Posted on June 25, 2020 at 7:07 PM
The report revealed that between 10 and 20 victims have been hit by the cybercriminals. The victims are spread across Asia, the Middle East, and the United States.
ClearSky said the hacking syndicate known as “CryptoCore” has been attacking cryptocurrency exchanges and companies since 2018. The hacking group also goes by different pseudonyms such as “Leery Turtle,” and “Dangerous Password.”
“We estimate that the group managed to rake in more than $200 million in two years,” ClearSky stated.
The security firm also pointed out that the hacking group has strong ties with Romania, Russia, Ukraine, as well as the East European region.
Co-founder of ClearSky, Boaz Dolev, revealed his company discovered about 5 different exchange hacks from the group, which followed a particular pattern.
However, he didn’t disclose the identity of the exchanges affected.
Small group but very effective
Doley further stated that the group is made up of a small fraction of hackers, but they attack quickly. He said this while describing how, on one occasion, the hacking group was able to launch an attack with a new domain name only 12 hours after registering it. Doley said the group is a small one but it’s very effective. To date, ClearSky said the hacking group had stolen about $200 million from the exchanges.
The threat intelligence team leader at ClearSky, Or Blatt, said he believes the cybercriminals responsible for the attacks do not have any special training or support. In his description of the attacks, he said they are less sophisticated than some of the hacking attacks seen recently.
He said the attacks were not as sophisticated as the ones carried out by the Russian military intelligence unit that tried to disrupt the American elections four years ago.
Attackers succeeded due to vulnerable social engineering
Blatt further revealed that for this type of attack to be successful, the victims have to be vulnerable to social engineering. In this case, the vulnerable groups are the employees of the affected exchanges. He reiterated that the hackers did not exploit any VPN, which is the most common attacking route for most other hacking groups.
Doley said crypto exchanges should utilize the same security method as banks. He said those who don’t use a similar method of security will be vulnerable to attacks. The security practice of banks is tougher to crack, which is exactly why there are less frequent cases of a security breach in the industry. Doley reiterated that exchanges that will adopt a similar security approach is more likely going to repel cyberattacks.
The report reveals how the hacking syndicate purportedly gained access to the private email accounts of executives of several exchanges. After gaining the initial access, they used spear-phishing tactics to impersonate high-ranking employees to gain information that gives them access to the crypto wallets.
According to security head at Kraken crypto exchange, Nicholas Percoco, the exchange usually sees multiple attacks from vectors through social engineering attempts. The exchange usually shares important information with other companies that are targeted. He further revealed that it’s a common scenario for hackers to target several institutions within an industry, especially those who work at exchanges.
As ClearSky has described, the social engineering campaign concept makes sense in a lot of ways. Kraken said the exchange has engaged in several technical controls and training methods to enlighten staff. He further reiterated that one of the most effective ways to prevent such an attack is to make sure the employees are well informed about the hackers’ social engineering operational methods.
Since it’s not possible to “patch a human,” the best alternative is to focus on training the workers to be more security conscious and aware.
In line with this, Kraken has pledged to offer extensive security training to its employees, including executives. The company said it is actively involved in personal device security, social network security, as well as home network security. Kraken said these are all measures to keep the network safe and provide safety assurance to users of the exchange.