08 Apr Cybersecurity expert reiterates importance of vigilance to thwart phishing cyberattacks
A Trezor hardware wallet mailing list has fallen victim to a phishing cyber attack, compromising the data belonging to over 100,000 of Trezor’s customers.
The list was used to distribute fake data breach notifications in order to steal cryptocurrency wallets and the assets stored within them.
After the attack, Trezor took to social media to confirm these emails were part of a sophisticated phishing attack sent through one of their opt-in newsletters hosted at MailChimp. Trezor later said that MailChimp allegedly confirmed their service was compromised by an “insider” targeting cryptocurrency companies.
Cybersecurity experts at cybersecurity company Tanium have now spoken out about the importance of staying vigilant to stop attacks like these taking hold.
Zac Warren, Senior Director of Cybersecurity Advisory at Tanium EMEA, said: “This attack is a reminder that links in emails should always be checked to ensure that they aren’t harmful. Attacks launched by insiders are particularly dangerous because the emails were sent from a genuine source, so recipients would have to look very closely to notice something wasn’t right.
“Other cryptocurrency and digital wallet companies should now be checking if they have fallen victim to the same attack because if they have it’s important to respond to the incident as quickly as possible. In the event of a breach, it’s vital that IT teams have comprehensive visibility of their IT estate. This helps them to identify what parts of their network have been compromised and to locate the attacker and stop any further damage. Visibility will also give organisations an indication of whether sensitive data might have been accessed which is important for several reasons including compliance.”
He added: “Staff training is another important element of preventing phishing attacks like this. By educating staff about the dangers and how they can identify a potential threat, organisations can prevent some of these attacks at the first step. Even if a breach does take place, staff training can help IT teams tackle the problem at an early stage and minimise the damage. Staff training should be included in all cyber hygiene programs along with the visibility of endpoints and networks.”