HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

FBI warns cryptocurrency firms of North Korean social engineering attacks

Written by Caitlin Anthoney | Sep 5, 2024 1:43:09 PM

On September 03, 2024, the FBI warned cryptocurrency companies about North Korean hackers using social engineering techniques to steal their digital assets.

 

What happened  

In a recent public service announcement, the FBI warned cryptocurrency firms about the ongoing threat from North Korean state-sponsored hackers. These threat actors use targeted social engineering techniques to breach networks and steal crypto assets. 

Usually, they impersonate legitimate contacts or recruiters to target their victims. Once the hackers gain the victim’s trust, they use malware to steal the data. The hackers are experts in the cryptocurrency field and often speak fluent English, making them seem more credible. The FBI urges the cryptocurrency sector to improve its cybersecurity against these advanced social engineering attacks.

 

The backstory 

North Korea is linked to multiple cyberattacks targeting cryptocurrency firms, with billions of dollars stolen since 2017. Their state-funded hacking groups, Lazarus Group and Kimsuky, have been involved in high-profile cryptocurrency heists, including the Harmony blockchain bridge breach, in which they stole $100 million in assets. 

Read also: Counter spear-phishing with DMARC mitigation methods

 

What was said  

The FBI bulletin stated,North Korean malicious cyber actors routinely impersonate a range of individuals, including contacts a victim may know personally or indirectly. Impersonations can involve general recruiters on professional networking websites or prominent people associated with certain technologies.” 

The FBI suggests companies "develop [their] own unique methods to verify a contact’s identity," using "separate unconnected communication platforms." Companies should not "store information about cryptocurrency wallets" like passwords, wallet IDs, or private keys.

The FBI further advised using "multiple factors of authentication and approvals from several different unconnected networks" for any movement of financial assets. Firms with large quantities of cryptocurrency should block devices from "downloading or executing files" unless they come fromspecific white-listed programs, and disabling email attachments by default.”

 

By the numbers

  • North Korean hackers have stolen $3 billion in cryptocurrency since 2017.
  • In 2022 alone, $1.7 billion was stolen, making up 5% of North Korea’s economy.
  • The largest hacks include the Ronin network bridge ($620 million), Nomad bridge ($190 million), and Harmony blockchain bridge ($100 million).

 

In the know 

Social engineering attacks use human psychology to gain unauthorized access to networks and data. 98% of cyberattacks rely on social engineering, making it one of the most common tactics. These attacks often involve sending phishing emails to manipulate victims into disclosing confidential information like passwords, usernames, or financial information.

 

Why it matters  

Cryptocurrency is growing in value and global relevance, leading to more cyberattacks. So, North Korean hackers are using sophisticated social engineering techniques to infiltrate their cybersecurity. The FBI's warning suggests threats will increase, especially as more individuals and businesses invest in cryptocurrency. 

 

The bottom line  

Cryptocurrency companies must improve their cybersecurity measures to protect themselves against these threats. They should also stay informed about the latest tactics to prevent attacks from these state-sponsored hacking groups.  

 

FAQs

How do phishing attacks work?

Phishing attacks usually involve fraudulent emails or messages that appear legitimate, tricking individuals into clicking on malicious links or attachments or disclosing personal information like passwords and financial details.

 

What are common signs of a phishing attack?

Common signs include misspelled URLs, urgent requests for sensitive information, unfamiliar senders, or suspicious attachments.

 

How can organizations protect themselves from social engineering attacks?

Organizations should verify the identity of contacts using separate, secure platforms, avoid clicking on suspicious links, and use multi-factor authentication for sensitive accounts. They should also be careful of unexpected emails or messages that ask for personal information.

Read also: Tips to spot phishing emails disguised as healthcare communication