The blog post details an actual cyber attack that occurred at Coinbase, where an attacker used social engineering tactics to gain access to an employee's account. The attacker claimed to be from Coinbase corporate Information Technology (IT) and asked the employee for help, leading to a back and forth conversation that resulted in the attacker obtaining limited contact information for Coinbase employees. Fortunately, Coinbase's Computer Security Incident Response Team (CSIRT) was able to respond quickly and prevent any customer funds or information from being compromised.
The blog post highlights the fact that anyone can be social engineered and that direct contact social engineering attacks, where an attacker directly contacts an individual via social media, mobile phone, or in person, are particularly difficult to resist. As such, the post recommends that individuals be suspicious of anyone asking for personal information and never share their credentials or allow anyone to remotely access their devices.
For Coinbase accounts, the post suggests using a physical security token for access or the Coinbase vault solution for additional layers of protection.
Finally, the post provides some specific Tactics, Techniques, and Procedures (TTPs) to look for in corporate logs/SIEM to help identify potential attacks, such as web traffic to certain addresses, attempted downloads of certain remote desktop viewers, and unexpected attempts to install certain browser extensions.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
