"What Can We Learn from the Latest Coinbase Cyberattack?"

The cryptocurrency exchange Coinbase has thwarted a cyberattack that could have been launched by the same malicious actors who attacked Twillio, Cloudflare, and a number of other companies in 2022. Using smishing and vishing, the attackers attempted to trick Coinbase employees into sharing login credentials and installing remote desktop applications. However, they were only partially successful, as the company's incident response team responded quickly to alerts of unusual activity, and the attackers were ultimately unable to access customer data or steal funds. Coinbase has disclosed the tactics, techniques, and procedures (TTPs) used by the attackers so that the security teams of other companies can be on the watch. They consist of web traffic pointing to domains that combine the company's name with "sso," "login," or "dashboard," but do not belong to the company. The TTPs also include attempted downloads of remote desktop software such as AnyDesk or ISL Online or browser extensions that enable the modification of cookies. This article continues to discuss the cyberattack on the cryptocurrency exchange Coinbase, TTPs, and risk mitigation advice. 

Help Net Security reports "What Can We Learn from the Latest Coinbase Cyberattack?"