• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

ClearSky’s $200 Million Lesson on Security for High Value Targets

June 25, 2020 By Trevor Collins

Yesterday ClearSky, a security research group, released a report on a threat actor group called CryptoCore. As you may guess by the name, CryptoCore specifically targets cryptocurrency wallets and exchanges.

This group carefully and methodically social engineers companies that run exchanges for cryptocurrency like Bitcoin. At first, they target the personal account of an employee, perhaps a manager. Then, using the information from this person’s account they spear-phish an executive in an attempt to install malware on the executive’s personal computer. CryptoCore attempts to gather passwords through these spear-phishing attempts. These highly sophisticated attacks by CryptoCore allowed them to rake in over $200 million over the last two years.

While the issue lies with cryptocurrency exchanges, their lack of security gives us examples of what not to do in high security settings. Many exchanges lack the proper security to protect high-value targets that control millions of dollars. At no point should one person’s password control the exchange. CryptoCore attempts to disable multi-factor authentication if it exists but a properly configured server should never allow this. Additionally, even the owner or CEO of an exchange should never access the administrator’s account from their work or personal computer. Instead, administrative access should be restricted to a dedicated server with no Internet access for this purpose. This way an adversary can’t disable multi-factor authentication without physical access or through a vulnerability in the authentication. For the client side, you should use multi-factor authentication for any amount of money. If the exchange or any high-value target uses dedicated development servers and forces multi-factor authentication then even a compromised password, by itself, won’t allow access to the data.

Share This:

Related

Filed Under: Editorial Articles

Comments

  1. Blair Duncan says

    June 27, 2020 at 10:02 am

    Also a good case for not having Hot Wallets in an exchange – amazed how many still do this when it has been proven time & again they do not have solid core security and they also cannot react quickly if breaches.

    Reply
    • Trevor Collins says

      July 6, 2020 at 1:59 pm

      You certainly add a lot of risk with a Hot Wallet.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use