Exposing the Fragile World of Technology

Considering how flawed we are from an overall standpoint, human beings have tried, every once in a while, to run away from their imperfections. No, while not all of our attempts were wholly successful, some did deliver positive results, with technology really appearing as the biggest yield of all. The reason why technology gets to stay above the rest here is inspired by the creation’s unprecedented skill-set that wasted no time in making us smarter than ever before. This ushered us towards some incredible possibilities, but like us, technology notably came with its own set of flaws. These flaws will show up in various different forms, and yet their biggest representation will only arrive once we recognize the risk of cybersecurity. You see, alongside making us significantly smarter, technology’s expansive nature also turned us into our most vulnerable selves. Such a dynamic, unsurprisingly enough, set the perfect stage for certain bad actors to exploit others, and consequentially, fulfil their own ulterior motives. In fact, the risk in play here will only get bigger over time, and a recent phishing campaign does a lot to prove the same.

According to report from the cybersecurity outfit Group-IB, more than a 130 organizations, including Twilio, DoorDash, Cloudflare, and more, have been sensationally compromised in what is being deemed as a month-long phishing campaign. Going by the available details, the attack saw over a whopping 10,000 people getting their login credentials stolen, but mind you, the tactics used to orchestrate the entire runner were pretty basic. In a nutshell, the hackers imitated as the popular single sign-on service, Okta, and sent a text to all the target employees that redirected them to a phishing website. Here, they were asked to fill in their username, password, and a two-factor authentication code. As soon as these targets entered all the relevant details, it was passed on to the hackers for them to gain an unauthorized access into the stated employees’ accounts.

“The analysis of the phishing kit revealed that it was poorly configured and the way it had been developed provided an ability to extract stolen credentials for further analysis,” said Roberto Martinez, a senior threat intelligence analyst at Group-IB.

Poorly configured or not, the campaign still managed to impact an estimated 169 domains. However, what was really the motivating factor behind the attack? While the wider goal remains unknown, one of the objectives is understood to revolve around the financial aspect.

“Seeing financial companies in the compromised list gives us the idea that the attackers were also trying to steal money. Furthermore, some of the targeted companies provide access to crypto assets and markets, whereas others develop investment tools,” the researchers at Group-IB said.

As hard as it looks to top such an enormous attack, the frequency and scale of these attacks isn’t expected to dwindle down anytime soon. With phishing attacks going up by 29% in 2021 compared to the previous year, the latest one gives us every reason to believe that the trend will continue, at least for the foreseeable future.

Share

Related

Combating Risk on the Wheels

We, as individuals, love nothing more than perfection, In...

Digits Raises $65 Million in Series C; Plans to Take Living Model into Mainstream Accounting

If given an adequate amount of time, human beings...

Consolidating the Fintech Momentum

Human beings are known to be good at many...

Technology outlook in the Healthcare industry for 2021

To say that 2020 was a strange year is...

What technologies should insurers bet on in 2021?

This is not a usual time - and, as...

The Timeless Pursuit

The ambition of a man knows no limits. Just...

Linking up to Create an Electrified Experience

Human beings might standout on the back many different...

Reimagining the Way You Play

There are, as we know, many different things that...

Running the Big Tech Race

The human arsenal might be expansive beyond all known...

Latest

No posts to display

No posts to display