Bitcoin

Retool Attributes Breach That Affected Crypto Users with Google’s Authenticator

2 Mins read


Retool, a prominent software development company, has recently revealed that 27 of its cloud customers fell prey to a targeted SMS-based phishing attack.

The breach has raised concerns about the security of cloud synchronization features, particularly Google Authenticator’s cloud sync.

Retool Falls Prey to Targeted SMS Phishing Attack

The Aug. 27 attack began with a deceptive SMS phishing campaign directed at Retool’s employees. The malicious individuals pretended to be IT team members and urged recipients to click on a seemingly legitimate link to address a payroll-related problem. One employee fell for this trick and ended up on a fake login page with a multi-factor authentication form where their login credentials were stolen.

Once they had acquired the employee’s login details, they went a step further by contacting the person directly. Using advanced deepfake technology, they convincingly imitated the voice of a member of the IT team and tricked the employee into disclosing the multi-factor authentication code.

The situation took a turn due to the employee’s use of Google Authenticator’s cloud synchronization feature, allowing the attackers to gain access to internal administrative systems. Subsequently, they gained control of the accounts belonging to 27 customers within the cryptocurrency industry.

One of the affected clients, Fortress Trust, suffered a substantial loss, with approximately $15 million worth of cryptocurrency stolen as a result of the breach.

US Government Issues Warning Over Deepfake Threat

The use of deepfake technology in this attack has prompted concern within the U.S. government. A recent advisory warned about the potential misuse of audio, video, and text deepfakes for malicious purposes, such as business email compromise (BEC) attacks and cryptocurrency scams.

Although the identity of the hackers remains undisclosed, the tactics employed resemble those of a financially motivated threat actor known as Scattered Spider, or UNC3944, known for its sophisticated phishing techniques.

Mandiant, a cybersecurity firm, shared insights into the attackers’ methods, stating they might have used access to victim environments to enhance their phishing campaigns. This involved creating new phishing domains with internal system names, as observed in some cases.

Kodesh stressed the importance of this incident, emphasizing the risk of syncing one-time codes to the cloud. This compromised the “something the user has” factor in multi-factor authentication. He suggested that users consider using FIDO2-compliant hardware security keys or passkeys to strengthen security against phishing attacks.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.


Source link

Related posts
Bitcoin

More Pain For BTC Incoming? Miners Haven't Capitulated Yet

2 Mins read
There has been increased speculation over a Bitcoin miner capitulation as hash rate increases slow down, operational costs increase, and the asset…
Bitcoin

MAGA Price Prediction: MAGA Soars 17% As This AI Meme Coin Zooms Towards $7 Million In Blockbuster Presale

3 Mins read
Join Our Telegram channel to stay up to date on breaking news coverage The MAGA Price has soared by 17% in the…
Bitcoin

Bitcoin Price Falls Below Short-Term Holders' Realized Price Of $66,200

2 Mins read
Recent on-chain data suggests Bitcoin’s current woes might not yet be over as short-term holders continue to feel the heat. Bitcoin has…

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *