A couple of months ago, cloud communications company Twilio suffered a breach as a result of a smishing campaign. Now, the company is back in the spotlight with another breach and it’s blaming voice phishing for it.
Social engineering is one of the most dangerous methods to trick victims into handing over their information. Unfortunately for Twilio, one of its employees fell for the scam and provided the required credentials in a voice phishing attack.
So, basically, first came smishing then came vishing – Twilio had a lot to deal with in 2022 and we’re here to shed more light on the matter.
Twilio Breached Once More – Just Another Vish in the Sea
As we all know, threat actors have several ways to infiltrate a system. However, using voice phishing requires a lot of skills, and if they have the social engineering capabilities, there’s no telling what they’ll be able to do.
Voice phishing (Vishing) is not an easy technique, but it’s definitely effective as it provides extra legitimacy to the attack. In other words, it gives higher success rates as the attacker would be earning the victims’ full trust.
Twilio suffered a breach a couple of months ago, where cybercriminals sent warnings through SMS informing Twilio employees that their passwords had expired or were scheduled to be changed.
This smishing campaign led to the exposure of a limited amount of both customer and employee data. Now, the same is ongoing but with an elevated voice phishing attack. Here’s what the company announced in an official statement:
“Our investigation also led us to conclude that the same malicious actors likely were responsible for a brief security incident that occurred on June 29, 2022.
In the June incident, a Twilio employee was socially engineered through voice phishing (or “vishing”) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers.”
So, the question is: How many of Twilio’s customers were affected by this attack? Within the statement, there’s a section that reflects the size of the impact.
According to the company, 209 customers – out of a total customer base of over 270,000 – and 93 Authy end users – out of approximately 75 million total users fell victim to this vishing attack.
The attack doesn’t seem to be that big. In fact, aside from the low numbers, the company stated that cyber criminals were not able to access any of the customers’ console account credentials, API keys, or authentication tokens.
So, who’s behind this attack? Twilio figured out who has targeted its systems based on a thorough investigation. Apparently, the threat actors go by the name of Scatter Swine or 0ktapus.
This group has been busy as it targeted at least 130 organizations, including the likes of Cloudflare, MailChimp, and Klaviyo.
The Second Twilio Breach – A Malicious 2022
Twilio has had a very bad 2022 as threat actors seem to be determined to steal its customer and employee data. Although it wasn’t much, they were still successful.
Smishing and vishing are two of the most dangerous types of attacks when it comes to cybercrime. It takes a lot of skill, but it also provides a lot of benefits.