TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Why the Twilio Breach Cuts So Deep

Staff by Staff
August 26, 2022
in Computer
0
Why the Twilio Breach Cuts So Deep
467
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


The communication company Twilio suffered a breach at the beginning of August that it says impacted 163 of its customer organizations. Out of Twilio’s 270,000 clients, 0.06 percent might seem trivial, but the company’s particular role in the digital ecosystem means that that fractional slice of victims had an outsized value and influence. The secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta are all Twilio customers that were secondary victims of the breach.

Twilio provides application programming interfaces through which companies can automate call and texting services. This could mean a system a barber uses to remind customers about haircuts and have them text back “Confirm” or “Cancel.” But it can also be the platform through which organizations manage their two-factor authentication text messaging systems for sending one-time authentication codes. Though it’s long been known that SMS is an insecure way to receive these codes, it’s definitely better than nothing, and organizations haven’t been able to move away from the practice completely. Even a company like Authy, whose core product is an authentication code-generating app, uses some of Twilio’s services.

The Twilio hacking campaign, by an actor that has been called “0ktapus” and “Scatter Swine,” is significant because it illustrates that phishing attacks can not only provide attackers valuable access into a target network, but they can even kick off supply chain attacks in which access to one company’s systems provides a window into those of their clients.

“I think this will go down as one of the more sophisticated long-form hacks in history,” said one security engineer who asked not to be named because their employer has contracts with Twilio. “It was a patient hack that was super-targeted yet broad. Pwn the multi-factor authentication, pwn the world.”

Attackers compromised Twilio as part of a massive, yet tailored phishing campaign against more than 130 organizations in which attackers sent phishing SMS text messages to employees at the target companies. The texts often claimed to come from a company’s IT department or logistics team and urged recipients to click a link and update their password or log in to review a scheduling change. Twilio says that the malicious URLs contained words like “Twilio,” “Okta,” or “SSO” to make the URL and the malicious landing page it linked to seem more legitimate. Attackers also targeted the internet infrastructure company Cloudflare in their campaign, but the company said at the beginning of August that it wasn’t compromised because of its limits on employee access and use of physical authentication keys for logins. 

“The biggest point here is the fact that SMS was used as the initial attack vector in this campaign instead of email,” says Crane Hassold, director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “We’ve started to see more actors pivoting away from email as initial targeting and as text message alerts become more common within organizations it’s going to make these types of phishing messages more successful. Anecdotally, I get text messages from different companies I do business with all the time now, and that wasn’t the case a year ago.”



Source link

Tags: phishingsecurityvulnerabilities
Previous Post

Reddit’s CEO Loves Blockchain Avatars, but He Isn’t Saying ‘NFT’

Next Post

How To Delete Mylife.com Account With Ease

Next Post

How To Delete Mylife.com Account With Ease

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

One of 5G’s biggest features is a security minefield

One of 5G’s biggest features is a security minefield

August 14, 2022

Is vitiligo a chronic illness?

August 24, 2022

Trending.

How To Delete GameStop Account – A Step By Step Guide

August 23, 2022

How To Create A Pokémon Trainer Club Account

August 23, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

What is a 100000 year period called?

August 23, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com