Tag Archive for: shift
A blockchain expert explains how North Korea’s $625 million crypto hack presents a new national security threat — and why it marks a shift in the global ‘digital battlefield’
- North Korea’s huge crypto hack marks a new era in cybersecurity threats.
- “If there was ever a doubt that hacks were not tied to national security, that’s been resolved,” a blockchain expert told Insider.
US authorities this week tied North Korean hackers to the historic $625 million Axie Infinity crypto swindle, with the massive hack signifying the emergence of a new type of national security threat, according to a blockchain expert.
On Thursday, the US Treasury Department added an Ethereum wallet address to its sanction list after the wallet facilitated transfers for more than $86 million of the stolen funds.
The hacking outfits Lazarus and APT38, both linked to North Korea, were behind the theft, the FBI said in a statement, and the funds are generating revenue for Kim Jong Un’s regime.
Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can participate in new-age cyber-warfare.
“Over the last few years many hacks have been perpetrated by North Korea,” Redbord told Insider. “But the magnitude of this one shows things have moved from small exploits to true national security concerns. It’s staggering — bank robbery at the speed of the internet.”
For years, North Korean actors have been responsible for cyberattacks, including a high-profile hit against Sony in 2014. But groups like Lazarus have grown increasingly sophisticated and ambitious.
Meanwhile, businesses within the nascent crypto sector are still finding their footing when it comes to cybersecurity, which makes them vulnerable to hacking groups which are continuously honing their tactics.
“North Korea realized a hack against an online retailer was one thing, but going after crypto exchanges is a more effective way to fund destabilizing activity at a very low cost to them,” Redbord said.
The country was an early adopter of cryptocurrency money laundering, he added, and there’s no sign it’s bad actors will slow their efforts since it’s proven to be extremely profitable.
What’s more, Redbord noted that social engineering attacks, such as the Axie Infinity infiltration, are becoming more advanced.
These hacks aren’t a…
Social Engineering Threats Rose 270% in 2021 – Indicating a Shift to Multi-Channel Phishing Attacks as Apps and Browsers Move to the Cloud
Humans are the most vulnerable cybersecurity entry points into an organization. By moving completely to the cloud, apps and browsers are all humans need to communicate with work, family, and friends. In the Human Hacking report recently published by SlashNext Threat Labs, data shows phishing attacks rose 51% over 2020 (a record-breaking year), and 59% were credential stealing.
As human interaction has largely moved to the cloud, cybercriminals are taking advantage of this by attacking outside of email and looking to less secure channels like SMS text, social media, gaming, collaboration tools, and search apps. Social engineering is the cybercriminal’s preferred method of hacking humans, as demonstrated in the 270% increase in social engineering threats found by SlashNext in 2021. There were many contributing factors to the increase, including one million malicious URLs in July during the Tokyo Olympics found on all digital channels, including apps and browsers.
The other contributing factor to the spike in social engineering is the 2021 LinkedIn data breach. The two data breaches at LinkedIn resulted in over one billion records being sold on the Darkweb, available to cybercriminals to increase spear-phishing efforts towards high-value targets. Cybercriminals are using these attacks to gain access to corporate data, which leads to 91% of all successful cyber breaches – including ransomware attacks, data theft, and over $30 billion of financial fraud.
Another trend revealed in the report is the increase in phishing on legitimate hosting infrastructure. Of the more than 14 million malicious URLs SlashNext identified in 2021, 2.5 million were spear-phishing hosted on legitimate infrastructures like AWS, Azure, outlook.com, and sharepoint.com. What is attractive about using legitimate infrastructure is the opportunity for cybercriminals to easily evade current detection technologies like secure email gateways, firewalls, and proxy.
The shifting phishing landscape, combined with cybercriminals’ access to automation, data, and intelligence, has quickly made human hacking the number one cyber threat. Previous security strategies, including secure email gateways,…
DigiCOOP delivers cybersecurity lessons as it ramps up shift to digital transactions in rural areas
TEAMS OF DigiCOOP, the digital platform of the biggest financial cooperative in Mindanao, has started teaching members about cybersecurity alongside the push to shift more transactions online.
Ana Cuisia, chairman of Taxion Cooperative that provides the DigiCOOP platform to the First Community Credit Cooperative, Inc. (FICCO), said they have found out that scammers have been on the prey for people in rural areas.
“The team soon realized that transitioning non-digital platform users to the digital space needs to go beyond merely acclimatizing them to the functionalities of an app or a browser-based platform. On the ground, we have heard horror stories about cooperative store owners who unknowingly (or knowingly but with no malicious intent) shared their computer passwords or their own user credentials with outside parties,” she said in a statement.
The 67-year old FICCO, which has over 400,000 members mostly in Mindanao, launched the DigiCOOP for members in July. It is targeting to have at least 75% or 300,000 of members switch to digital services by the end of the year.
Ms. Cuisia said they have been conducting orientation and trainings to cooperatives in the countryside, which now include a session on cyber security.
“Technology and education are the great equalizers of opportunities,” she said.
DigiCOOP, which can be used through a mobile application or an internet browser, can be used by FICCO members for financial services such as bills payment, loan availment, money transfer, and online purchase.
Alongside the digital shift, FICCO is also launching 10 digiCOOP Business Centers in Mindanao this year to expand membership.
Ms. Cuisia said in an email interview that the physical stores will complement the digital platform in terms of attracting more clients who may or may not be able to go online.
“DigiCOOP would like to cater to the most underserved which may not have access to smartphones or internet connection, and that’s why we have made the services offline too, through the digiCOOP business centers,” she said. — MSJ