May 13
You may be the main weapon
About a month ago we discussed cryptosecurity and listed the attack types a blockchain system can face, from a 51% attack to denial-of-service.
But these are external threats. Fraudsters can also come from the other side. For example, a few days ago a new cheat method was spotted in MetaMask. IPhone users received a notification with “an official” recommendation to change their cloud storage password. Before that, MetaMask users got emails with instructions to go through KYC. Although MetaMask does not collect mail addresses!
Quite often phishing emails push with phrases like “your wallet is under the threat of hacking”, “your password was stolen”. As a result, recipients of such emails act emotionally and don’t always think about the details. If you link the wallet to uncertain sites trying to earn quickly, such manipulations are guaranteed.
In addition to social engineering, cybercriminals are fond of cryptojacking. They get access to a third-party device and use it for mining while the user does not even understand this, he is just surprised by the sharp drop in the performance of his gadget.
How do scammers get this opportunity? They distribute the infected software through websites or mailing files.
To mine on a large scale, attackers target not only end-user PCs but also entire cloud services. Since the configuration of many online systems is standardized and public by default (and is also well documented), hackers do not need any sophisticated tools. In addition, they can penetrate through the same trivial email to some users.
It may seem that parasitizing on a cloud system is not as dangerous as, for example, leaking data and destroying infrastructure. But it entails slower work, customer churn, and new security holes.
As you can see, there are many cyberrisks. To stay safe, you need to follow the rules of digital hygiene: do not visit questionable sites and leave your data on them, do not follow suspicious links, do not download files from unknown sources. Install antivirus, after all. And do not believe the calls and letters in the form of “to prevent the theft of your money, urgently change your password or tell us the code word”.
— — — — — — — — — — — — — — — — — — — — — — — — — —
