2 Violent attack vectors in Crypto: a detailed review
Officer's Blog
0xB25C
June 2nd, 2022

Abstract

Operational security professionals work to figure out where their information can be breached. Looking at operations from a malicious third-party’s perspective allows us to spot vulnerabilities we may have otherwise missed so that we can implement proper countermeasures. The most important thing to understand here is the path of the cyber attack – its vector. Let's take a closer look.

Example No. 1 - RAT & Social Engineering

Let’s take an hypothetical situation in which your computer gets infected with a Remote Access Trojan (RAT) virus. One of two things may happen. If the attack was carried out by a rookie hacker (i.e a lamer) then he likely orchestrated a wide massive attack without a target in mind. He can steal some information on you like your browser cookies and then sell it.

The second option is that this was a direct attack. The hackers made a phishing page on your router, through which you could enter your password (poisoning of the DNS server). To prevent this type of attack, you ideally need to separate your machines and networks. You should also check certificates.

Here is an example of a very dangerous cyber attack on your crypto wallet:

Source: researchgate.net/publication/339224082_A_Taxonomy_of_Social_Engineering_Defense_Mechanisms
Source: researchgate.net/publication/339224082_A_Taxonomy_of_Social_Engineering_Defense_Mechanisms

  1. Your computer gets infected by malware with a crypto clipper.

  2. Let us say you want to send money from your crypto account to your friend.

  3. When you attempt to copy and paste your friend’s crypto, ETH or BTC address, the clipper will substitute your friend’s address with a generated one that looks a lot like your friend’s (starts and ends with the same characters).

  4. Thus, instead of sending crypto to your friend’s account you actually direct the money directly into the hacker’s account.

Consider checking the entire address of your addressee’s wallet before you click Send.

Sophisticated crypto criminals will throw at you a mix of attack vectors. It could be ​​a Social Engineering vector, plus phishing and a classic malware. They might even attempt a physical attack!

Also check out:

In short, crypto clipper, address poisoning and «zero-transfer/approve transaction» attacks are just vanity-generated address attack variations! For example, that’s how scammers are using vanity-gen to generate an address similar to the victim’s ones (first 4 and last 5 digits are similar) in a address poisoning attack. This is common at ETH, BSC, even BTC!

Example No. 2 - The Troll and the Knight

Social Engineering. Example (1).

Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leak, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.

But then, a troll shows up and starts stalking her around the social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.

Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company.  Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.

Jane continues to suffer the troll's attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.

At this point in our story, in comes John. He is a stranger but, he too, has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.

Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain. John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.

This story may end badly for Jane. A potential scam by John should have been stopped at the beginning – at the stage when the target got recruited.

Source: arxiv.org/pdf/2105.00132.pdf
Source: arxiv.org/pdf/2105.00132.pdf

Are there any good guidelines to follow so that we do not end up in Jane’ position?

  1. The piece of advice “don't let strong emotions influence your actions” applies well for investing into stocks or when choosing a life partner. It can be your first rule in the digital world playground.

  2. If you get scammed, do not lose heart. One thing victims often tell us after being defrauded is “I can’t believe I was so stupid.” Scams happen to the best among us. Evolutionary psychology tells us that we have been wired by evolution to trust other humans for the purpose of our survival. This is why any exploitation of this strong evolutionary adaptation is particularly painful to us.

  3. If you are in a managerial role, make sure your employees aren't sick, tired or go hungry at work. When employees are physically or emotionally weakened, they become vulnerable to psychological influence.

  4. If you work a lot with files, particularly PDFs, you can use these protective measures.

  5. While you may be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.

  6. We recommend that you follow these 25 rules to safeguard yourself from nefarious Internet scammers. The first 10 rules on the list relate to personal security, and the rest to corporate security.

Exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time and familiarity with the target. In our situation the scammer exploited the victims' fear. What is more, in order for this attack to succeed the victim had to be rushed.

Source: www.sciencedirect.com/science/article/pii/S0167404816300268
Source: www.sciencedirect.com/science/article/pii/S0167404816300268

A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to – If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.

The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server or a moderator of any well-known DAO. Good people want to help. Get a second opinion.

Sometimes scammers just want to get dirt on the victim or de-anonymize the target.   Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.

Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, whitehat cheat sheets and defenses. Only knowledge can defeat criminal’s knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!

Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!

If you want to support my work, you can send me a donation to the address:

Thank you! ❤️

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
4BI9MLIwON4lWji…qw3YgmhjeDqAMbI
Author Address
0xB25C5E8fA1E53eE…9F6A66B786ED77A
Content Digest
rt5W3_6PhnXZ8Vj…0EJ7CqPi6CLU6Pk