If you think this doesn’t affect you because you don’t have any cryptocurrency holdings, you are very much mistaken.
North Korea steals $1.5bn as it pulls off world’s biggest ever heist
This is a revealing article as it shows the sheer scale of North Korea’s operation and some of their methods. And remember, Russia and China are just as active, if not more so. On top of that there is a whole worldwide industry of smaller hacking groups all actively trying to access your system and cause you harm. This is not all about cryptocurrency, they want real pounds and dollars too. Yours.
These are the points you need to be aware of:
The North Korean hackers were able to steal the huge crypto haul through a multi-layered and long-planned attack, according to Chainalysis. Hackers gained access to Bybit’s internal systems using so-called “phishing” email, which prompted an employee to input their login details to a seemingly legitimate website that was actually compromised.
This is Hacking 101
They start off with an email seemingly from someone trusted that dupes an employee into logging into a website and submitting their login details. These are then used by the hackers. This is so basic and it’s something that any of your people can fall for. It doesn’t matter who they are, even if they are someone without any special access on your network. The hackers know how to exploit that account and gain ever-increasing levels of control. Everybody in your organisation needs to understand the risk and be vigilant.
[analysts] have said the attack served as a “stark reminder” of the advanced tactics employed by the country’s hackers. As well as technical skills, North Korean hackers are adept at what is known as “social engineering”: manipulating people to do what they want in order to pave the way for a heist.
“Social engineering” encompasses a range of techniques from a very simple email claiming to have a package for you that you need to confirm your identity for, to very sophisticated emails that purport to come from someone senior in your organisation with a specific plausible request. The latter type can be especially effective and take days, weeks or even months of planning. But the payoff can be massive.
How do they do that?
There is a wealth of information that hackers can find out about you, your key staff, and your company. They will trawl Facebook for people who work at your organisation, they will cross reference them with LinkedIn to find out their roles and relationships to each other. They can then create a scenario where they pick out a useful target, send an email seemingly from someone the target knows of but doesn’t know personally, and cite some ongoing real project at your organisation that has an issue the target can help with. And stress how urgent it is so the target doesn’t have time for some obvious checking.
A national priority
You probably don’t have enough time in the day to keep up to date with all these attack ‘vectors’, but you can bet the hackers do. In North Korea it is a national priority because their economy depends on it:
A Soviet-style focus on science and technology has created a “whole education pipeline” for future cyber experts, said Mr Pilling. North Korean science prodigies are identified from a young age, before being pushed to compete in international maths and programming competitions.
Do you remember reading about the NHS getting hacked? Do you remember reading about Wannacry? And operations and hospital appointments being cancelled? They did that too and hacked critical computer networks all around the world.
Lazarus Group has also been blamed for a near-$1bn heist from a Bangladeshi bank in 2016 and the global Wannacry cyber attack, which knocked hundreds of thousands of computers offline with damaging ransomware, including NHS systems.
You don’t have to become an expert at this, and you don’t need to train all your people to be experts either, it could become all consuming and nobody would have time to do their real work! But you do need to raise awareness of the risks and teach people to be ultra cautious.