Hackers use MailChimp phishing attack to hack cryptocurrency wallets. Learn how to stay safe before and after Phishing Hack
Last few weeks have been hyperactive for security responders. First Okta Lapsus attack and now MailChimp threatens to shake the confidence of the businesses relying on cloud services.
Mailchimp attack primarily used social engineering to get MailChimp employee credentials to get in the door. Target: Highly lucrative names, emails and other attributes of the users of the cryptocurrency platform.
Mailchimp CISO Siobhan Smyth has said that:
“The company had become aware of the breach on March 26th when it detected unauthorized access of a tool used by the company’s customer support and account administration teams. Although Mailchimp deactivated the compromised employee accounts after learning of the breach, the hackers were still able to view around 300 Mailchimp user accounts and obtain audience data from 102 of them”
Mailchimp has issued apology to its customers and highlighted the efforts it is taking to gain customer trust.
However, further revealed details of the hack show that the hack comprising Mailchimp’s internal tools was just one piece in a bigger puzzle. One of the stolen email lists was used to send a fake data breach notification to Trezor customers, prompting them to download a new version of the Trezor Suite desktop application. In fact, the email sent users to a phishing site that hosted a fake copy of the application, designed to steal the seed phrase that would allow hackers to gain total control over a user’s cryptocurrency wallet. It’s currently unclear whether any Trezor users had funds stolen by the attack.
In a blog post published Monday, Trezor said that the attack was “exceptional in its sophistication and … clearly planned to a high level of detail,” with the cloned version of the Trezor Suite app presenting a realistic functionality to anyone who installed it. SatoshiLabs, the makers of the Trezor wallet, have not yet responded to further questions sent by The Verge.
So far, Mailchimp’s analysis has concluded that the attackers focused on obtaining data from users in the cryptocurrency and finance sectors. Unfortunately for Trezor users — and for customers of every other organization whose data was compromised — it’s safe to say that a skilled threat actor now has knowledge of the users’ email contact details and potentially the type of crypto hardware and software they are using.
Users of Trezor devices have been advised to report any new phishing attempts directly to security@trezor.io. Mailchimp has stated that the owners of all other compromised accounts have been informed, so more notifications from affected entities will likely appear soon.
Here are the Cyber Risk Prevention tips from Rainbow Secure team:
- Defeat Social engineering tactics. Run phishing simulation campaigns and periodic cyber awareness campaigns for the workforce to keep them informed of the best cyber hygiene practices.
- Defeat attempts to steal your credentials and use it to launch automated account take over attacks. There is more than ever need to eliminate phisable credentials from the equation altogether. Password phrases do good only till certain point. It gives false sense of security. Anything that malware or script can copy or spoof is not fit for any production live system. Adopt multi-layer login defense like rainbow secure.
- Always turn on MFA, better deploy Smart MFA like Rainbow Secure Smart multi-factor that gives multi-layer MFA in true sense.
- Adopt Smart Service Recognization methods to prevent your users from trusting fake sites and fake applications.
Book a session with one of the security experts at rainbow secure and learn how to secure your business, your business or fintech service.
About Rainbow Secure:
Rainbow Secure helps business upgrade its IAM SSO login authentication to multi-layer color and style powered security, a solution platform that prevents brute-force, phishing, credential stuffing, password reuse, data breach and account take over threats while giving best user experience across all platforms. Patented Rainbow Secure password, Passwordless OTP and biometrics solutions gives multi-layer defense in all types of user interactions with your platform.
#CyberAttack #BruteforcePrevention #PhishingMitigation #StayCyberSafe #CyberNews #RainbowSecure #InfrastructureSecurity #HackingNews #Cybersecurity #CISA #FBI #Infragard #IdentityManagement #SingleSignon #riskmitigation