Breaking

Sunday, October 21, 2018

Cryptocurrency exchanges quick to shift blame from incompetent employees, to North Korea - following massive amounts of stolen funds...

Every year respected cybersecurity outlet Group-IB releases an annual report, and according to TheNextWeb which obtained an advance summary of their latest - North Korea is to blame for the majority of major cryptocurrency exchange hacks.

The date range covered is Feb 2018 to Sept 2018, where $882 million worth of cryptocurrency was stolen, and North Korea is getting credit for $571 million of it.

Problem is, as soon as the words "North Korea" come up, everyone focuses on who did it, instead of how they did it. 

Chart of recent hacks. "Lazarus" is a NK hacker group. 
The most alarming part is - the methods used aren't very sophisticated.

“Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam that has a malware embedded in the document, After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.” the report says.

Let's be clear at what we're looking at here - incompetence within the exchanges, and poorly trained employees.

Every method listed above involves a human within an exchange making amateur-level mistakes - not actual security holes in their networks.  Whether it be opening an e-mail attachment that turns out to be malware, or "social engineering" which is a nice way to say - someone simply talked someone within the exchange to let them into someone else's account.

Which makes me wonder - sure, i'm convinced North Korea has state funded operations dedicated to stealing cryptocurrency - i'm definitely not arguing their innocence.

But when the exchanges are falling for old, simple scams leading to massive amounts of stolen funds - you have to wonder if they'd even admit it if the suspect was actually a 14 year old wanna-be hacker.  A quick way to distract the public from where they went wrong, would be to switch the conversation to the hot topic of North Korea.  Remember, it's in-part these exchanges "internal investigations" coming to these conclusions.

But the fact is, blame here falls directly on these exchanges which clearly have employees with high levels of access, and low security training. 

Even if North Korea was behind all of these - at best, they just happened to do it first.  If getting past exchange security is truly this easy - someone was going to do it eventually.
-------
Author: Ross Davis
E-Mail: Ross@GlobalCryptoPress.com Twitter:@RossFM
San Francisco News Desk