Twilio employees aren’t the only individuals recently targeted by a sophisticated phishing attack.
Cloudflare on Tuesday 9th August said three employees fell for a phishing attack with very similar characteristics but, unlike Twilio, the content delivery network was able to thwart intrusion.
“This was a sophisticated attack targeting employees and systems in such a way that we believe most organizations would likely be breached,” Cloudflare CEO Matthew Prince wrote in a blog post authored alongside engineers Daniel Stinson-Diess and Sourov Zaman.
Cloudflare employees began receiving phishing text messages pointing to a spoofed Cloudflare Okta login page more than two weeks before Twilio employees were targeted with similar messages. At least 76 Cloudflare employees received text messages on their personal and work phones in less than a minute, the company said.
Some employees’ family members were targeted as well.
Cloudflare said it found no sign of compromise when it reviewed access logs to its employee directory, a detail that further illustrates a heightened level of advanced tactics and determination mobilized by the threat actors behind this attack.
All phishing text messages originated from four phone numbers issued by T-Mobile, and directed employees to a domain registered at Porkbun less than 40 minutes before the campaign began, Cloudflare said.
Attacks on third-party vendors such as Twilio and Cloudflare produce inherently greater risks because a breach could potentially compromise customer data, multiple analysts told Cybersecurity Dive.
The downstream impact of an attack, such as the one that occurred at Twilio, depends on what was compromised and when, Allie Mellen, senior analyst at Forrester, said via email.
Organizations, users and customers can all be at risk when employees unsuspectingly provide credentials to threat actors, granting access to internal systems and data.
The compromise of Twilio’s two-factor authentication adds another worrying wrinkle to that mix.
“Twilio’s actions can serve as an impetus for other organizations to proactively strengthen their two-factor authentication security safeguards and policies, as well as consider multi-factor authentication alternatives,” said Ron Westfall, senior analyst and research director at Futurum Research.
Source: CyberSecurityDive Reporter: Matt Kapko