Technology

Coinbase Cyberattack Targeted Employees Via Fake SMS Alert

According to the Coinbase cryptocurrency exchange platform, an unfamiliar threat actor efficiently stole one of its employees’ login details to gain remote access to the company’s system and wanted to hack all the necessary information.

As per the company, the hacker obtained contact information related to multiple Coinbase employees. Whereas the customer finds and data remained unaffected.

Coinbase cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Only a limited amount of data from our corporate directory was caught”. Coinbase

Coinbase wanted to be aware of other companies to take active measures to prevent themselves from such attacks.

Attack Details

On Sunday, the attacker tried to get information by sending a fake message. The attacker targeted several employees with SMS alerts notifying them to log in to their company accounts to read an important message.

In addition, a few employees ignored the message, whereas one of them fell for the trick and followed the instructions.

After entering the credentials attacker thanked them and prompted them to disregard the message.

After getting the login credentials, the attacker made an attempt to enter Coinbase’s internal system using the available login. Fortunately, he failed because access was not easy and protected with multi-factor authentication (MFA).

Hardly 20 mins later, the atta Ker tried another strategy and called the employees to say that we were from the Coinbase IT team and instructed the victim to log into their workstation and follow the instructions.

Fortunately, no funds were taken AMD no customer information was accessed or reviewed. But some limited contact information for our employees was taken. Specifically employee’s name, email addresses, and some contact details”.

Coinbase’s CSIRT detected the unusual activity within 10 minutes of getting the message. In addition, they contacted the victim to inquire about unusual recent activities from their account.

Later, the employees realized something was fishy and terminated communications with the attacker.

 

Guideline To Protect From Attack

Coinbase has shared some of the observed TTPs to help other companies to identify a similar attack and defend against it:

Web traffic from the company’s technology assets to specific addresses such as SSO.com, login.-sso.com, and dashboard.com

Incoming calls from specific providers, including Skype, Vonage, Bandwidth, and Google Voice
Any expected attempts to install any software/app or any browser extension, including EditThisCookie

Additional Coinbase theme domains that match the company’s description discovered by Will Thomas of the Equinix Threat Analysis Centre(ETAC), and they may have been used in the attack:

sso-cbhq[.]com
sso-cb[.]com
coinbase[.]sso-cloud[.]com

According to the cybersecurity company Group-IB, the threat performer stole almost 1,000 corporate access logins by sending phishing links over SMS to the company workforce.

However, companies’ employees responsible for managing digital assets and possessing a solid online presence are bound and targeted by social engineering actors at any point.

Alas, by employing a multi-layered defense, an attack can be sufficiently complex for most threat actors to give up. MFA protection implementation and physical security token usage can help safeguard both consumer and corporate accounts.

Read more:

India’s Tata Power confirms Cyberattack on its IT Infrastructure

Israel & Iran squaring off once again after Israel’s cyberattack disrupts Iran’s nuclear facility

 

 

 

 

 

 

 

 

Sponsored
Senoria Khursheed

Share
Published by
Senoria Khursheed

Recent Posts

Telecom Operators to Automatically Restore SIMs for Tax Filers

The Federal Board of Revenue (FBR) has introduced a comprehensive mechanism for blocking and unblocking…

14 mins ago

Trump’s Influence Fuels Bitcoin to Cross $100,000

Bitcoin broke the $100,000 mark for the first time on Thursday, driven by Trump's crypto-friendly…

47 mins ago

PSX Hits New Heights, Surges by 1,800 Points to Cross 97,000

On Thursday, the Pakistan Stock Exchange (PSX) 100 Index surged by 1,781.94 points, or 1.86%,…

1 hour ago

Pakistan’s IT Minister Defends Internet Restrictions: Here’s All We Know!

Shaza Fatima Khawaja, Minister of State for IT and Telecom, made it clear on Thursday…

2 hours ago

PayPal Resolves Global Outage Impacting Thousands

PayPal, the global payment processing company, announced on Friday that it had successfully resolved a…

3 hours ago

7,300 Teaching Interns Hired Across Punjab

LAHORE: Punjab government colleges have completed the recruitment of 7,354 teaching interns. The Higher Education…

4 hours ago