Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
This situation is believed to be able to lead to significant financial losses.
According to news publication BleepingComputer, the FBI issued the warning via a TLP: GREEN Private Industry Notification (PIN) that is designed to provide cybersecurity professionals with the information required to properly defend against these ongoing attacks.
According to the FBI, the attackers use several tactics to steal and launder cryptocurrency, that includes technical support fraud, SIM swapping, and also taking control of their targets’ cryptocurrency exchange accounts through identity theft or even account takeovers.
Unfortunately, it’s quite difficult to track the cryptocurrency once transferred to the attacker-controlled crypto-wallets, thus making it harder for law enforcement agents to recover the stolen funds.
The US security service observed and analyzed the reports received between May 2020 and May 2021 and discovered a series of ways in which the malicious actors are attacking their victims. Some of the most popular ways used were the gaining of access to victims’ crypto exchange accounts after bypassing two-factor authentication, the impersonation of payment platforms or cryptocurrency exchange support staff, and SIM swap attacks that were targeting the customers of multiple phone carriers.
FBI is advising the financial organizations to be careful and check for mails coming from what could be spoofed email addresses and also keep track and monitor any recently created accounts.
What Should Cryptocurrency Owners Do?
Cryptocurrency owners are encouraged by the FBI to have multi-factor authentication (MFA) enabled on all their cryptocurrency accounts, and deny any requests to download and use remote access applications.
Another piece of advice offered by the FBI is to only contact exchanges and payment companies via official phone numbers and email addresses.
Why Attackers Prefer SIM Swapping?
As described by my colleague, Cezarina, SIM swapping, also known as SIM splitting, simjacking, SIM hijacking, and port-out scamming, is a type of fraud that targets your personal information so that cybercriminals can pass themselves off as you and access your bank accounts.
In short, the fraud takes aim at moving control of someone’s phone account from their SIM card to one controlled by the hacker. In general, most victims don’t know they’ve been compromised until they try to place a call or send a text message which doesn’t go through.
By using this method the criminals will become able to log into their victims’ bank or cryptocurrency exchange accounts to steal money and virtual assets, and also lock the victims out of their accounts after changing the passwords.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
