Official forum for Utopia Community

You are not logged in.

#1 2023-02-21 22:13:10

Registered: 2023-01-04
Posts: 2,088

In a cyber attack, a Coinbase employee falls victim to an SMS scam, ex

Coinbase, a popular cryptocurrency exchange platform, disclosed a cybersecurity attack that targeted its employees.
According to the company, its "cyber controls prevented the attacker from gaining direct system access, as well as any loss of funds or compromise of customer information."
The incident, which occurred on February 5, 2023, exposed a "limited amount of data" from its directory, which included employee names, e-mail addresses, and some phone numbers.
Several employees were targeted as part of the attack in an SMS phishing campaign urging them to sign in to their company accounts to read an important message.
One employee is said to have fallen for the scam, entering their username and password into a bogus login page set up by the threat actors in order to steal the credentials.
"After 'logging in,' the employee is prompted to disregard the message and thanked for doing so," according to the company. "What happened next was that the attacker [...] attempted to gain remote access to Coinbase several times."

These attempts to log in to the systems using the captured credentials proved to be unsuccessful owing to the multi-factor authentication protections that were enabled for the account.

Undeterred, the threat actor called the employee claiming to be from the Coinbase corporate Information Technology (IT) team and directed the individual to log into their workstation and follow a set of instructions.

"That began a back and forth between the attacker and an increasingly suspicious employee," Coinbase explained. "As the conversation progressed, the requests got more and more suspicious."

The company said it was alerted within the first 10 minutes of the attack and that its incident responders reached out to the victim to inquire about the suspicious activity from their account, prompting the person to sever all communications with the adversary.

Coinbase did not elaborate on the exact instructions the threat actor gave to the employee, but urged other companies to be on the lookout for potential attempts to install remote desktop software such as AnyDesk or ISL Online as well as a legitimate Google Chrome extension called EditThisCookie.

It also warned of incoming phone calls and text messages from specific providers like Google Voice, Skype, Vonage/Nexmo, and Bandwidth.

Coinbase further noted that the attack is likely linked to the sophisticated phishing campaign known as 0ktapus (aka Scatter Swine) that targeted over 130 companies, including Twilio, Cloudflare, MailChimp, and Signal, among others, last year.


Board footer

Powered by FluxBB