A “Fake Job” scam allows cybercriminals to gain entrance to the network at Sky Mavis, makers of the game Axie Infinity, and eventually take the company for half a billion dollars in crypto.
I shake my head when I read about someone falling for a simple phishing scam with a poorly-written email, the need for a victim-user to open a PDF that then wants you to “log on” to Microsoft 365 first (c’mon, really??!?), and then a bogus logon page (the URL doesn’t even match!!!). But a new scam just reported that took place back in March is much more sophisticated and sinister.
According to The Block, hackers approached Sky Mavis developers via LinkedIn with a lucrative job opportunity at a fake company – including a process that involved multiple interviews and a job offer with “generous compensation.”
The final step in the job process was to download and open a PDF, which was Sky Mavis’ downfall, as it was the host for malware that gave cybercriminals access to the Sky Mavis network and, eventually, Ronin – the Etherium-linked sidechain.
What makes this attack so impressive is the expertise on the part of the cybercriminals around Ronin and blockchain – enough to gain them access to the validator nodes. The attackers got a hold of the private keys belonging to five of the nine validators – enough to steal Sky Mavis’ crypto assets to the tune of $540 million.
I’ve said it before and it’s worth saying again… it only takes one Phish.
Organizations need to have every employee with privileged access (which includes finances, administrative access to IT, and – yes – developers) to undergo continual Security Awareness Training so they can remain vigilant if not second-nature, especially in circumstances when emotions and hope run high and human defenses are down.