Retool Cloud Customers Fall Victim to Targeted SMS Phishing Attack
Retool, a trending software development company, has recently disclosed that 27 of its cloud customers have been targeted in a phishing attack conducted through SMS messages.
The Attack Details
The attack took place on August 27 and began with a deceptive SMS phishing campaign directed at Retool’s employees. The attackers posed as members of the IT team and sent messages urging recipients to click on a seemingly legitimate link to address a payroll-related issue. One employee fell for the trick and ended up on a fake login page where their credentials were stolen.
After obtaining the login details, the attackers went further by contacting the employee directly and using deepfake technology to convincingly imitate the voice of an IT team member. They tricked the employee into disclosing the multi-factor authentication code.
Due to the use of Google Authenticator’s cloud synchronization feature by the employee, the attackers gained access to internal administrative systems. As a result, they took control of accounts belonging to 27 customers in the digital currency industry.
Concerns Over Deepfake Technology
The use of deepfake technology in this attack has raised concerns within the United States Government. A recent advisory highlighted the capacity misuse of audio, video, and text deepfakes for malicious objectives, including business email compromise (BEC) attacks and digital currency scams.
Despite the fact that the identity of the hackers remains unknown, their strategies resemble those used by Scattered Spider (or UNC3944), a financially motivated threat actor known for sophisticated phishing techniques.
Cybersecurity Recommendations
Mandiant, a cybersecurity firm, shared insights into the attackers’ methods, suggesting that they may have used access to victim environments to strengthen their phishing campaigns. They created new phishing domains with internal system names, as observed in some cases.
It is crucial to note the risk associated with syncing one-time codes to the cloud. This compromises the “something the user has” factor in multi-factor authentication. To strengthen security against phishing attacks, it is recommended that users consider using FIDO2-compliant hardware security keys or passkeys.
Hot Take: Phishing Attack Highlights the Dangers of SMS-Based Attacks
The recent phishing attack targeting Retool’s cloud customers serves as a reminder of the dangers posed by SMS-based attacks and the capacity misuse of deepfake technology. It emphasizes the need for individuals and organizations to remain vigilant against such threats and take proactive measures to strengthen their cybersecurity defenses. By adopting stronger authentication methods, such as hardware security keys, users can better protect themselves from sliding victim to phishing attempts and prevent unauthorized access to their sensitive information.
Owen Patter is a distinguished crypto analyst, accomplished researcher, and skilled editor, leaving a notable imprint on the cryptocurrency landscape. As a proficient crypto analyst and researcher, Owen delves into the intricate realms of digital assets, offering insights that resonate with a diverse audience. His analytical acuity is harmoniously paired with adept editorial skills, allowing him to transform complex crypto information into easily comprehensible content.
