Google Authenticator Cloud Sync responsible for $15M Fortress Trust hack! Hacker deep faked an employees voice as well.
1 min read
Snir Kodesh, Retool’s head of engineering, revealed that all hijacked accounts belong to customers in the cryptocurrency industry.
The breach occurred on August 27, after the attackers bypassed multiple security controls using SMS phishing and social engineering to compromise an IT employee’s Okta account.
The attack used a URL impersonating Retool’s internal identity portal and was launched during a previously announced migration of logins to Okta.
While most of the targeted employees ignored the phishing text message, one clicked the embedded phishing link that redirected to a fake login portal with a multi-factor authentication (MFA) form.
After signing in, the attacker deepfaked an employee’s voice and called the targeted IT team member, tricking them into providing an additional MFA code, which allowed the addition of an attacker-controlled device to the targeted employee’s Okta account.
TLDR: DONT ENABLE cloud sync for your MFA/2FA! It’s a horrible idea. A company that labels themselves as a cyber security company got drained because of this.
submitted by /u/Collectibl3
[link] [comments]
