Twilio Suffers a Data Breach After Employees Tricked by SMS Phishing Attack
Read also: the US sanctions the Tornado Cash crypto mixer, 7-Eleven shuts down all stores in Denmark due to a ransomware attack, and more.
Twilio, Cloudflare employees targeted with smishing attacks
Twilio, a company behind eponymous cloud communications platform, revealed it suffered a data breach after some of its employees have been tricked into sharing their login credentials by a social engineering scheme.
The smishing campaign involved legitimate-looking SMS messages ostensibly sent to the employees by Twilio’s IT department that asked them to log in to a URL provided in the message because their passwords have expired or their schedules have changed. The attackers then used stolen credentials to break into Twilio’s internal systems and access certain customer data. According to the company, the attack affected only “a limited number” of customer accounts.
Just a day after Twilio shared details on the incident, the Internet infrastructure provider Cloudflare said it had faced a similar attack. As per the company, more than 100 of its employees and their family members were targeted by an SMS phishing attack, which attempted to trick the recipients into providing their credentials. Cloudflare said that while three of its employees fell victim to the attack, the company managed to disrupt the intrusion and that no Cloudflare systems were compromised.
US slaps sanctions on Tornado Cash crypto-mixing service allegedly used by North Korean hackers
The US Treasury has imposed sanctions on a popular virtual currency “mixer” Tornado Cash for its alleged role in money laundering schemes.
The US authorities allege that since 2019 the service had helped to launder over $7 billion worth of cryptocurrency, including $455 million illegally obtained by the North Korea-linked state-backed threat actor Lazarus Group during their cyber heists. In March, the FBI named Lazarus the culprit behind the $620 million Sky Mavis’ Ronin theft.
The US Treasury also said that Tornado Cash was involved in laundering of more than $96 million of cyber thieves’ funds stolen from the Harmony Bridge platform in June, and at least $7.8 million from the recent Nomad hack.
Microsoft patches over 100 security vulnerabilities, including zero-day exploited in the wild
Microsoft has released its August batch of security updates to address more than a hundred security issues in the Windows operating system and related software products, including a zero-day vulnerability, which is already being exploited by hackers.
Informally known as DogWalk, the vulnerability (CVE-2022-34713) is a buffer overflow issue in Windows Support Diagnostic Tool (MSDT), which allows a remote attacker to execute arbitrary code on the vulnerable system by tricking the victim into opening a malicious file. This is a second MSDT flaw after the infamous Follina bug (CVE-2022-30190), which has been observed being exploited in cyber-attacks within the past three months.
It’s worth mentioning that the DogWalk bug was first reported to Microsoft back in 2019, but at the time the tech giant didn’t consider it a security issue.
A ransomware attack knocks down 7-Eleven stores in Denmark
Convenience store chain, 7-Eleven, has been forced to close all of its 176 stores in Denmark due to a ransomware attack that disrupted outlets’ payment and checkout systems across the country.
Initially, the company described the incident, which took place on August 8, as a “suspected hacker attack,” but later has confirmed that it was a ransomware attack, in which threat actors breached and encrypted its systems. However, 7-Eleven did not share any details about the scope of the attack or the damage the intrusion caused, or what ransomware operation was behind it.As of Thursday, nearly all of 7-Eleven’s 176 Denmark stores are back up and running.
Experts observe a minor decline in ransomware attacks on industrial orgs after Conti shutdown
The number of ransomware attacks on industrial organizations slightly dropped from 158 observed in the Q1 of 2022 to 125 in the second quarter, which, in part, may be attributed to the shutdown of the Conti ransomware operation in mid-May 2022. Conti previously accounted for around 25% of the total ransomware incidents targeting industrial organizations and infrastructures in the last two quarters.
However, despite a slight decline, significant damage from ransomware attacks remained persistent, the experts noted. According to the report, 36% of ransomware attacks target industrial organizations and infrastructures in Europe, followed by North America (29%), Asia (26%), South America (5%), the Middle East (3%), and Africa (1%).
As for the most prolific ransomware groups, Lockbit 2.0 is continuing to dominate the threat landscape accounting for 33% of the total ransomware attacks observed in Q2, followed by Black Basta (12%), Quantum (7%), AlphaV and Hive (4% each).
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter