HomeTechnologyWhy the Twilio Breach Cuts So Deep

Why the Twilio Breach Cuts So Deep


master mentalism tricks

The communication company Twilio suffered a breach at the beginning of August that it says impacted 163 of its customer organizations. Out of Twilio’s 270,000 clients, 0.06 percent might seem trivial, but the company’s particular role in the digital ecosystem means that the fractional slice of victims had an outsize value and influence. The secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta are all Twilio customers that were secondary victims of the breach.

Content

This content can also be viewed on the site it originates from.

Twilio provides application programming interfaces through which companies can automate call and texting services. This could mean a system a barber uses to remind customers about haircuts and have them text back “Confirm” or “Cancel.” But it can also be the platform through which organizations manage their two-factor authentication text messaging systems for sending one-time authentication codes. Though it’s long been known that SMS is an insecure way to receive these codes, it’s definitely better than nothing, and organizations haven’t been able to move away from the practice completely. Even a company like Authy, whose core product is an authentication code-generating app, uses some of Twilio’s services.

The Twilio hacking campaign, conducted by an actor that has been called “0ktapus” and “Scatter Swine,” is significant because it illustrates that phishing attacks can not only provide attackers valuable access to a target network, but even kick off supply chain attacks, in which access to one company’s systems provides a window into those of their clients.

“I think this will go down as one of the more sophisticated long-form hacks in history,” said one security engineer who asked not to be named because their employer has contracts with Twilio. “It was a patient hack that was super-targeted yet broad. Pwn the multi-factor authentication, pwn the world.”

Attackers compromised Twilio as part of a massive yet tailored phishing campaign against more than 130 organizations in which attackers sent phishing SMS text messages to employees at the target companies. The texts often claimed to come from a company’s IT department or logistics team and urged recipients to click a link and update their password or log in to review a scheduling change. Twilio says that the malicious URLs contained words like “Twilio,” “Okta,” or “SSO” to make the URL and the malicious landing page it linked to seem more legitimate. Attackers also targeted the internet infrastructure company Cloudflare in their campaign, but the company said at the beginning of August that it wasn’t compromised because of its limits on employee access and use of physical authentication keys for logins. 

“The biggest point here is the fact that SMS was used as the initial attack vector in this campaign instead of email,” says Crane Hassold, director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “We’ve started to see more actors pivoting away from email as initial targeting, and as text message alerts become more common within organizations it’s going to make these types of phishing messages more successful. Anecdotally, I get text messages from different companies I do business with all the time now, and that wasn’t the case a year ago.”

Read The Full Article Here


trick photography
Advertisingfutmillion

Popular posts

Hollywood Spotlight: Director Jon Frenkel Garcia
The Dutchman Cast: André Holland, Zazie Beetz & More Join
The Creator Reactions: Gareth Edwards’ Latest Is One of 2023’s
Company Paid Critics For Rotten Tomatoes Reviews
‘Interview With the Vampire’: Meet the Real Armand With Assad
The Rookie Season 6 Episode 4 Review: Training Day
‘Better Off Ted’ Turns 15: Where’s the Cast Now?
‘Fraggle Rock: Back to the Rock’ Season 2 Heading to
Bill McBirnie’s Reflections (For Paul Horn) 
“Be Big” by Stephanie Bettman
“Ride On” by Roots Asylum
Touch the Buffalo’s “Bodhicitta”
9 Boob Tapes That Work For All Busts, Shapes, and
Here’s Why Apple Cider Vinegar Is the Ingredient Your Hair
I Travel a Lot for Work—These Are the Useful Items
The Best Street Style Looks From the Fall 2023 Couture
Interview with B.R. Louis, Author of Space Holes: First Transmission
Books & Looks Podcast: Inside the Blaze: The Untold Story
No Preview
The Heaven & Earth Grocery Store: Recap & Summary
Latest in Mystery Series Follows P
Machine learning method speeds up discovery of green energy materials
New archive of ancient human brains challenges misconceptions of soft
Advances and applications of nanoparticles in cancer therapy
Mars’s gravitational pull may be strong enough to stir Earth’s
Killing TikTok
Comedy or Tragedy?
BYD Atto 3 Electric SUV With Blade Battery Technology Launched
Bitcoin Falls to $19,000 in Anticipation of Tighter Fed Policy