Silent Pushs proprietary scanning software maps out the Internets entire IPv4 infrastructure, every day - all 4,294,967,296 addresses - allowing us to provide an up-to-date assessment of risk levels and malicious activity at any given time. The hackers also hit Cloudflare, but didn't succeed. After wed consolidated our results, a pattern started to emerge - all of the above organisations provide some sort of communication service (UCaaS, VOIP, messaging etc.) The phone . For a comprehensive live feed, subscribe to the service. files: 3. Readers will recall that cloud communications firm Twilio disclosed on August 7 2022 that hackers had accessed user data following a sophisticated social engineering attack that saw employees targeted with SMS-phishing ("smishing") text messages.. Attackers sent current Twilio staff and former employees SMS text messages that purported to come from the company's IT department, telling them . Activate Malwarebytes Privacy on Windows device. The attack itself was a phishing attack which sent text messages to current, and former employees posing as Twilio's IT department, suggesting that their password had expired, or that their . and ensure you see relevant ads, by storing cookies on your device. Get Ready for Black Friday: It Is Going to Be HUGE! Twilio described the attack as "well organized" and "methodical." What is Twilio? Avaya Commits to Delivering Environmental, Social, and Governance Progress. Twilio said that the attackers sent these messages to look legitimate, including words such as "Okta" and "SSO," referring to single sign-on, which many companies use to secure access to their internal apps. Dive Brief: The threat actor behind the Aug. 4 phishing attack against Twilio gained access to the phone numbers and text messages containing one-time passwords of multiple Okta customers. If you're cool with that, hit Accept all Cookies. Not all phishing campaigns are after your bank details. On August 4, 2022, Twilio says it became aware of unauthorized access to information related to a limited number of Twilio customer accounts, through the social engineering attack which . Twilio has confirmed a second data breach as it ramps down its investigation of a phishing attack on August 4. Indeed, it was clear in its response to that attack, stating what happened, what they have done, and providing next steps providing a real sense of transparency. Customer data taken. Victims of phishing, some employees gave their login credentials to the platform, thus giving attackers access to customer data. ]id, Reston, VA | +1 (703)-860-6398 | [emailprotected], threat actors gained illicit access to customer information on the Twilio platform, publicly linked to the Russian Federal Security Service. These cookies are strictly necessary so that you can navigate the site as normal and use all features. WhenThe Register asked Signalwhy an attacker would specifically target these three numbers, suggesting maybe they are people of note, the company responded: "To respect the privacy of those specific people, we are not sharing any details about them.". We're told that that breach was part of a larger, coordinated attack against several companies not just Twilio. The device is then considered to be compromised, which provides a foothold for a larger attack (e.g., on a company's network). Nevertheless, they notified affected users this week via SMS and prompted them to re-register Signal on their devices. However,Signal reassured usersthat the attacker could not gain access to "message history, contact lists, profile information, whom they'd blocked, and other personal data" associated with the account. document.getElementById( "ak_js_7" ).setAttribute( "value", ( new Date() ).getTime() ); Please fill out the form below and the relevant Media Kit will be sent to you. Twilio discloses data breach after SMS phishing attack on employees By Sergiu Gatlan August 8, 2022 10:37 AM 0 Cloud communications company Twilio says some of its customers' data was. According to cloud communications operator Twilio, hackers who broke into internal systems after acquiring staff credentials in an SMS phishing assault were able to access some of its customers' data. The firms reportedly coordinated their response and collaborated with carriers to stop the phishing texts and hosting providers to shut down the phone URLs. The Twilio incident resulted from a "spear phishing" attack, a type of social engineering targeting specific peoplein this case, Twilio employees and ex-employees. lotorgas[. August 08, 2022, 01:13 PM EDT A 'sophisticated' SMS phishing attack on Twilio employees allowed hackers to access some customer data. document.getElementById( "ak_js_8" ).setAttribute( "value", ( new Date() ).getTime() ); Please fill out the form below and your selected Media Kit will be sent to you. Posted: August 9, 2022 by Pieter Arntz. Twilio confirmed someone breached its security and accessed "a limited number" of customer accounts after successfully phishing some of its employees. New, The ultimate guide to privacy protection New findings followingthe Twilio phishing attackrevealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. We continue to notify and are working directly with customers who were affected by this incident, said Twilio. Because of what happened to Twilio, the company is pushing more of its users to take advantage ofregistration lockandSignal PINs, which can only be activated manually. The goal of these attacks is to steal sensitive data like credit card and login information or to install malware on the victim's machine. The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts.. We will provide you with daily threats that are targeting your organization. Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack. Approximately 125 Twilio . Communications tool giant Twilio, which provides text and phone services to over 250,000 corporate customers ranging from Facebook to the American Red Cross, suffered a serious breach of its systems after unknown parties bombarded its employees with sham password reset requests via text. Twilio has released an incident report highlighting the details of the second 0ktapus social engineering attack using SMS phishing. As an example sykes-sso[. Here's what to know about the cloud communications. We have not yet identified the specific threat actors at work here, but have liaised with law enforcement in our efforts, said Twilio. The company assured clients that it would never ask for personal information without prompting. The attacks were traced by researchers to a wider campaign by threat actor "0ktapus" which used similar phishing techniques against employees at other organizations including Cloudflare. Social engineering is a numbers game - the more users they can get in front of, the more chance they have of harvesting authentication data. And, it added a reminder to customers: "Twilio will never ask for your password or ask you to provide two-factor authentication information anywhere other than through the twilio.com portal." The company also concluded that the same malicious actors were behind the June incident, in which a Twilio employee was "socially engineered through voice phishing (or "vishing") to provide . We are still early in our investigation, which is ongoing.. Hackers have tricked Twilio employees into sharing their login credentials, placing customer data at risk. "Based on these factors, we have reason to believe the threat actors are well-organized, sophisticated and methodical in their actions. . After infiltrating Twilio's administrative portals, the hacker registered their own devices to obtain temporary tokens. The same IP that contains several subdomains of lotorgas[. Twilio declined to say the number of customers who have been affected or to provide details on what exact data was accessed by the hackers. Organizations need to monitor the larger extended attack surface for infrastructure targeting them and take up-front blocking action on it to prevent attackers finding ways in. . Although Twilio suffered the loss of customer data, the experts said it also took steps to mitigate damage that banks should . As the threat actors were able to access a limited number of accounts data, we have been notifying the affected customers on an individual basis with the details, the Seattle-based company said. A phishing attack has impacted more than 160 Twilio customers, the company discovered early this month. The attack was part of a larger campaign from . A sophisticated SMS phishing attack on Twilio employees allowed hackers to access some customer data. Twilio reported a breach after employees received phishing text messages claiming to be from the company's IT department. With the right security tools and search methodologies in place, threat sources arent particularly difficult to uncover. Hackers have managed to stir up trouble within the Twilio teams. Twilio discovered the compromise on Aug. 4 and began investigating and later . These cookies collect information in aggregate form to help us understand how our websites are being used. All of the text messages originated from US-carrier networks, and Twilio said it worked with the network operators and hosting providers to shut down the malicious accounts. Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing and vishing attacks on two separate occasions. SMS phishing attacks affect Twilio and Cloudflare Aug 10 The communications platform known as Twilio recently disclosed that a sophisticated threat actor gained unauthorized access to private data via an SMS-based phishing campaign. Twilio, a Cloud communication platform as a Service (CPaaS) was attacked by a sophisticated social engineering phishing attack. An attacker gained access to Twilio's customer support console via phishing. 1,900 of its users had their phone numbers and SMS registration codes exposed. To avoid future attacks, Twilio has suggested it will increase security training so employees are on high alert for similar scams. Twilio became aware of unauthorized access to information related to a limited number of customer accounts. It has also revoked access to the compromised accounts. These cookies are used to make advertising messages more relevant to you. Twilio confirmed someone breached its security and accessed "a limited number" of customer accounts after successfully phishing some of its employees. Victims of phishing, some employees gave their login credentials to the platform, thu. Your Consent Options link on the site's footer. For approximately 1,900 users, either 1) their phone numbers were potentially revealed as being registered to a . New, "Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. Twilio revealed last week that it had fallen victim to a phishing attack, allowing an attacker to access customer accounts. Of course, these findings are troubling. Attackers used SMS phishing messages that purported to come from Twilio's IT department . Twilio hit twice by phishing scammers. Once Twilio confirmed the incident, our security team revoked access to the compromised employee accounts to mitigate the attack, said Twilio in a security blog post today. In any phishing attack, supplemental domain analysis is the key to both unlocking the attack vector, and protecting against further intrusions originating from the same IoC. On August 4th, threat actors gained illicit access to customer information on the Twilio platform - a global UCaaS service with nearly 8,000 employees - following an SMS-based social engineering attack that fooled staff into providing login credentials, through a malicious access portal. Then, it advised the employee to log in using a fake web address that the attackers created and controlled. 4 min read. An unknown attacker compromised some credentials belonging to employees of customer-engagement company Twilio through an SMS phishing campaign, and was then able to gain access to some customer data through Twilio's internal systems, the company said Monday. One user of the three numbers already reported that their account was re-registered. "We continue to notify and are working directly with customers who were affected by this incident," the company wrote in an incident report, adding that if you don't hear from Twilio, that means the biz believes your data is safe. The attackers then used the stolen credentials to gain access to some of Twilios internal systems, where they were able to access certain customer data. Yet, burying news of this brief security incident at the bottom of the incident report for another attack seems somewhat murkier. Twilio said since the attack, it has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on "high alert" for social engineering. The infection chains entailed identifying mobile phone numbers of employees, followed by sending rogue SMSes or calling those numbers to trick them into clicking . Twilio said it will post additional updates on Twilios incident report blog if there are any changes or updates. With that said, the attacks are connected, as Twilio reveals that the same actors likely performed both breaches. Senior Content Writer. by Jovi Umawing. Twilio provides messaging, call center and two-factor authentication services, among others, to about 256,000 customers including Lyft, American Red Cross, Salesforce, Twitter and VMware. The company believes around 1,900 of its users are potentially affected by the breach of the communication API firm, with phone numbers and SMS verification codes potentially . We sincerely apologize that this happened, said the company. files: 3. But this incident wasn't alone, Twilio said, but part of a larger campaign. Malwarebytes Premium + Privacy VPN Signal contracts with Twilio for its phone number verification process. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. file size: 50 MB, Max. On Thursday, August 4, API communications provider, Twilio, suffered a data breach after employees succumbed to a. ]com, and identified a subdomain of orderlyfashions[. Last week,Cloudflare revealed a similar phishing tacticthat got Twilio breached also targeted their employees last month. News The attack in question was a smishing attack, which is shorthand for SMS phishing. However, the company has yet to discover who conducted the successful attack. Sign up for our newsletter and learn how to protect your computer from threats. For approximately 1,900 users, either 1) their phone numbers were potentially revealed as being registered to a . document.getElementById( "ak_js_6" ).setAttribute( "value", ( new Date() ).getTime() ); Please fill out the form below and your Endpoints Market Guide will be sent to you. It revealed the attacker managed to get access to Twilio's customer support console via phishing. The news broke out when Twilio notified Signal that it had suffered a phishing attack. . Twillio offers programmable voice, text, conversation, video, and email APIs that are used by over 10 million . Twilio: We Have Not Identified The Specific Threat Actors. "Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source, and are . Accepted file types: jpg, jpeg, png, Max. Since the attack last week, Twilio said it has reemphasized its security training to ensure employees are on high alert for social engineering attacks, and has issued security advisories on the specific tactics being utilized by malicious actors. If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack., [Related: Aviatrix CEO On Post-Broadcom VMware Layoffs And Why On-Prem Market Is The Titanic Going Down]. It was a phishing attack, meaning that Twilio employees were tricked into providing their credentials, rather than the company software itself being hacked. Threat actors impersonated IT department in Twilio's SMS phishing attack The attackers impersonated Twilio's IT department, informing their targets that their passwords had expired or their schedules had changed. We measure how many people read us, Share. The attack against Twilio has been attributed to a hacking group tracked by Group-IB and Okta under the names 0ktapus and Scatter Swine, and is part of a broader campaign against software, telecom, financial, and education companies.. Indeed, hackers gained entry to some of its internal systems, through which they accessed "certain customer data". ]ru - part of the ACTINIUM threat feed. Here's an overview of our use of cookies, similar technologies and Further commenting on the attack, Twilio explained its belief that the threat actors responsible are highly-sophisticated. Daniel Stinson-Diess Sourov Zaman This post is also available in , and Espaol. It is possible that threat actors were using a communal login portal - redirected from multiple domains - the purpose of which is unclear, but possibly as a central administration portal. Nowhere has this been more clearly illustrated than the recent Twilio breach. Endpoint Detection & Response for Servers, Cloudflare revealed a similar phishing tactic, Find the right solution for your business, Our sales team is ready to help. Around the same time in July 2022, Cloudflare saw an attack with very similar characteristics targeting Cloudflare's employees. With the wide adoption of SMS, it wasn't long before smishing, or SMS phishing, became just as widely deployed as its older brother, email. This shows that malicious attacks are . The malicious hackers gained access through a sophisticated social engineering . Aruba, a Hewlett Packard Enterprise Company, AMD & Supermicro Performance Intensive Computing, Aviatrix CEO On Post-Broadcom VMware Layoffs And Why On-Prem Market Is The Titanic Going Down. document.getElementById( "ak_js_9" ).setAttribute( "value", ( new Date() ).getTime() ); document.getElementById( "ak_js_10" ).setAttribute( "value", ( new Date() ).getTime() ); document.getElementById( "ak_js_11" ).setAttribute( "value", ( new Date() ).getTime() ); document.getElementById( "ak_js_12" ).setAttribute( "value", ( new Date() ).getTime() ); document.getElementById( "ak_js_13" ).setAttribute( "value", ( new Date() ).getTime() ); document.getElementById( "ak_js_14" ).setAttribute( "value", ( new Date() ).getTime() ); (JPEG or PNG format, max file size 500KB), Your advert will have a 'get in touch' button - please provide us with a landing page with information of how readers can contact you e.g. The CX vendor suggests that approximately 125 customers have been affected by the attack. #cybersecurity #respectdata Click to Tweet. On Aug. 4, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The newly revealed attack occurred on June 29, 2022, when a Twilio employee fell victim to a voice phishing otherwise known as vishing scam. 2022. Accepted file types: jpg, jpeg, png, Max. Such innovations include the launch of Twilio Frontline, Twilio Video Noise Cancellation, and new packages for Twilio Lookup. Well, sorry, it's the law. 1,900 of its users had their phone numbers and SMS registration codes exposed. Deal? "This broad-based attack against our employee base succeeded in fooling some employees into providing their credentials," it said. We analysed the DNS information of twilio-sso[. 00:18 This phishing campaign against Twilio and Cloudflare employees compromised their two-factor authentication credentials. A "well-organized, sophisticated and methodical" phishing attack. a 'contact us' page, Headshot image of the Author of the advertorial - maximum file size 500KB, dimensions minimum 500x500 pixels - in JPEG format. | Scams, Posted: August 17, 2022 Without these cookies we cannot provide you with the service that you expect. Accepted file types: jpg, jpeg, png, Max. These login credentials were stolen using a phishing kit with the codename 0ktapus.. Join our weekly newsletter for all our top stories, The Webex Contact Center Is Set to Be Certified for Microsoft Teams, Stay on the Cutting Edge with the CX Today Newsletter, Five9 and Zoom Present Answer to Customer Loyalty Woes, Salesforce Launches a New Digital Commerce Solution. The cyber attacker has yet to be identified. Wednesday, November 2 2022 Breaking News. Cloud communications giant Twilio said it was hacked via a phishing attack on its employees with the cyber criminals gaining access to some customers data. He speaks with world-renown CEOs and IT experts as well as covering breaking news and live events while also managing several CRN reporters. With more than 150,000 customersincluding the likes of Facebook, the American Red Cross, Airbnb, Lyft, as well as a slew of IT giants like Dell Technologies and Salesforce San Francisco-based Twilio said it is notifying the affected customers on an individual basis. Investigation into the August Twilio hack was recently concluded, and the company has found that the same attacker was responsible for a #vishing attack that led to a smaller #databreach in June. In a newly reported attack, an employee was socially engineered via voice phishing -- or "vishing" - the company says. A malicious actor accessed the data of a limited number of customers through social engineering. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from . This particular threat actor also created phishing targeting other companies - Accenture, Microsoft, Manpowergroup, Sykes, Telus, TTEC, iQor, and Rogers Communication. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare's employees. Dive Brief: Multiple Twilio employees were duped into providing their credentials to threat actors in a phishing campaign the communications platform described in a Sunday blog post as a "sophisticated social engineering attack." The attackers gained access to some of Twilio's internal systems that contain customer data on Aug. 4. Once wed set about mapping out the threat actors DNS infrastructure, we discovered numerous other websites with the same portal attached to them: Threat actors cast their nets far and wide. These fooled them into logging into a fake web page designed to look like . how to manage them. Please fill out the form below and your Media Kit will be sent to you. Giving more details in an incident report for the already publicized attack, Twilio states: The threat actors access was identified and eradicated within 12 hours. Customers whose information was impacted by the June Incident were notified on July 2, 2022. The company declined to respond to The Register 's inquiries about how many customers' accounts were compromised and the type of data that the crooks stole, though the investigation is ongoing. Since the phishing attack, Twilio has revoked access to the compromised employee accounts and has increased its security training to ensure employees are on "high alert" for social engineering attacks. Firewall Daily September 23, 2022 BlackCat Ransomware Data Exfiltration Tool Upgraded . The control panel could just be a skin to hide their phishing control panel or it may be that they used a vulnerability in the control panel to take over the infrastructure and launch their campaign from there. We reveal some of the IOCs associated with these campaigns below. Twilio encourages customers to contact it directly if they receive a suspicious message claiming to be from Twilio. Illustration by Alex Castro / The Verge Over 130 organizations, including Twilio and.