On July 20, 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. Text messages to employees were disguised as official-looking communications, including “cloudflare” and “okta” in the hacker-controlled domain. The fake login page was designed to steal credentials and even perform time-based one-time passwords (TOTP) to try to unlock internal company access.
While a few employees did enter their credentials, Cloudflare’s network was not compromised, thanks largely to the hardware-based security keys issued to all employees for MFA. With our Zero Trust platform in place, Cloudflare was able to move from initial attack identification through full mitigation quickly and effectively.
Join this on-demand webinar where we’ll walk through the entire chain of events in detail and discuss:
- Why not all MFA is treated equal and strengthened FIDO U2F / FIDO2 implementations like security keys can thwart phishing attacks
- How a ZTNA service like Cloudflare Access simplifies the rollout of strong authentication across all types of resources, even legacy apps
- Where Cloudflare’s Zero Trust platform played a role in mitigating this and similar attacks, from blocking the new domain to logging all authentications and killing active, compromised sessions
- How a “paranoid but blame-free” culture is critical for security and helps businesses move quickly during critical incidents.
Provided by Cloudflare
