Security News > 2023 > September > Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack.
The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "Dark pattern."
"The fact that Google Authenticator syncs to the cloud is a novel attack vector," Snir Kodesh, Retool's head of engineering, said.
It all started with an SMS phishing attack aimed at its employees, in which the threat actors masqueraded as a member of the IT team and instructed the recipients to click on a seemingly legitimate link to address a payroll-related issue.
The sophisticated attack shows that syncing one-time codes to the cloud can break the "Something the user has" factor, necessitating that users rely on FIDO2-compliant hardware security keys or passkeys to defeat phishing attacks.
"Based on analysis of suspected UNC3944 phishing domains, it is plausible that the threat actors have, in some cases, used access to victim environments to obtain information about internal systems and leveraged that information to facilitate more tailored phishing campaigns," Mandiant disclosed last week.
News URL
https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)