Google’s Authenticator Used to Address Breach Impacting Crypto Users

Google’s Authenticator Used to Address Breach Impacting Crypto Users

Retool Cloud Customers Fall Victim to Targeted SMS Phishing Attack

Retool, a well-known software development company, has recently disclosed that 27 of its cloud customers have been targeted in a phishing attack conducted through SMS messages.

The Attack Details

The attack occurred on August 27 and began with a deceptive SMS phishing campaign directed at Retool’s employees. The attackers posed as members of the IT team and sent messages urging recipients to click on a seemingly legitimate link to address a payroll-related issue. One employee fell for the trick and ended up on a fake login page where their credentials were stolen.

After obtaining the login details, the attackers went further by contacting the employee directly and using deepfake technology to convincingly imitate the voice of an IT team member. They tricked the employee into disclosing the multi-factor authentication code.

Due to the use of Google Authenticator’s cloud synchronization feature by the employee, the attackers gained access to internal administrative systems. As a result, they took control of accounts belonging to 27 customers in the cryptocurrency industry.

Concerns Over Deepfake Technology

The use of deepfake technology in this attack has raised concerns within the US government. A recent advisory highlighted the potential misuse of audio, video, and text deepfakes for malicious purposes, including business email compromise (BEC) attacks and cryptocurrency scams.

Although the identity of the hackers remains unknown, their tactics resemble those used by Scattered Spider (or UNC3944), a financially motivated threat actor known for sophisticated phishing techniques.

Cybersecurity Recommendations

Mandiant, a cybersecurity firm, shared insights into the attackers’ methods, suggesting that they may have used access to victim environments to enhance their phishing campaigns. They created new phishing domains with internal system names, as observed in some cases.

It is important to note the risk associated with syncing one-time codes to the cloud. This compromises the “something the user has” factor in multi-factor authentication. To strengthen security against phishing attacks, it is recommended that users consider using FIDO2-compliant hardware security keys or passkeys.

Hot Take: Phishing Attack Highlights the Dangers of SMS-Based Attacks

Read Disclaimer
This page is simply meant to provide information. It does not constitute a direct offer to purchase or sell, a solicitation of an offer to buy or sell, or a suggestion or endorsement of any goods, services, or businesses. does not offer accounting, tax, or legal advice. When using or relying on any of the products, services, or content described in this article, neither the firm nor the author is liable, directly or indirectly, for any harm or loss that may result. Read more at Important Disclaimers and at Risk Disclaimers.

The recent phishing attack targeting Retool’s cloud customers serves as a reminder of the dangers posed by SMS-based attacks and the potential misuse of deepfake technology. It emphasizes the need for individuals and organizations to remain vigilant against such threats and take proactive measures to enhance their cybersecurity defenses. By adopting stronger authentication methods, such as hardware security keys, users can better protect themselves from falling victim to phishing attempts and prevent unauthorized access to their sensitive information.

Google’s Authenticator Used to Address Breach Impacting Crypto Users
Author – Contributor at | Website

Owen Patter is a distinguished crypto analyst, accomplished researcher, and skilled editor, leaving a notable imprint on the cryptocurrency landscape. As a proficient crypto analyst and researcher, Owen delves into the intricate realms of digital assets, offering insights that resonate with a diverse audience. His analytical acuity is harmoniously paired with adept editorial skills, allowing him to transform complex crypto information into easily comprehensible content. Owen’s contributions serve as a valuable guide for both seasoned enthusiasts and newcomers, aiding them in navigating the dynamic world of cryptocurrencies with well-researched perspectives. With a meticulous commitment to precision, he empowers informed decision-making in the ever-evolving crypto domain.