Users of the popular messaging platform Discord have been targeted recently with threat actors hijacking servers and stealing assets. This has been particularly pro...
Contributed by David Sun – Cybersecurity Principal
What happened?
Users of the popular messaging platform Discord have been targeted recently with threat actors hijacking servers and stealing assets. This has been particularly problematic in the Non-Fungible Token (NFT) space where CLA’s incident response team has recently responded to a rash of NFT’s being compromised resulting in tremendous losses. These compromises have allowed threat actors to use legitimate accounts to announce fake drops or links, where participating victims end up losing assets in fake transactions. To evade detection, sometimes these announcements are made via direct message (DM) so others cannot see what is happening.
How did it happen?
At the heart of the attack is social engineering, phishing and programmable bots. Discord admins or mods are tricked into clicking a link which runs a Javascript program harvesting their active Discord username, authentication token and other data. Once the threat actor has this they can authenticate as the user, even bypassing multi-factor authentication. As an admin or mod, they are able to ban users, create new roles and secure ongoing control while posting content that others will believe to be legitimate.
How can you mitigate the risk?
If you manage a Discord server, beware of this attack. Consider maintaining two accounts, a normal user account for day to day activity and a separate elevated account used only for admin and mod activities. Only have the elevated user logged in when performing management activities and log out when done. Never click on links while logged in as an elevated user. If you are a member of a Discord server, be cautious of offers and requests via DM.
How can CLA help?
If your organization is experiencing damage from the hijacking of a Discord server or some other social media asset, CLA’s Incident Response team can assist. In addition, if you would like to learn about how CLA can help with other strategies to mitigate your organization’s cyber risk, feel free to contact us.
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us