Twillio Phishing Attack Hits Cloudflare Employees

Cloudflare yesterday disclosed that at least 76 employees and their family members have been targeted by the Twilio phishing attack. The recipients received texts on personal and work phones, originating from four numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful. The messages pointed to a seemingly legitimate domain containing keywords including ‘Cloudflare’ and ‘Okta’ in a campaign designed to get employees to hand over their credentials. 

Sidebar: If you need some advice about how to not be a victim of a phishing scam, Microsoft has some good advice.

Mark Bower, VP of Product Management of Anjuna Security had this comment:

     “Turning trusted employees into oblivious insiders is the perfect vector to bypass traditional controls and we can expect many more attacks of this nature. They are cheap, and effective. Once inside with high levels of privilege, coordinated attackers can launch mayhem and theft – manipulating data, stealing even highly sensitive data like keys from running applications. The most effective defense is to force attackers into attempting to break modern CPU-level hardware controls around sensitive data in the cloud, massively delaying impact and keeping blast radius to the absolute minimum, ultimately frustrating attackers who will move on to unprotected lower hanging fruit.”

I will also add that companies really need to step up the training of their employees as well as running phishing simulators to ensure that their employees aren’t unwitting participants in threat actors trying to gain access to a company’s resources.

Leave a Reply