Cloudflare employees were recently targeted by a “sophisticated” cyberattack, and even though some fell for the scheme, the DDoS protection company managed to successfully defend itself. 

In a blog post(opens in new tab), Cloudflare co-founder Matthew Prince, together with team members Daniel Stinson-Diess and Sourov Zaman, explained how the attack happened and what made the difference between success and failure.

The threat actor made a couple of key preparations ahead of the attack: they registered a domain that looked legitimate and would fool many victims: cloudflare-okta.com. Okta is Cloudflare’s identity provider. They also managed to somehow obtain the phone numbers of almost 80 Cloudflare employees, as well as family members for some.


More

Tagesspiegel Background: Man against machine against man

The goal of cybersecurity should not be to become better than the hackers’ AI. Rather,…

Read More →

IT Pro: Passkeys, a passwordless authentication solution supported by major tech companies, provide a secure alternative using public key cryptography

Built on the WebAuthentication standard, they eliminate traditional password challenges. Despite corporate adoption hurdles, the…

Read More →

WSJ: 23andMe Hack Is a Wake-Up Call for Your Password Habits

The recent 23andMe breach, exposing personal information belonging to 6.9 million people, underlines the dangers…

Read More →