Coinbase Detail Recently Blocked Malware Attack

Coinbase Detail Recently Blocked Malware Attack

Security staff at Coinbase have detailed how a recent attack on their systems was effectively blocked preventing a malicious attack on their platform.

In the report penned by Phillip Martin, Coinbase’s Chief Information Security Officer, it described how the attack was orchestrated by someone posing as Gregory Harris, a Research Grants Administrator at the University of Cambridge. However, as Coinbase soon realised they were actually about to be subject to a “sophisticated, highly targeted, thought out attack that used spear-phishing/social engineering tactic” explained Martin.

Instigating the Attack

Following a series of emails where “nothing seemed amiss,” the attack was hidden in one email by Harris, in the form of a URL which, if opened in Firefox, would install malware which had the capabilities to take control over the victims’ machine.  

This is what is known in the computer security world as a zero-day vulnerability. However, in this case, there were two of these zero-days chained together, with the first allowing the attacker to escalate privileges via Javascript and a second that would allow them to evade the browser sandbox and host the computer.

According to Martin, the hacker took advantage of two vulnerabilities. One that had been existing a while and was already being monitored, but was tracked by the attack independently. While second was noted as “very interesting”, as it had only been available a couple of weeks prior to the attack. Indicating a “rapid discovery-to-weaponization cycle on the part of the attacker”.

It was believed that the attacker had spent time hunting out targets that would award high-payoffs before attempting to direct them to the malicious software. Via the cover of the university combined with a strategy that modelled human behaviour, he was able to bypass spam and other security measures which would usually quickly intercept such materials.

Defending the Attack

Luckily though, the Coinbase team were able to intercept the issues early on. They first contained the attack internally via a several pronged response, before reaching out to the Mozilla security team who remedied one of the issues within a day and the second within a week. Before contacting Cambridge university to help them secure their infrastructure and end the attacker’s campaign.

It is believed that the cybercriminal attempted to attack 200 different individuals with this same tactic, who Coinbase also reached out to help assist them in protecting their own systems. Effectively, diverting not only their only crisis but that of other would-be victims too.

“The Cryptocurrency industry has to expect attacks of this sophistication”

While this all unfolded back in mid-June, the full details of the prevented attacked were only revealed yesterday. Reminding us once again of some of the dangers posed to our online funds, but also how efficiently they can be prevented by legitimate security teams.

As Martin wrote, “The cryptocurrency industry has to expect attacks of this sophistication to continue, and by building infrastructure with excellent defensive posture, and working with each other to share information about the attacks we’re seeing, we’ll be able to defend ourselves and our customers, support the crypto-economy, and build the open financial system of the future.”

Recently Similar News

casinoin-promotion etoro-promotion

Latest Guides

Latest News

Asia,Fiat,KuCoin,Simplex

KuCoin Adds 3 New Fiat Support Options

KuCoin has spent the weekend expanding their support options for fiat currencies with the addition of three new ways to buy crypto with credit cards.  The first of these new fiat additions came on Friday when the platform added support for the national currency of Russia, the Russian Ruble (RUB). This was then quickly followed […]

16 February, 2020
Coinbase,Coinbase PRo,Margin Trading,Updates

Coinbase Pro Now Offers Margin Trading

Coinbase has rolled out the latest feature available to the users of their Pro service – margin trading. Margin trading was somewhat of a buzzword last year in the cryptocurrency industry. Various notable platforms began rolling out the feature, while many others had long offered the ability to trade with leverage on their platforms. As […]

16 February, 2020
Binance,Fiat,Stablecoin,Trading

Binance Expand BUSD Trading Pairs on Their Platform

There are now more ways than ever before to trade the Binance stablecoin, BUSD thanks to the listing of the asset on their p2p service which will mean 3 new pairs with major fiats. The BUSD, which is pegged 1:1 with the USD and has been approved by the New York Department of Financial Services (NYDFS), is the second token to come […]

15 February, 2020
AvaTrade,Europe,ForEx,Market Decrease

AvaTrade Raise Concerns for Euro

Following a rough start of the year for the leading fiat currency in Europe, AvaTrade has suggested that the currency could be “falling apart”. The special report released by the trading platform will make interesting reading for any ForEx traders who are looking to get their investment opportunities in order in what has already been […]

14 February, 2020
CFD,Derivative Trading,eToro,FCA

eToro UK Not Concerned about FCA Derivatives Ban

eToro’s U.K. managing director has stated that the planned proposal by the Financial Conduct Authority (FCA) to ban crypto derivatives won’t have a significant impact on the company. The comments made by Iqbal Gandham are in response to news from the UK’s leading financial watchdog’s plans to ban the “sale, marketing and distribution to all […]

13 February, 2020
Binance,BNB,CoinEx,Listings

CoinEx Set to List Binance Native Token, BNB

Binance Coin (BNB), the native token of the exchange platform, Binance, is set to be listed on CoinEx tomorrow and to celebrate there will be a trading event worth 200,000 CET. The BNB token has become a popular asset not only for traders on its parent exchange but also in its own right as a […]

12 February, 2020
Kraken,OTC,Trading,Updates

Kraken to Launch OTC Electronic Dashboard Tomorrow

Kraken has announced details of the latest addition to their service, an OTC Electronic Dashboard, which aims to assist their OTC users with their price quotes. The news comes just a month after we learned of their acquisition of one of the first OTC crypto services in Australia, Bit Trade, after just a month prior […]

12 February, 2020
China,Market Increase,Trading

China’s Market Looks Like It Is Recovering….Or Is It?

China has been showing its first signs of recovery after 2 weeks of uncertainty due to the coronavirus but major platforms are undecided whether the resurgence is on. This is per the latest news from the likes of AvaTrade and eToro who both shared similar sentiments about the market, albeit with different viewpoints going forward. […]

11 February, 2020