In Episode 30 of the Cybersecurity Minute, Chris Hughes discusses the recent phishing attack against Twilio and Cloudflare.
This episode of the Cybersecurity Minute is sponsored by Community Summit North America, the largest independent gathering of the Microsoft Business Applications ecosystem taking place October 10-13 at the Gaylord Palms in Orlando, Florida. With 500+ Dynamics 365 & Power Platform sessions and more than 300 speakers, this event is a must-attend for Microsoft customers. Visit summitna.com for more details.
Highlights
00:18 — This phishing campaign against Twilio and Cloudflare employees compromised their two-factor authentication credentials. Chris says that “it uses phishing techniques to encourage employees to respond to these notifications around password resets.”
00:33 — Despite the initial attacks against Twilio and Cloudflare, more than 130 organizations fell victim to the same phishing scheme — almost all of them SaaS-based organizations.
01:12 — Chris says that the malicious actors involved in these attacks are “starting to see that this identity as a service provider can be a lucrative target due to the downstream impact it can have on other organizations who are using the service.” He says this demonstrates how organizations are at risk when it comes to SaaS security.
02:03 — The recent cybersecurity attacks instill the need for organizations to identify, understand, and begin to create governance around the SaaS they are using. By taking these steps, organizations will be able to implement modern innovations, like SaaS security, into their services
03:18 — Hardware-based tokens, like YubiKey, are resilient ways to mitigate the impact of an attack on an employee’s two-factor authentication.
Want more cybersecurity insights? Visit the Cybersecurity channel:
