Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen Cybersecurity Bulletin (February 27th, 2025)

Posted on 27 Feb 2025 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Overview:

  • Phish Tale of the Week
  • Bybit Suffers $1.5 Billion Cryptocurrency Heist, Linked to North Korean Lazarus Group
  • DISA Data Breach Exposes Personal Information of 3.3 Million Individuals
  • How can Netizen help?

Phish Tale of the Week

Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this email, the actors are appearing as an unnamed company. They’re sending us a text message, asking us if we’re looking for a remote job, and that it’s imperative that we click the link below. It seems both urgent and genuine, so why shouldn’t we? Luckily, there’s plenty of reasons that point to this being a scam.

Here’s how we can tell not to fall for this phish:

  1. The first warning sign for this SMS is the context in which it was sent. When I recieved this SMS, I immediately knew not to click on the link due to the fact that I did not recently inquire anywhere about any remote work; Real companies looking to recruit qualified employees would not reach out to numbers in this way. On top of that, it’s very apparent that this message was blasted out to random numbers: the message doesn’t even include my name or attempt to provide any level of familiarity.
  2. The second warning signs in this email is the messaging. This message tries to create a sense of opportunity and urgency in order to get you to take action by using language such as “potential role opportunity” Phishing and smishing scams commonly attempt to create a sense of urgency/confusion in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link or other attachment sent through SMS.
  3. The final warning sign for this email is the wording; in our case the smisher misspelled the word “opportunity.” All of these factors point to the above being a smishing text, and a very unsophisticated one at that.


General Recommendations:

phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

  1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  2. Verify that the sender is actually from the company sending the message.
  3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  4. Do not give out personal or company information over the internet.
  5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.

Cybersecurity Brief

In this month’s Cybersecurity Brief:

Bybit Suffers $1.5 Billion Cryptocurrency Heist, Linked to North Korean Lazarus Group

Bybit, a major cryptocurrency exchange, has fallen victim to what is being described as the largest cryptocurrency heist in history, with hackers stealing approximately 400,000 Ethereum (ETH and stETH), valued at nearly $1.5 billion. Security experts have linked the attack to North Korea’s notorious Lazarus Group, a state-sponsored cybercrime syndicate known for targeting financial institutions and cryptocurrency platforms.

The attack, which came to light over the weekend, exploited a vulnerability during the transfer of ETH from Bybit’s cold wallet to a warm wallet. The hackers manipulated the user interface, making it appear as though the transaction was legitimate while secretly altering the smart contract logic. This allowed them to take control of the cold wallet and reroute assets to addresses they controlled.

Cybersecurity firm Check Point suggests that the attackers likely identified and compromised multisig signers—individuals responsible for approving transactions—by deploying malware, phishing, or a supply chain attack to gain unauthorized access.

Bybit has been actively working to recover the stolen assets, with nearly $43 million already retrieved thanks to various cryptocurrency services freezing flagged funds. The company has launched a “recovery bug bounty program,” offering rewards of up to 10% of the recovered funds to those who assist in the retrieval process. Bybit has reassured users that all assets remain backed and that the company remains financially stable, even if the full amount is not recovered.

Blockchain security analysts, including ZachXBT, were among the first to identify links between the Bybit hack and the Lazarus Group. Investigators from TRM Labs confirmed this assessment “with high confidence,” citing strong overlaps between the wallets used in this attack and those involved in previous North Korean crypto heists.

Elliptic, another leading blockchain intelligence firm, also attributed the attack to Lazarus based on the laundering techniques used by the hackers. Within two hours of the breach, the stolen Ethereum was split into 50 different wallets and gradually emptied through centralized and decentralized exchanges, as well as cross-chain bridges. The attackers have been steadily converting the stolen ETH into Bitcoin, a tactic previously observed in Lazarus-linked operations.

The Bybit heist is the latest in a series of large-scale cryptocurrency thefts attributed to North Korea. In 2024, the FBI officially accused North Korean hackers of stealing $308 million from Bitcoin.DMM.com, while the infamous $600 million Ronin bridge hack was also linked to Lazarus.

Recent estimates from the US, Japan, and South Korea indicate that North Korean hackers stole approximately $660 million in cryptocurrency in 2024 alone, further cementing the regime’s reliance on cybercrime to fund its illicit activities.

To read more about this article, click here.

DISA Data Breach Exposes Personal Information of 3.3 Million Individuals

DISA Global Solutions, a Texas-based provider of background screening and drug testing services, has disclosed a major data breach affecting over 3.3 million individuals. The breach, which occurred in early 2024, exposed sensitive personal information, including Social Security numbers, driver’s license details, and financial account data.

According to DISA, the intrusion was detected on April 22, 2024, but forensic investigations determined that hackers had gained access to a portion of its network as early as February 9, 2024. The company has since undertaken a comprehensive review of the stolen files to identify affected individuals and assess the scope of the breach.

A public notice posted on DISA’s website confirms that impacted individuals will receive notifications and be offered one year of free credit monitoring and identity restoration services. However, DISA has not observed any confirmed misuse of the stolen data at this time.

While the exact nature of the cyberattack remains unclear, no known ransomware group has claimed responsibility for the incident. DISA, which serves more than 55,000 businesses and conducts millions of screenings annually, has not disclosed whether the breach was the result of a ransomware attack or another form of cyber intrusion.

DISA has assured stakeholders that it is working to strengthen its security posture to prevent future incidents.

To read more about this article, click here.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.