From: thepipeline_xyz
Attackers typically aim for three primary objectives when targeting individuals or entities [00:00:00]:
Primary Objectives
- Funds Attackers seek funds stored on-chain, on centralized exchanges (CEXs), or within various wallets [00:00:04].
- Access Attackers may seek to gain access to an individual’s accounts or systems to use them as an interception point to reach others [00:00:09]. This could involve leveraging the compromised individual’s trusted position to target colleagues, friends, or family [00:00:16]. For example, if a public figure’s account is compromised, attackers could use that leverage in a spear phishing campaign or employ social engineering tactics to gain access to others, such as by sending malicious meeting invitations [00:00:27].
- Data Sensitive credentials and other data are also targets [00:00:38]. Any location where sensitive credentials are stored must be rigorously audited for security vulnerabilities [00:00:41].
Mitigation Strategy
Individuals must have a clear understanding of all potential points of failure in their digital and personal lives [00:00:46]. This involves inventorying these vulnerabilities and creating an attack surface map to identify all areas of concern [00:00:53]. Once identified, these points should be continually tweaked and mitigated [00:01:00].