Security News > 2023 > February > What can we learn from the latest Coinbase cyberattack?

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year.

Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing login credentials and installing remote desktop applications, and were only partly successful: the company's incident response team quickly reacted to "Unusual activity" alerts and, in the end, the attackers were unable to access customer information or steal funds.

The attack started on a Sunday, February 5th, 2023, when a number of Coinbase employees received a text message saying that they needed to urgently log into the company systems via a provided link, so they could receive an important message.

In the end, the attackers managed to get their hands on some employees' names, e-mail addresses, and phone numbers, which they may end up using for social engineering attacks at a later date.

Lunglhofer did not share which second layer of authentication Coinbase employees use or whether the attackers even tried to get the employee to share their additional authentication factor - but having MFA set up blocked that avenue of attack, and the attackers were forced to switch to vishing.

Coinbase has shared the tactics, techniques, and procedures employed by attackers so other organizations' security teams can be on the lookout for.

News URL

https://www.helpnetsecurity.com/2023/02/21/coinbase-cyberattack/