{"id":555229,"date":"2023-02-22T22:00:00","date_gmt":"2023-02-22T19:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/coinbase-discloses-recent-cyberattack-targeting-employees\/"},"modified":"2023-02-22T22:00:00","modified_gmt":"2023-02-22T19:00:00","slug":"coinbase-discloses-recent-cyberattack-targeting-employees","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/coinbase-discloses-recent-cyberattack-targeting-employees\/","title":{"rendered":"# Coinbase discloses recent cyberattack targeting employees"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2ee78d032f9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2ee78d032f9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/coinbase-discloses-recent-cyberattack-targeting-employees\/#%E2%80%9D_Coinbase_discloses_recent_cyberattack_targeting_employees_%E2%80%9C\" >&#8221; Coinbase discloses recent cyberattack targeting employees  &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Coinbase_discloses_recent_cyberattack_targeting_employees_%E2%80%9C\"><\/span>&#8221; Coinbase discloses recent cyberattack targeting employees  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDIvOTY3ZjI4YmMtYzcxNy00ZTcyLWFiMDktNzE2YmM4MTU5M2RhLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-48054ca8>Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.coinbase.com\/blog\/social-engineering-a-coinbase-case-study\">according<\/a>\u00a0to a recent report from the company&#8217;s engineering team. No customers&#8217; funds or information were impacted, the firm said.<\/p>\n<p>As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter&#8217; instructions:<\/p>\n<blockquote><p>&#8220;While the majority ignore this unprompted message &#8211; one employee, believing that it\u2019s an important and legitimate message, clicks the link and enters in their username and password. After \u201clogging in\u201d, the employee is prompted to disregard the message and thanked for complying.&#8221;\u00a0<\/p><\/blockquote>\n<p>The perpetrator then made repeated attempts to gain remote access to Coinbase&#8217;s internal systems with the employee&#8217;s username and password, but was unable to pass through the Multi-Factor Authentication (MFA) security measure.\u00a0<\/p>\n<p>After failing to authenticate and being automatically blocked, the exploiter contacted the employee by phone. According to the report, the attacker claimed to be Coinbase&#8217;s IT department and asked the employee for assistance:<\/p>\n<blockquote><p>&#8220;Believing that they were speaking to a legitimate Coinbase IT staff member, the employee logged into their workstation and began following the attacker\u2019s instructions. That began a back and forth between the attacker and an increasingly suspicious employee. As the conversation progressed, the requests got more and more suspicious.&#8221;<\/p><\/blockquote>\n<p>Coinbase&#8217;s Computer Security Incident Response Team (CSIRT) was alerted about an unusual activity by its Security Incident and Event Management (SIEM) system. An incident responder reached out to the victim via the company&#8217;s internal messaging system in response to the atypical behavior.<\/p>\n<p>&#8220;Realizing something was seriously wrong, the employee terminated all communications with the attacker&#8221;, said the report. According to Coinbase, its layered control environment protected customer funds and information, even though some of its personnel&#8217;s information had been compromised.<\/p>\n<p>The company believes the attack is associated with a sophisticated attack campaign that targeted many companies since last year, especially in the United States. Cybersecurity company Group-IB<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/0ktapus-campaign\/\"> reported<\/a> in August 2022 similar phishing attacks on employees of Twilio and Cloudflare as part of a massive campaign ending in 9,931 accounts of over 130 organizations being compromised. <\/p>\n<p>Coinbase&#8217;s team also noted that its customers and employees are frequent targets of fraudsters, and the solution lies in offering <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ropriate training:<\/p>\n<blockquote><p>&#8220;Research shows again and again that all people can be fooled eventually, no matter how alert, skilled, and prepared they are. We must always work from the assumption that bad things will happen. We need to be constantly innovating to blunt the effectiveness of these attacks while also striving to improve the overall experience of our customers and employees.&#8221;<\/p><\/blockquote>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/coinbase-discloses-recent-cyberattack-targeting-employees\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Coinbase discloses recent cyberattack targeting employees &#8220; Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according\u00a0to a recent report from the company&#8217;s engineering team. No customers&#8217; funds or information were impacted, the firm said. As per the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":555230,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/967f28bc-c717-4e72-ab09-716bc81593da.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74882,117,70375,70944,72287,4965],"class_list":["post-555229","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-hacks","tag-business","tag-cybersecurity","tag-hackers","tag-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/555229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=555229"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/555229\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/555230"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=555229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=555229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=555229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}