Coinbase recently has provided some reassurance to their investors that unlike what was apprehended, the attack that exploited a recent Firefox zero-day was targetted to the Coinbase employees and not the customers.
A zero-day is a vulnerability in computer software that can be there without the knowledge of those who provide and use that software for several days or weeks. However, if discovered by hackers, it can provide the perfect opportunity to exploit that weakness for mischief or profit.
Coinbase’s cybersecurity team, led by Philip Martin, discovered the zero-day vulnerability in Mozilla’s Firefox software and reported it immediately to the web browser provider, which then issued a patch to rectify the fault.
However, the zero-day event may have lasted for weeks, according to Google engineer Samuel Gross, who helped develop the patch. He reported on Twitter that he had reported a bug in Firefox to Mozilla in mid-April. While it remains unclear how soon attackers noticed the vulnerability and how extensively the flaw was exploited, Coinbase detected the attack on its staff before the hackers could dig deeper into the back-end network from where they could have stolen funds from the exchange.
Philip Martin explained on Twitter that the security team “walked back” the entire attack and reported the zero-day to Firefox. He added the team was working with other organisations to “continue burning down attacker infrastructure and digging into the attacker involved”.
“We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted… If you believe you have been impacted by this attack or you have more intel to share and want to collaborate with us on a response, please reach out to [email protected]”
A little more context on the Firefox 0-day reports. On Monday, Coinbase detected and blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.
Zero-day attacks are on the increase. A 2018 survey by the Ponemon Institute called the State of Endpoint Security Risk report, said respondents reported that 37% of cyber attacks launched against their companies were zero-day events. This was a 48% increase from 2017.
Meanwhile, 63% of the survey’s respondents said that the frequency of zero-day attacks had increased over the previous 12 months.