Crypto trade Coinbase has confirmed that it was briefly compromised by the identical attackers that focused Twilio, Cloudflare, DoorDash, and greater than 100 different organizations final yr.
In a post-mortem of the incident revealed over the weekend, Coinbase mentioned that the so-called ‘0ktapus’ hackers stole the login credentials of one in every of its staff in an try to remotely achieve entry to the corporate’s methods.
0ktapus is a hacking group that has focused more than 130 organizations in 2022 as a part of an ongoing effort to steal the credentials of 1000’s of staff, usually by impersonating Okta log-in pages. That determine of 130 organizations is now seemingly a lot increased, as a leaked Crowdstrike report seen by TechCrunch claims that the gang is now concentrating on a number of tech and online game corporations.
Within the case of Coinbase, the 0ktapus hackers first despatched spoofed SMS textual content messages to a number of staff on February 5 advising that they wanted to log in urgently utilizing the hyperlink offered to obtain an essential message. One worker adopted the phishing hyperlink and entered their credentials. Within the subsequent part, the attacker tried to log into Coinbase’s inside methods utilizing the stolen credentials however failed as a result of entry was protected with multi-factor authentication.
Some 20 minutes later, the attacker used voice phishing, or “vishing,” to name the worker claiming to be from the Coinbase IT workforce, and directed the sufferer to log into their workstation. This allowed the attacker to view worker data, together with names, e-mail addresses and cellphone numbers.
“A risk actor was capable of view the dashboard of a small variety of inside Coinbase communication instruments and entry restricted worker contact data,” Coinbase spokesperson Jaclyn Gross sales instructed TechCrunch. “The risk actor was capable of see, via a display screen share, sure views of inside dashboards and accessed restricted worker contact data.”
Nevertheless, Coinbase says its safety workforce responded rapidly, stopping the risk accessor from accessing buyer knowledge or funds. “Our safety workforce was capable of detect uncommon exercise rapidly and forestall some other entry to inside methods or knowledge,” Gross sales added.
Coinbase mentioned no buyer knowledge was accessed, however the firm’s chief data safety officer Jeff Lunglhofer mentioned he recommends that customers contemplate switching to {hardware} safety keys for stronger account entry, however didn’t say whether or not it makes use of {hardware} keys internally, which can’t be phished.
Source link
