Cybercriminals have reportedly “duped” a senior engineer at a crypto-based online gaming company, Axie Infinity, into applying for a job at a “fictitious” company.
The result: “the loss of $540 million in cryptocurrency,” according to an update shared with CI (and also widely reported).
While the U.S. had previously tied the attack to North Korean hacking group Lazarus, details of how they did it “are now coming to light for the first time.”
The engineer had allegedly downloaded a fake “offer” letter, “delivered as a PDF document, which allowed spyware to infiltrate Axie Infinity’s IT systems.” Hackers attacked and then apparently “took over four out of nine validators on the network.”
In statements shared with CI, Danny Lopez, CEO at Glasswall, a cybersecurity company that specializes in protecting organizations against threats hiding in external files, noted:
“This is a perfect example of the risks of file-based threats and how easy it is for hackers to infiltrate your systems through documents shared both externally and internally. You can never be too careful – no matter how legitimate something looks on the surface, it can harbor malicious code. Taking a proactive approach to cyber security is far more efficient and cost-effective than relying on a reactive approach and simply responding to an attack that has already gained control of your system.”
“Content Disarm and Reconstruction (CDR) technology is an example of a proactive approach that provides immediate protection as a threat enters the IT environment. All files undergo an instant, four-step process to ensure that every document is completely safe by removing any potentially malicious code. First, the file is inspected to confirm that no deviations from the good manufacturer’s specification are present in its digital DNA – any irregularities are remediated.”
He also mentioned:
“The file is then cleaned to remove any high-risk content – e.g. embedded links – and rebuilt to close any security blind spots. This guarantees that the file is threat-free before it is delivered to the user.”
Danny further noted:
“A simple, proactive solution like CDR is so valuable because it helps to create a digital environment where a threat cannot exist. This means that users can trust every document that enters or leaves an organization. What’s more, CDR achieves this quickly, allowing operations to continue as usual without sacrificing productivity or security.”