Security News > 2023 > February > Coinbase breached by social engineers, employee data stolen
Coinbase did list some of the cybercriminal tools, techniques and procedures that it experienced in this attack, and the list provides some useful tips for threat defenders and XDR teams.
Perhaps Coinbase uses hardware tokens, such as Yubikeys, that don't work simply by providing a six-digit code that you transcribe from your phone to your browser or login app? Perhaps the crooks failed to ask for the code at all? Perhaps the employee spotted the phish after giving away their password but before revealing the final one-time secret needed to complete the process? From the wording in the Coinbase report, we suspect that the crooks either forgot or couldn't find a believable way to capture the needed 2FA data in their fake login screens.
Even if you have tried to keep your work contact details confidential, they may already be out there and widely-known anyway, thanks to an earlier breach you might not have detected, or to a historical attack against a secondary source, such as an outsourcing company to which you once entrusted your staff data.
In the Coinbase breach, the social engineers who'd called up in the second phase of the attack apparently asked the victim to install AnyDesk, followed by ISL Online.
LEARN MORE ABOUT ACTIVE ADVERSARIES. In real life, what really works for the cybercrooks when they initiate an attack? How do you find and treat the underlying cause of an attack, instead of just dealing with the obvious symptoms?
Take a look at Sophos Managed Detection and Response:24/7 threat hunting, detection, and response ?. LEARN MORE ABOUT SOCIAL ENGINEERING. Join us for a fascinating interview with Rachel Tobac, DEFCON Social Engineering Capture the Flag champ, about how to detect and rebuff scammers, social engineers and other sleazy cybercrimimals.