yogee (OP)
Sr. Member
****
Offline Offline

Activity: 1554
Merit: 413


View Profile
June 25, 2020, 01:17:14 PM
Last edit: June 25, 2020, 02:25:44 PM by Yogee
Merited by DaveF (2), vapourminer (1)
 #1

I just finished reading https://www.bleepingcomputer.com/news/security/cryptocore-hackers-made-over-200m-breaching-crypto-exchanges/ and I was really frustrated at how hackers can steal millions of dollars using easily preventable hacking tactics.

Exchanges can set up the best security system but when employees or their executives are careless, all system are good as useless. A simple practice of "Do not trust, verify" would have saved them and the users all the trouble.

Here's a summary of the article:

1. CryptoCore hackers would collect exchange executive's personal email and impersonate them.  
2. Sends a phishing email to employees containing a document that is password protected.



3. Opening the password protected file will execute VBS scripts that downloads malicious files. Hackers will use that as a backdoor to gain access to password manager account and then steal keys to crypto wallets.  




P.S.
Can anyone teach me how to resize the image? It's too big.
I read it before but forgot.
ABCbits
Legendary
*
Offline Offline

Activity: 3066
Merit: 8092


Crypto Swap Exchange


View Profile
June 25, 2020, 02:17:39 PM
Merited by Yogee (1)
 #2

Human is always weakest part of security. But the interesting part is the hacker is willing to search employee personal email (rather than work email), where people usually don't take precautions or open it from personal PC which contain all important files.

P.S. Use this BBcode to resize your image

Code:
[img width=400]https://www.bleepstatic.com/images/news/security/attacks/c/cryptocore/spear-phishing-attack.jpg[/img]

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DaveF
Legendary
*
Offline Offline

Activity: 3668
Merit: 6673


Crypto Swap Exchange


View Profile WWW
June 25, 2020, 02:26:34 PM
 #3

Spear Phishing has been getting worse because people are getting cheaper and not investing in proper IT security.
If I am an employee at Yogee Exchange and I get an email from my boss ETFbitcoin there should be 1 of 2 things happening.

1) There is an indication that it came from a local account
2) An indication that it did not and I should be careful.

Either one works, but if you do not have your corporate email server setup to do that then you do not have even a basic IT security policy in place.

IF the hackers managed to get into the mail server to actually authenticate and send as ETFbitcoin then you are already in deep trouble.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mk4
Legendary
*
Offline Offline

Activity: 2926
Merit: 3881


📟 t3rminal.xyz


View Profile WWW
June 25, 2020, 04:16:34 PM
 #4

That's why it's really really important for companies(most especially in the finance industry) in general to make sure about these kinds of exploits. And the problem is, you don't even need to go this deep to potentially get what you want. Remember the sim-swap attacks in the past years? Stealing good amounts of bitcoin on Coinbase? Yea, not even a malware was needed. Only pure social-engineering.

https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

» t3rminal.xyz «
Telegram Alert Bots for Traders
Welsh
Staff
Legendary
*
Offline Offline

Activity: 3318
Merit: 4116


View Profile
June 25, 2020, 11:29:26 PM
 #5

Social engineering is by far the most used method, because normally the very weak point of a system is the person that is employed by the company, and doesn't have knowledge in social engineering attempts. Usually, somewhat low qualified, and low wage, where as if they wanted to hack into the system through a sophisticated way they would be likely dealing with Cyber Security experts which are on a lot of money, and therefore put more effort into their work. For example, a lowly paid, and therefore lowly motivated employee with decent access to the backend usually isn't going to be as motivated to protect against these types of attacks.
Baofeng
Legendary
*
Offline Offline

Activity: 2786
Merit: 1681



View Profile
June 25, 2020, 11:33:42 PM
 #6

Exchanges and it's employees are going to be a high value target for this scammers and cyber-criminals. That's why it is very important that this people understand how those criminals work and how it can be prevented by educating them on good security hygiene. Attacks came from different directions but I think the one of the best practice is not to click anything on their email, specially unknown sources with URL shortener, emails with attachments. This should be practice not by just mid-tier employees, but it should start from top management as well.

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
shield132
Hero Member
*****
Online Online

Activity: 2408
Merit: 926


Metawin.com - Truly the best casino ever


View Profile
June 26, 2020, 09:51:24 AM
 #7

User above me showed you how to resize image via bbcode but I'll offer you another option (takes some time but good for all of us).

1. Upload your image and resize on https://resizeimage.net/
2. Download resized image and then upload on https://tinyjpg.com/
3. Download compressed image and put among tags [ img][/img]

This way images are compress while still maintaining high quality and as a result bitcointalk users load website faster because of compressed images (saves our MBs when we are using mobile data).

Not only employees or their executives are careless but they don't have enough knowledge and don't put enough resources in developing better and higher security standards.

At the same time problem lies in users too. People just blindly open everything, the most curious proof of it is how people share every fake news they see in social medias and they can't decide whether BBC provides more relevant information or 9gag.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
slaman29
Legendary
*
Offline Offline

Activity: 2842
Merit: 1293


Livecasino, 20% cashback, no fuss payouts.


View Profile
June 26, 2020, 10:35:29 AM
 #8

It's the oldest tactic in the phishing book and it continues to work until today. My cousin's company just lost a huge amount of money last week too and guess why? Their boss requested their HR to make a payment to a supplier invoice but he didn't realize the sender was fake. They had been spying on his email for a long time, and found out a huge supplier was supposed to bill them, so they did that, pretended to be the supplier and boom.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Yogee (OP)
Sr. Member
****
Offline Offline

Activity: 1554
Merit: 413


View Profile
July 04, 2020, 01:15:00 PM
 #9

Human is always weakest part of security. But the interesting part is the hacker is willing to search employee personal email (rather than work email), where people usually don't take precautions or open it from personal PC which contain all important files.
......
That personal email part got my attention too and yes it's less likely for employees to be less cautious when opening mails. Maybe they thought it's more private and more secure  Huh

Spear Phishing has been getting worse because people are getting cheaper and not investing in proper IT security.
If I am an employee at Yogee Exchange and I get an email from my boss ETFbitcoin there should be 1 of 2 things happening.

1) There is an indication that it came from a local account
2) An indication that it did not and I should be careful.

Either one works, but if you do not have your corporate email server setup to do that then you do not have even a basic IT security policy in place.

IF the hackers managed to get into the mail server to actually authenticate and send as ETFbitcoin then you are already in deep trouble.

-Dave
It is hard to believe and I personally doubt that crypto echanges wouldn't invest in proper security but that seems to be the case. For sure they have the funds but maybe they're trying to save up for more profits in exchange of user funds  Huh

That's why it's really really important for companies(most especially in the finance industry) in general to make sure about these kinds of exploits. And the problem is, you don't even need to go this deep to potentially get what you want. Remember the sim-swap attacks in the past years? Stealing good amounts of bitcoin on Coinbase? Yea, not even a malware was needed. Only pure social-engineering.

https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124
I agree that employees & executives needs to be educated and it doesn't take a lot to brief them every now and then. Most companies will avert these kinds of attacks if they are well informed and they apply what they were taught.

I heard of the sim port attack before but this is the first time I've read a personal testimony of a victim.

Social engineering is by far the most used method, because normally the very weak point of a system is the person that is employed by the company, and doesn't have knowledge in social engineering attempts. Usually, somewhat low qualified, and low wage, where as if they wanted to hack into the system through a sophisticated way they would be likely dealing with Cyber Security experts which are on a lot of money, and therefore put more effort into their work. For example, a lowly paid, and therefore lowly motivated employee with decent access to the backend usually isn't going to be as motivated to protect against these types of attacks.
Accessing accounts of lower tier employees is probably where it started in all the hacking cases stated in the article. It's also true that the level of security awareness are different. 

Exchanges and it's employees are going to be a high value target for this scammers and cyber-criminals. That's why it is very important that this people understand how those criminals work and how it can be prevented by educating them on good security hygiene. Attacks came from different directions but I think the one of the best practice is not to click anything on their email, specially unknown sources with URL shortener, emails with attachments. This should be practice not by just mid-tier employees, but it should start from top management as well.
Spot on. Unfortunately, most of these guys do not verify first if the file they got is legitimate. It's unlikely they will even question their boss or superior if it really came from them out of fear.

......
Not only employees or their executives are careless but they don't have enough knowledge and don't put enough resources in developing better and higher security standards.

......
More savings and profit over security. Priorities  Wink

It's the oldest tactic in the phishing book and it continues to work until today. My cousin's company just lost a huge amount of money last week too and guess why? Their boss requested their HR to make a payment to a supplier invoice but he didn't realize the sender was fake. They had been spying on his email for a long time, and found out a huge supplier was supposed to bill them, so they did that, pretended to be the supplier and boom.
If the boss himself is unable to verify if the supplier is legit, then the company is in big trouble. This is not the first time I heard of such cases.

It's not related to the topic but is HR the Human Resource? If that's the case, I am curious as to why the owner would ask their HR instead of the company accountant who is likely more knowledgeable and more cautious when it comes to releasing payments.
NotATether
Legendary
*
Offline Offline

Activity: 1792
Merit: 7390


Top Crypto Casino


View Profile WWW
July 04, 2020, 03:50:41 PM
 #10

They should take corporate classes about phishing that teaches them how to detect a phishing scam and what to do when someone is phishing you. I can't stress the last part enough. All companies should have policies about how to handle phishing attacks including contacting law enforcement and sending legal notices against the phishers and maybe the email hosting provider they are using if it's a sketchy company address that's not being hosted by a mega email company (since they are most likely overrun with phishing email addresses).

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
trish22
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile
July 04, 2020, 03:55:49 PM
 #11

Very informative, even so secure sites , if targeted by hackers  it will be hack and only time is the difference on how long the system will be penetrated.
smyslov
Sr. Member
****
Offline Offline

Activity: 2030
Merit: 269


View Profile
July 05, 2020, 01:40:38 AM
 #12

There is also such a thing as conniving with hackers or inside job, they will just make it complicated and execute a set up hacking via social engineering to make it appear that an employee is not part of the game, we have seen a lot of hacked exchange charged with inside jobs, exchange is one of the lifeline of Cryptocurrency exchange if exchange shows weakness, the market price will take a dip, of course it depends on the reputation of the exchange
Quidat
Hero Member
*****
Offline Offline

Activity: 2702
Merit: 540


DGbet.fun - Crypto Sportsbook


View Profile
July 05, 2020, 11:31:53 AM
 #13

There is also such a thing as conniving with hackers or inside job, they will just make it complicated and execute a set up hacking via social engineering to make it appear that an employee is not part of the game, we have seen a lot of hacked exchange charged with inside jobs, exchange is one of the lifeline of Cryptocurrency exchange if exchange shows weakness, the market price will take a dip, of course it depends on the reputation of the exchange

This is indeed true! Some of these cases are just simply a cover up of an inside job and do took blame for some social engineering victim but actually they are part on said hacking incident.
When it comes to security aspect then we cant deny that human are the weakest part of it.This social engineering kind of way is already been known but people are way too careless
but we cant really deny that hackers are way too patient on finding those personal emails of said employees on said exchange.Dont know on how they do it in the first place on just knowing
that they are part of the company.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!