Twilio Falls Victim To Phishing Attack

Stephanie Adlam — Mon, 08 Aug 2022 17:12:16 +0000

Twilio, a tech giant from San Francisco, became a victim of a phishing scam, resulting in the exposure of consumers’ data. The exact incident took place on August 4 and is likely conducted through the use of SMS phishing.

Twilio Data Breach

Twilio, the provider of voice and SMS notification services for various purposes, turned out to be hacked on Thursday, August 4. The incident was uncovered four days later, on August 8th. As the company serves over 150,000 companies, it is pretty clear that “some customers” they mention in their official note as exposed are much more than a dozen. According to the company’s statements, it stores the data about physical and IP addresses, payment details, proof of identity and email addresses. Not very pleasant, but not critical either.

Twilio discloses a breach. Via @CarlyPage_ https://t.co/bJxCLp5n8G

— Brett Callow (@BrettCallow) August 8, 2022

The way hackers broke into Twilio is a timeless classic – the SMS spam messages. They reportedly mimic the Okta secure access notification. The latter serves a lot of companies as secure single-sign-on services provider. It is funny that Okta itself was struck by a similar phishing scam earlier this year. In the case of Twilio, several employees received a message that offered them to log in again as their past token has expired. The link in the message was spoofed and led to the site controlled by crooks, although it looked like a legit page.

Okta’s SSO form, that crooks successfully managed to counterfeit

Phishing attacks keep going

Corporate-scale phishing attacks happen pretty frequently these days, but no one expected that it would touch tech giants so often. Okta, Twilio – these names are ranked at the top of both the tech community and stock market. And users are usually pretty susceptible to the cases when the company loses their data, either individuals or other corporations. Threat actors who commence these attacks act very organised and consistent in their actions. This characteristic is typical for ransomware gangs, but not for phishing actors.

Any corporation, regardless if it was attacked or not, should work out a response to this kind of threat. That could be the instruction for employees about how to recognise the scam messages, as well as advanced restrictions on data access. Overall, the preventive measures are in priority, as they do not give the crooks a chance. The situation with such famous companies shows that the overall cybersecurity awareness remains at an unacceptable level. Such phishing attacks may lead not only to data breaches but also to ransomware attacks and APT deployment. And in case of the latter, it will be much harder to detect the case.

The post Twilio Falls Victim To Phishing Attack appeared first on Gridinsoft Blog.

Top Types of Spoofing Attacks

Stephanie Adlam — Thu, 09 Jun 2022 13:19:12 +0000

Spoofing ¹ is a kind of cybercrime in which attackers impersonate a trusted source, such as a trusted contact, to gain access to confidential information or steal data, whether personal or professional. In addition to threatening your data privacy, Spoofing attacks can damage the brand’s reputation or the person the attackers are impersonating, sometimes making it difficult to regain their former prominence.

For attacks to be successful, hackers can spoof many things: an IP address, a web page, a phone number, a login form, a GPS location, an email address, a text message, and even a face. Some of these actions rely on human error, while others rely on the use of hardware or software flaws. Of all the scenarios that fit the form of a spoofing attack, the following are the most common these days.

ARP Spoofing

This is a reasonably common man-in-the-middle attack technique. The cybercriminal fills the local network with forged Address Resolution Protocol (ARP) packets, thus disrupting the normal traffic routing process. This intervention aims to map an adversary’s MAC address to the IP address of the target LAN’s default gateway. As a result, all traffic is redirected to the attacker’s computer before reaching its destination. In addition, the attacker can change the data before forwarding it to the actual recipient or interrupt all network communications. ARP spoofing can also serve as a launching pad for DDoS ² attacks.

MAC Spoofing

In theory, every network adapter inside a connected device should have its own unique Media Access Control (MAC) address that cannot be found anywhere else. In practice, however, a clever hacker can change this. Using the shortcomings of some hardware drivers, an attacker can modify or spoof the MAC address. Thus, he masquerades as the device registered in the target network to bypass traditional access limiting mechanisms. In this way, he can impersonate a trusted user and perpetrate fraud such as business email compromise (BEC), data theft, or placement of malware in a digital environment.

IP Spoofing

In this case, the attacker sends Internet Protocol packets with a falsified source address. In this way, he hides the real online identity of the sender of the packet and thus pretends to be another computer. Also, IP spoofing³ is often used to launch DDoS attacks. It is difficult for the digital infrastructure to filter such fraudulent packets, given that each one comes from a different address, which allows the scammers to simulate legitimate traffic convincingly. In addition, this method allows bypassing authentication systems that use a device’s IP address as an important identifier.

DNS Cache Poisoning (DNS Spoofing)

The Domain Name System (DNS) is a kind of telephone book for the Internet. It turns familiar domain names into IP addresses that browsers understand and use to load web pages. Attackers can distort this mapping technology using the known weaknesses of DNS server caching. As a result, the victim risks navigating to a malicious copy of the intended domain. This is a good basis for phishing attacks that look very plausible.

Email Spoofing

Basic email protocols are pretty vulnerable and can provide an attacker with some opportunities to distort specific attributes of a message. One common vector of this attack is to change the header of an email. As a result, the sender’s address (displayed in the “From” field) appears to be real when in fact, it is not. A hacker can take advantage of this mismatch and impersonate a trusted person, such as a senior executive, colleague, or contractor. Often the BEC mentioned above scams rely on this exploitation, resorting to the use of social engineering and manipulation so that the victim, without thinking, allows a fraudulent bank transfer to take place. The purpose of email spoofing is precisely to deceive the user, not to be declassified.

Website Spoofing

A scammer may try to trick a victim into going to an “exact copy” of the website they usually use. Unfortunately, hackers are getting better and better at mimicking the layout, branding, and login forms. And in combination with the DNS mentioned above spoofing technique, it will be tough to find the trick. Still, website spoofing is not a perfect scheme. For maximum effect, you should send a phishing email to the victim, which will prompt the recipient to click on the malicious link. Usually, criminals use such a scheme to steal authentication data or spread malware which then gives them a backdoor into the corporate network. Also, URL spoofing can lead to identity theft.

Caller ID Spoofing

This is a rather old scheme, but it is still sometimes used today. In this scheme, the attacker uses loopholes in the functioning of telecommunications equipment, thereby fabricating data about the caller, which the victim sees on his phone screen. In addition to pranks, the attacker can use such techniques to forge the caller ID by posing as someone the victim knows or as a representative of a company with which the victim cooperates. Sometimes to increase the chances that the victim will answer the call, the information displayed on the smartphone display will include a well-known brand logo and physical address. This type of spoofing attack aims to get the victim to reveal personal information or pay non-existent bills.

Text Message Spoofing

Unlike the previous method, this one is not always used for fraudulent purposes. Today, this method is used by companies to interact with their customers. It replaces the traditional phone number with an alphanumeric string (for example, the company name) and sends text messages. Unfortunately, scammers can also use this technology as a weapon. One variation on the text-message spoofing scam involves the scammer substituting the SMS sender’s identifier for a brand name the recipient trusts. This impersonation scheme can be the basis for targeted phishing, identity theft, and the increasing frequency of gift card scams targeting organizations.

File Extension Spoofing

Any Windows user knows that the system hides file extensions by default. On the one hand, this improves the user experience, but on the other hand, it can also help crooks to spread malware. A double extension is used to disguise a malicious binary file as a safe object. For example, an entry called Resume.docx.exe will appear on the system as a standard Word document while being an executable file. Fortunately, any standard security solution will recognize the file and warn the user each time they try to open it.

From Latest News:Extension spoofing strikes Spanish-speaking countries.

GPS Spoofing

Today, users increasingly rely on geolocation services to avoid traffic jams or get to their destination. Unfortunately, cybercriminals may trick a target device’s GPS receiver into preventing it from working correctly. National states can use GPS spoofing to avoid gathering intelligence and sometimes even sabotage other countries’ military installations. But businesses can also use it to their advantage. For example, a competitor can interfere with the navigator in the car of a CEO who is rushing to an important meeting with a potential business partner. As a result, the victim will make a wrong turn, get stuck in traffic, and be late for the meeting. This could interfere with a future deal.

Facial Spoofing

Facial recognition is now the basis of numerous authentication systems and is rapidly expanding. In addition to unlocking gadgets, the face could become a critical authentication factor for future tasks such as signing documents or approving wire transfers. Cybercriminals are bound to look for and exploit weaknesses in the Face ID implementation chain. Unfortunately, it’s pretty easy to do so now. For example, security analysts have demonstrated a way to fool the Windows 10 Hello facial recognition feature with an altered, printed user photo. Fraudsters with enough resources and time can detect and exploit such imperfections.

How to Detect Spoofing?

Here are the main signs that you are being spoofed. If you encounter any of these, click “Close”, click the “Back” button, and close the browser.

There is no padlock symbol or green bar next to the address bar. All secure authoritative websites must have an SSL certificate. The third-party CA has verified that the web address belonging to the entity is verified. But it is worth noting that SSL certificates are now free and easy to obtain. So even though there may be a padlock on the site, it does not guarantee that it is the real deal. Just remember, nothing on the Internet is 100 percent safe.
The site does not use file encryption. HTTP, aka Hypertext Transfer Protocol, is long obsolete. Legitimate websites always use HTTPS, an encrypted version of HTTP, when transmitting data back and forth. If you are on a login page and see “HTTP” instead of “HTTPS” in your browser’s address bar, think carefully before you type anything.
Use a password manager. It will automatically fill in your login and password log to any legitimate website that you save in your password vault. But in case you go to a phishing site, your password manager will not recognize the site and will not fill in the username and password fields for you – a clear sign that you are being spoofed.

How to Minimize the Risks of Spoofing Attacks?

The following tips will help you to minimize the risk of becoming a victim of a spoofing attack:

Turn on your spam filter. This will protect your mailbox from most fake newsletters.
Do not click on links or open email attachments if they come from an unknown sender. If there is a chance that the email is legitimate, contact the sender through another channel to verify that it is legitimate.
Log in via a separate tab or window. For example, if you receive an email or message with a link asking you to do something, such as log in to your account or verify your information, do not click the link provided. Instead, open another tab or window and go directly to the site. You can also sign in through the app on your phone or tablet.
Call back. If you receive a suspicious email, presumably from someone you know, call or write to the sender to be sure they sent the email. This is especially true if the sender makes an unusual request: “Hi, this is your boss. Can you buy ten iTunes gift cards and email them to me? Thank you.”
Show file extensions in Windows. You can change this by clicking the “View” tab in Explorer, then checking the box to show file extensions. This will in no way prevent crooks from spoofing file extensions, but you will be able to see the spoofed extensions and not open those malicious files.
Use a good antivirus program. For example, suppose you click on a dangerous link or attachment. In that case, a good antivirus program can warn you about the threat, stop the download, and prevent malware from entering your system or network. The most important rule is to remain vigilant. Always watch where you’re going, what you’re clicking on, and what you’re typing.

The post Top Types of Spoofing Attacks appeared first on Gridinsoft Blog.

Spoofing Attack Archives – Gridinsoft Blog