6,000 Coinbase Customers Affected
By Jelle Wieringa, Security Awareness Advocate at Knowbe4
Jelle Wieringa, Security Awareness Advocate at KnowBe4
A threat actor recently stole cryptocurrency from around 6 000 investors after exploiting a vulnerability to bypass the company’s SMS multi-factor authentication security feature. The affected company Coinbase is the second largest cryptocurrency exchange in the world and has around 68 million users from over 100 countries.
In the notification sent to affected customers last week, Coinbase explains that between March and May 20, 2021, a threat actor carried out a hacker attack to break into customer accounts and steal cryptocurrencies. The execution of this sophisticated attack, according to Coinbase, required the attackers to know the email addresses, passwords and phone numbers of customers, as well as access to the victims’ email accounts.
While the question of how the attackers were able to obtain this information has not yet been resolved, Coinbase believes that the attackers stole the account data using phishing campaigns targeting Coinbase customers. It is also known that banking Trojans, commonly used to steal online bank accounts, also spy on Coinbase accounts.
“This isn’t the first time MFA-using Coinbase customers have been compromised. It is at least the second or third time. All MFA solutions can be hacked in several ways. SMS-based MFA solutions are among the easiest to crack. In most cases, users need to use the SMS-based MFA. The problem with all MFA solutions is that it does not inform users that any type of MFA can be hacked, abused and circumvented. The solution is to ensure that all parties involved are aware of the potential vulnerabilities of their respective MFA variant, and that everyone is informed about possible attacks and how to avoid them,” says Roger A. Grimes, Datadriven Evangelist at KnowBe4.
The enormous threat potential of such phishing campaigns can be seen in the fact that more than three billion fake e-mails are in circulation every day and over 90% of cyber attacks start in this form. The big problem here is that the e-mail filters do not detect all of these phishing e-mails and the attacks are also becoming more sophisticated. The employees of an organization are consequently exposed to increasingly complex manipulation techniques through social engineering.
Security Awareness as a key defense against phishing campaigns
The most effective way to prevent such attacks is to provide and implement comprehensive security awareness training for employees. Basically, it is tried to test how attentive the employees are with the help of simulated phishing mails. The aim of the training is to increase awareness of the dangers and the recognition of such attacks. First, so-called baseline tests are carried out, which make it possible to determine the proportion of users susceptible to phishing. In addition, one should find out what kind of attacks they fall for and which ones do not, in order to generate corresponding data for measuring the training success that occurs.
Educating users with interactive and engaging on-demand material is necessary to truly internalize the message, not just treat it superficially and immediately forget it. Furthermore, the internal training courses should be repeated monthly and stored and analyzed on a platform in order to deepen the content and successfully continue the future learning process. The number of successful phishing attacks on the company can be greatly reduced by such training and in addition to the technical security options, employees can thus be trained and used as a human firewall.