With the rise of cryptocurrency ETFs, cybercriminals, particularly North Korean hacker groups, are intensifying their attacks on the crypto industry.
The FBI has issued a stern warning, highlighting the tactics used by hackers to steal cryptocurrency and the necessary steps to protect digital assets from these threats.
This article covers everything you need to know about the latest attack methods, including impersonation, malware deployment, and crucial defense strategies to safeguard your crypto investments.
Contents
FBI's Warning on Cyberattacks Targeting the Cryptocurrency Industry
On September 3, 2024, the FBI issued a warning about an intensifying cyber threat from North Korean hacker groups targeting the cryptocurrency industry.
The report reveals that North Korean cyber attackers have been conducting extensive research on various targets related to cryptocurrency ETFs over the past few months.
There is growing concern that companies involved in the development and trading of cryptocurrency ETFs may be at risk of cyberattacks.
North Korean Hackers' Attack Methods
The specific techniques employed by North Korean hackers often involve gathering information on employees of cryptocurrency-related firms and eventually deploying malware during communications. The attackers use the following methods to execute their attacks:
- Information Gathering
Hackers study the social media activity of employees in cryptocurrency firms and use platforms such as job sites to collect detailed information about their targets. - Building Trust through Interaction
Based on the victim’s background, skills, employment status, and interests, hackers craft personalized scenarios to engage the target. They aim to foster long-term communication, gradually building trust with the victim. - Impersonation
Hackers impersonate individuals known to the target, such as recruiters or public figures, to gain the victim’s trust. They often use realistic images or fake photos to present themselves credibly, creating an urgent scenario to encourage the target to comply with their requests. - Malware Distribution
After gaining trust, the hackers subtly distribute malware to the target. They might prompt the victim to download an application or execute a piece of code, embedding malware without raising suspicion.
Countermeasures to Protect Against Cryptocurrency Hacks
The FBI has outlined several measures to defend against these cyberattacks aimed at stealing cryptocurrency:
- Independently verify the identity of contacts using secure communication tools.
- Avoid storing cryptocurrency wallet information on internet-connected devices.
- Do not perform pre-employment tests or execute code on company devices.
- Use independent devices or virtual machines for testing.
- Implement multi-approval mechanisms across different networks when transferring financial assets.
- Regularly switch devices and networks during authentication and approval processes to enhance security checks.
- Limit access to sensitive information.
- Conduct business interactions on closed platforms, requiring face-to-face verification when onboarding new members.
- Require periodic re-verification for remote employees.
- Restrict company-connected devices from downloading or executing programs that are not whitelisted, and disable email attachments by default.
Steps to Take If You Suspect a Cyberattack
If you suspect that you have been targeted by a cyberattack, the FBI recommends the following actions:
- Immediately disconnect affected devices from the internet while leaving them powered on to avoid losing access to recoverable malware artifacts.
- Report the incident to the FBI's Internet Crime Complaint Center (IC3) and consult with law enforcement for further actions.
- Collect as much detail as possible, such as screenshots of communications with the attackers, including identifiers, usernames, online accounts, and other relevant details.
- Share this information with employees to raise awareness and improve understanding of cybercrime among the general public.
As hacking techniques targeting cryptocurrencies become increasingly sophisticated, even experienced users are falling victim to theft. It is essential for anyone holding cryptocurrency to exercise extreme caution.
Unveiling North Korean Hacker Group 'Lazarus' and Their $45 Million Cryptocurrency Assets
Uncover the hidden cryptocurrency assets of North Korean hacker group Lazarus. With over $45 million in assets, discover their hacking history, asset distribution, and more. Learn about ongoing efforts to halt their activities.
続きを見る