In a blog post on its website, Liquid said that last week, on Friday, November 13, 2020,a hacker managed to breach employee email accounts and pivot to its internal network. The company said it detected the intrusion before the hacker stole any funds, but a subsequent investigation revealed that the attacker was able to collect personal information from Liquid’s database that stored user details.
Further information suggests a domain hosting provider “GoDaddy” that managed one the core domain names incorrectly transferred control of the account and domain to a malicious actor. As ZDNet reports, the stolen information included real name, home address, emails, and encrypted passwords.
Providing commentary on the incident for Digital Journal is Dr. Vinay Sridhara, CTO of Balbix.
Sridhara begins by stating that the incident exposes serious system flaws: “This incident is another reminder of the importance of basic cyber hygiene, as Domain Name Server (DNS) hijacking attacks have been fairly common against cryptocurrency services over the past few years.”
With this form of attack, Sridhara says: “DHS hijackings happen when users are unknowingly redirected to a malicious site. In this incident, Liquid’s employees were redirected to fake login pages where their email credentials were collected and later used to access the company’s internal infrastructure. Through this, the intruder was able to obtain the names, home addresses, emails, and encrypted passwords of users.”
In terms of what needs to be done, Sridhara recommends: “Cryptocurrency organizations that collect transactional data must be continuously monitoring all IT assets across hundreds of potential attack vectors to detect vulnerabilities. This involves analyzing tens of billions of time-varying data signals, a task that is not a human-scale problem anymore.”
In terms of more general lessons, Sridhara proposes: “Organizations must leverage security tools that observe these data points in real-time and employ AI and ML to analyze and derive insights in order to prioritize the vulnerabilities that need to get fixed first. Proactively managing risk must become the new norm and is a requirement for successful cybersecurity practice.”