Coinbase Employee Targeted in SMS Attack
Reading Time: 2 minutesA Coinbase employee has fallen victim to an SMS-based cyberattack, in which certain data was made vulnerable.
Limited data has been made available to malicious actors after a Coinbase employee fell victim to a fake SMS alert attack.
A Coinbase Employee Has Been Successfully Targeted by Attackers
On February 17, 2023, cryptocurrency exchange Coinbase made a blog post discussing a recent SMS attack, in which one employee fell victim. The attack, conducted using social engineering tactics, took place on February 5, with a number of employees being initially targeted.
In the Coinbase blog post, written by Jeff Lunglhofer, it was stated that a ‘limited amount of data’ was exposed in the attack. This data included ’employee names, e-mail addresses, and some phone numbers’.
While most of the employees targeted dodged the scam, one individual interacted with the fake alert. After clicking on the provided link within the SMS, the employee provided their credentials to a fake login webpage, which the attacker then used to try and access their Coinbase account.
Lunglhofer wrote that the attacker ‘made repeated attempts to gain remote access to Coinbase’, but fortunately this did not happen.
Coinbase Managed to Contain the Attack
In the aforementioned post, Lunglhofer stated that Coinbase was able to stop the attack before the operators gained direct system access. In fact, Coinbase’s Computer Security Incident Response Team (CSIRT) detected and tackled the attack just ten minutes after it began. Coinbase’s Security Incident and Event Management (SIEM) system alerted CSIRT of unusual activity in a short period of time, allowing the team to mitigate the issue quickly.
What’s more, it was written in the post that ‘no customer funds or customer information were impacted’ during the attack. So, all in all, this attack was relatively small-scale and didn’t do much damage.
Coinbase also stated that it ‘believes in transparency, and we want our employees, customers, and the community to hear the details of this attack and to share the Tactics, Techniques, and Procedures (TTPs) used by this adversary, so everyone can better protect themselves.’
Coinbase Looks to Learn from This Attack
In its blog post regarding this incident, Lunglhofer wrote that there was something to be learned, and that ‘by talking openly about security issues like this’ the Coinbase community can be made ‘safer and more security aware.’
Lunglhofer also noted that this attack took place as a result of lacking knowledge, stating that ‘customers, employees, and people everywhere need to be better trained.’
Coinbase Is No Stranger to Cyberattacks
This is by no means the first time Coinbase has been targeted by cybercriminals. This cryptocurrency exchange has been targeted by and suffered from various attacks in the past, and chances are they will continue to do so in the future.
Reference: https://www.makeuseof.com/coinbase-employee-targeted-in-sms-attack/
Ref: makeuseof
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG