Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself.
In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.
The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.
MORE FIDO in the News
Informatik aktuell: FIDO Passkeys 2 – in the future without a password
The FIDO Alliance is committed to making the Internet and...September 15, 2023
TechRadar: BitWarden adds passwordless SSO
Bitwarden has now added Single Sign-On (SSO) support for trusted...
Smashing Security: 339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames?
Podcast episode where FIDO Passkeys are mentioned and linked to.