Operational security professionals work to figure out where their information can be breached. Looking at operations from a malicious third-party’s perspective allows us to spot vulnerabilities we may have otherwise missed so that we can implement proper countermeasures.
Operational security professionals work to figure out where their information can be breached. The most important thing to understand here is the path of the cyber attack — its vector. Let’s take a closer look.
Let’s take a hypothetical situation in which your computer gets infected with a Remote Access Trojan (RAT) virus. One of two things may happen. If the attack was carried out by a rookie hacker (i.e a lamer) then he likely orchestrated a wide massive attack without a target in mind. He can steal some information on you like your browser cookies and then sell it.
Social Engineering. Example (1).
The second option is that this was a direct attack. The hackers made a phishing page on your router, through which you could enter your password (poisoning the DNS server). To prevent this type of attack, you ideally need to separate your machines and networks. You should also check certificates.
Here is an example of a very dangerous cyber attack on your crypto wallet:
Consider checking the entire address of your addressee’s wallet before you click Send!
In short, crypto clipper, address poisoning and «zero-transfer/approve transaction» attacks are just vanity-generated address attack variations! For example, that’s how scammers are using vanity-gen to generate an address similar to the victim’s ones (first 4 and last 5 digits are similar) in a address poisoning attack. This is common at ETH, BSC, even BTC!
While seemingly simple and similar to the Dusting Attack, this is a completely new thing closer to social engineering / vanity attacks/phishing!
Examples of address poisoning on Bitcoin:
Bitcoin clipper examples:
Questions began to be raised over the discovery of mysterious outgoing zero transactions with supposed approve signatures…
Check out this example, seen both at Tron and Ethereum Main-net:
This address (Attacker):etherscan.io/address/0xfe3c53086f256219b81a6afbf614cd839c1c5982Is interacting with this smart contract (and other similar ones):etherscan.io/address/0x23dd013da6d35b3271c9199e38d659e763e38463Creating transactions like these: etherscan.io/tx/0x7da7966512de60eef5c494407782bddf569d1cfb42793f0afe77ee9e2edc16bf
Another example (Tron):
The transferFrom function was called, not transfer, which means that the Fromaddress was supposed to give that address who signed the transaction, but since the sum is zero and all new contract memory cells are initialized with zeros, everything runs smoothly (since there is a 0 for any address) (deepl.com) 🤔
TLDR: You must just ignore these transactions!
Here, an attacker is sending 0 transactions in hope someone will copy last receiver address and send crypto by mistake — like in a clipboard (clipper malware) attack!
Unlike the first attack the attackers may also first wait for you to ask about strange transactions somewhere on Twitter and then finish scam with using social engineering in DMs!
Let us take Jane who is a diligent employee at her company. Information about Jane is publicly available on her social networks. Some sensitive information about her might have even been revealed in some leaks, such as the 2014 Yahoo Mail user account information breach. Generally, she is no different from you or us. So far, so good.
But then, a troll shows up and starts stalking her around social networks, writing hurtful comments, for example. He expands his cyberbullying to others in Jane’s company, bringing distress to his victims.
Even at this stage, the attack has done enough damage to cripple the culture of openness inside the company. Employees may stop sharing personal information or speaking candidly about problems for fear of ridicule or retaliation.
Jane continues to suffer the troll’s attacks in silence. If Jane blocks the troll’s account, he will make another. If he knows her address, multiple pizza deliveries may suddenly arrive at her door. It is no life.
At this point in our story, in comes John. He is a stranger but, he too has a public account and has suffered from the actions of this same troll as evident from attacks on his page. He makes Jane a proposition for cooperation on how to stop the attacks. He says he knows a way to silence the troll.
Sure he knows the way. The Knight to the Rescue and the Evil Troll are one and the same person. The troll’s trick was to establish an emotionally supportive bond with someone who was experiencing pain.
John created a condition where Jane is now more likely to follow John’s seemingly innocent suggestion. She may click on a URL link or open a file sent to her. She might even come out and meet John.
This story may end badly for Jane. A potential scam by John should have been stopped at the beginning — at the stage when the target got recruited.
Are there any good guidelines to follow so that we do not end up in Jane’s position?
The exploitation of love or anger happens less often because the scammer would need to maintain a psychological connection with the victim, requiring skill, time, and familiarity with the target. In our situation, the scammer exploited the victims’ fear. What is more, in order for this attack to succeed the victim had to be rushed.
A skillful social engineer will not give the victim much time to think, and will always press for urgency. This is the first thing to pay attention to — If you are rushed to give out sensitive information (or any information at all, for that matter), it is a good time to pause.
The second point to note is that when you find yourself in a similar situation, do not try to solve the problem by yourself. Ask a friend, a frequent contributor to your favorite Discord server, or a moderator of any well-known DAO. Good people want to help. Get a second opinion.
Sometimes scammers just want to get dirt on the victim or de-anonymize the target. Often, however, sophisticated cyber exploits can come coupled with either a malware injection or a phishing attack, or some other surprise.
In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don’t have a definite answer here — both yes and no.
First of all, There is a lot of malware for macOS/IOS, the thing is that exploits 0days/1 day for MacOS/IOS costs slightly more than Windows/Android.
There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits — they always cost more), I suggest you go to Zerodium and see the prices.
In general, the toolkit is more or less the same so don’t assume that macOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.
In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5–10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.
Hackers also care about economics, profit, and cost. If they are confident they can take the risk. Keep that in mind.
Use Qubes OS, Whonix, Tails, or Graphene OS (which is way better than closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can’t help you if you don’t care about simple security rules — keep that in mind.
I am not asking you to comply with all of this, but you must remember the main rule in this particular case:
If we finally want to give people the opportunity to be their own bank, we must realize that in this case, people must be able to replace all those services and actions for which traditional banks get money.
Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match the most prepared wins, and we want that to be you!
Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! If you want to support my work, you can send me a donation to the address:
Violent Attack Vectors in Web3: A Detailed Review was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.
Also read: Test Atari 7800+ : faut-il craquer pour la réédition de la console rétro ?
