[ad_1]
In early August the communications company Twilio suffered a violation which, the company reports, affected 163 organizations, 0.06 percent of its 270,000 total customers. While it may seem like a small percentage, due to the company’s particular role in the digital ecosystem, the victims of the attack are of great importance. The secure messaging app Signalthe Authy two-factor authentication platform and the authentication company Okta are among Twilio’s customers indirectly affected by the breach.
Twilio provides application programming interfaces (APIs) through which companies can automate call and sms services. It is, for example, the system that a hairdresser could use to remind their clients of the appointment for a haircut and have them respond with a message to confirm or cancel it; organizations can also rely on the platform to manage the sending of codes for two-factor authentication via messaging. Although he has long been known that the sms are not an insecure way to receive these codes, the companies have not yet completely abandoned the practice. Even a company like Authy, whose main product is an authentication code generation app, uses some Twilio services.
The attack
Twilio’s breach by an actor who has been renamed “0ktapus” or “Scatter Swine” is significant because it demonstrates that in addition to providing attackers with valuable access to a target network, phishing actions can even initiate supply chain attackswhere access to a company’s systems also exposes those of its customers.
“I think this will go down in history as one of the most sophisticated protracted attacks ever made – said a security engineer who asked to remain anonymous since the company he works for has contracts with Twilio -. It was a patient attack, extremely targeted and at the same time extensive. Being in control of multi-factor authentication means being in control of the world“.
Attackers hacked Twilio as part of aextensive and personalized phishing campaign that targeted more than 130 organizations. Attackers sent phishing sms to employees of target companies, often posing as personnel from a company’s IT department or logistics team and inviting recipients to click a link to update their password or log in to their own. account to review a change. Twilio reports that malicious urls contained words like “Twilio“,”Okta” or “Sso“(that is to say “single sign-on”) To deceive users. The cybercriminals also tried to hack Internet infrastructure company Cloudflare, but in early August it declared that it has not been compromised thanks to the restrictions on access imposed on employees and the use of physical authentication keys for logins.
New frontier of cyberattacks
“The most relevant aspect is that in this campaign sms as an initial attack vector instead of emails – explains Crane Hassold, director of threat intelligence at Abnormal Security and former digital behavior analyst for the FBI -. We started seeing more actors abandoning email as an initial target; as text alerts become more common within organizations, phishing messages of this type will be more successful. Today I am constantly receiving text messages from the different companies I work with, whereas a year ago it was not like that“.
.
[ad_2]
Source link
