First up, as the research paper's abstract says:

The attack requires physical access to the secure element

So, straight off the bat, this reduces the likelihood of attack. Someone would need to actively target you. Of course, if you're the sort of person who secures all their secrets and cryptowallets with a FIDO token, you may be a juicy target!

Secondly, the attack relies on:

the adversary steal[ing] the login and password of a victim’s application account protected with FIDO

So, you need to lose your username, password, and token for this attack to be successful. Again, this is unlikely to happen as a "drive-by" attack.

Once the attacker gets your FIDO token, they need to analyse it using "expensive equipment". A cost of approximately $11,000 according to Ars.

That moves the attack away from the hands of casual criminals. It isn't an insurmountable barrier for organised crime or nation states.

Finally, Appendix A discusses how difficult it is to actually get the equipment close enough to the circuitry:

[…] capturing the EM signal with a small EM probe would not work if this probe is too far from the chip. We hence have to open the YubiKey plastic case to access its logic board. […] In both cases however, the device needs to be re-packaged if the adversary wants to give it back to legitimate user without him noticing. We did not study further this issue.

Here's what it looks like when that probe is placed next to the circuitry:

If you suddenly find your Yubikey smashed or cracked, then you may have been a victim of this attack!

A reasonable way to defend against this is to get some glittery nail polish. No, seriously! Put a blob of glitter polish on the seam of your device. Something like this:

Take a photo. If the baddies grab your YubiKey and crack it open, they won't easily be able to get the pattern correct when they re-seal it. Regularly compare your photo to your device.

The Real Issue With FIDO Tokens

Physical tokens require physical security. I've moved to a an Encrypter Ring. I literally wear my FIDO token. I am extremely likely to notice someone removing my ring (or my finger).

Is your token on your keyring? Where is your keyring right now? In your pocket or hanging up somewhere? Most people either leave their FIDO token laying around out of sight or have it permanently plugged in to their machine. I'm not sure which is worse.

The other major issue is that it is impossible to revoke a FIDO token from all your accounts at once!

You've used your token to register with a few dozen sites, you either lose your key or discover it has been tampered with. What do you do?

There is no way to tell which sites you have used a FIDO token with. You have to remember (or keep a list somewhere). You will need to manually go to each site and revoke the stolen token. If you've forgotten one, you can't revoke it from your key, which means attackers could have unfettered access to that account.

What should I do?

The discoverers of this vulnerability take great pains to say:

it is still safer to use your YubiKey or other impacted products as FIDO hardware authentication token to sign in to applications rather than not using one.

I think they are correct. But there are still a few things you should do to secure yourself against this class of attack.

0. Ensure the physical security of your token. Either wear it as jewellery, implant it in your skin, or reduce the likelihood of it being taken.
1. Ensure the physical integrity of your token. Use nail-varnish or something similar to help you detect if it has been physically compromised.
2. Ensure that you know which sites have been secured with a Yubikey. Make a note of it in your password manager or other secure vault.
3. Ensure that you are less of a target. Don't brag about your security. Certainly don't post on the Internet about which security products you use and the countermeasures you take. Oh shit.