Coinbase, the digital currency exchange, is a frequent target of fraudsters and cybercriminals. In a recent case study, Coinbase discussed an actual cyber attack that it faced, where an employee clicked on a link in an SMS message and unwittingly gave their login credentials to the attacker. The attacker, equipped with a legitimate Coinbase employee username and password, made repeated attempts to gain remote access to Coinbase but was blocked by the multi-factor authentication system. The attacker then called the employee, pretending to be from Coinbase IT, and requested their help, leading to a back and forth between the two. Fortunately, no funds were taken and no customer information was accessed or viewed, but some limited contact information for Coinbase employees was taken.
Coinbase believes that this attack was associated with a highly persistent and sophisticated attack campaign that has been targeting scores of companies since last year. The incident highlights the importance of multi-factor authentication and the risk of social engineering attacks. While training employees to be more security aware is important, research shows that people can be fooled eventually, no matter how alert, skilled, and prepared they are.
To help others avoid similar attacks, Coinbase shared some specific Tactics, Techniques, and Procedures (TTPs) to look for in corporate logs / SIEM, such as web traffic to specific addresses and attempted downloads of certain remote desktop viewers. Coinbase’s incident response team was on top of the issue within the first 10 minutes of the attack and launched a full investigation. Because of Coinbase’s layered control environment, no funds were lost, and no customer information was compromised.
The incident underscores the importance of having a robust cybersecurity strategy and response plan in place, as well as the need for continued innovation to blunt the effectiveness of cyber attacks. By being transparent about security issues like this, Coinbase believes it can make the whole community safer and more security aware.
More details on: https://www.coinbase.com/blog/social-engineering-a-coinbase-case-study