drj logo

"*" indicates required fields

Name*
Zip Code*
Please enter a number from 0 to 100.
Strength indicator
I agree to the Terms of Service and Privacy Policy*
Yes, of course I want to receive emails from DRJ!
This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

x
DRJ Fall 2025 Dallas Show
Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Why Subscribe to DRJ
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Fall 2025
    • DRJ Spring 2025
    • DRJ Scholarship
    • Other Industry Events
    • Schedule & Archive
    • Send Your Feedback
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DEI
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

SMS Phishing Attacks Mount; Experts Weigh In On Prevention And Protection Options

by Jon Seals | August 10, 2022 | | 0 comments

It is now no secret that Twilio, a cloud communications company, and Cloudflare, a content delivery network and DDoS mitigation company, had their internal systems breached after bad actors stole employee credentials in phishing attacks, gaining access to customers’ data. 

What’s interesting is both attacks were executed via SMS. In 2021, data indicated that 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites, and just 1% via phone. 

Twilio, whose news broke first, became aware of the attack on August 4 but declined to provide more information when asked how many employees had their accounts compromised in the phishing attack and how many customers were affected by the breach. 

Cloudflare, which announced its breach on August 9, shared that some employees’ credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio’s network breach.

In both phishing attacks, the adversaries impersonated the company’s IT department. 

For Twilio, it asked them to click URLs containing Twilio, Okta, and SSO keywords that would redirect them to a Twilio sign-in page clone. The messages then baited Twilio’s employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed. 

In Cloudflare’s case, after entering credentials on the phishing pages, AnyDesk remote access software was automatically downloaded on employee computers to allow the threat actors to take control of their computers remotely if installed.

“This is a storybook case of the damage phishing links can do,” Jeannie Warner, director of product marketing, Exabeam. “Compromised credentials are often derived from a URL in a phishing message. A carefully crafted message containing the malicious link is sent to an unsuspecting employee. As soon as it’s clicked, the cycle of information loss and damage begins. Any company should aim to nip this problem early on by identifying and alerting these malicious links.”

Warner went on to say, “There are many public and commercial data providers that offer blacklisting services or databases for potential phishing domains/URL lookups. However, like any signature-based approach, newly-crafted phishing URLs cannot be identified this way. New machine learning approaches can actually flag a suspicious phishing URL previously unknown to blacklist data providers and should be considered by frequently targeted industries, such as technology and communications providers. Innovative organizations need a modern approach to securing their environments in order to spot these types of attacks quickly. To help achieve this, machine learning-powered SIEM, automated investigation and response tools, and UEBA technology should absolutely be part of their security stack.”

As phishing attacks employ more sophisticated disguises, companies must increase security to prevent data loss and financial loss. 

PlainID’s CTO and co-founder, Gal Helemski stated that exact reason as to why phishing attacks are so prevalent. 

“Phishing attacks remain one of the most popular methods of attacks used by cyber adversaries. It is primarily due to how easy it is to trick a human compared to a sophisticated cyber solution. Thus, it is time to reinforce all security infrastructure,” she said. “When it comes to internal breaches where networks are compromised, identity is still the number one challenge. Organizations must adopt a “Zero Trust” approach, which means trusting no one – not even known users or devices – until they have been verified and validated. Zero Trust provides that layer of defense that is unrivaled when it comes to defending internal systems.”

Neil Jones, director of cybersecurity evangelism at Egnyte suggested an improved education on how these social engineering threats can be used, as the evolution of bad actors is happening at a rapid pace, and old education may not be keeping up with the attacks that are inbound. 

“The alleged cyber-attacks remind us that organizations’ IT security programs are only as strong as their weakest links. Here, we see how social engineering and “smishing” tactics can lead to fraudulent account access and ultimately impact a brand’s reputation. The situation also demonstrates that users have a more intimate technical relationship with their mobile devices, making mobile-based attacks much more impactful on end-users. In addition to general cybersecurity awareness training, anti-phishing education and restricting access to company data based on a user’s “Business Need to Know” are powerful deterrents. You also need to re-educate your company’s users that phishing attacks don’t occur only by e-mail.”

CISCO’s 2021 Cybersecurity threat trends report suggests that at least one person clicked a phishing link in around 86% of organizations. The company’s data indicates that phishing accounts for approximately 90% of data breaches. 

Helemski went on to explain why access policies and authorization are so important.

“Access Policies and Dynamic Authorizations are a crucial part of the zero-trust architecture; they help to verify who is requesting access, the context of the request, and the risk of the access environment. You cannot control human cyber hygiene and thus the power of verification is demonstrated. Organizations need a more focused strategy oriented on purchasing the highest reward tools. Identity and authorization are where the smart money should be going. If we assume adversaries are already in the network, it makes sense to focus budgets on restricting movement inside the network.”

Tim Prendergast, CEO of strongDM, agreed with Helemski on the importance of access management, suggesting a re-evaluation of applications and infrastructure to secure access.

“The breaches that gave hackers access to customers’ data highlights how crucial strong access management and infrastructure are to maintain strong security,” he said. “Attackers are relentlessly looking for ways into internal systems because it grants them a VIP pass into databases, and servers and access to everything companies don’t want leaked publicly. Once attackers get those valid credentials, they can wreak havoc internally. In this case, we’re seeing that SMS phishing messages baited employees into clicking links that warned them of password changes. The first step here is, rather than point fingers, because in truth this could have happened to anyone, that it is important for CISOs to re-evaluate the visibility and control of access across both applications and infrastructure.”

Other experts, such as Arti Raman, CEO & Founder, of Titaniam, suggested a bit of a different approach–neutralization. 

“As this incident proved, despite security protocols put in place, information can be accessed using privileged credentials, allowing access to hackers to steal underlying data,” Raman said. “The most effective solution for keeping customer PII safe and minimizing the risk of extortion is data-in-use encryption, also known as encryption-in-use. Encryption-in-use provides enterprises with unmatched immunity to data-focused cyberattacks. Should adversaries gain access to data by any means, data-in-use encryption keeps the sensitive information encrypted and protected even when it is actively being utilized. This helps neutralize all possible data-related leverage and dramatically limits the impact of a data breach.”

Whatever approach companies choose to take, whether neutralization, education, or prevention, it is apparent these steps need to be taken sooner rather than later as these bad actors continue to wreak havoc, looking to pull in the biggest fish they can.

Related Content

  1. Data Stored in Cloud-based Applications: The Next Frontier in Data Protection
  2. Use DR Data Protection Pillars to Build a Next-gen DR Strategy
  3. Future-Proof Business Security: Strategies for Long-Term Resilience
    The Future of Business Protection

Recent Posts

Introducing Kusari Inspector: Empowering Developers with Real-Time Software Security Insights in Every Pull Request

June 17, 2025

HackerOne Launches Technology Alliance Program to Advance AI-Powered Security Ecosystem and Customer Innovation

June 16, 2025

Cayosoft Awarded Multi-Year Contract with Internal Revenue Service to Manage Microsoft Identity Environment

June 16, 2025

Volvo Penta and Central Power Expand Industrial Power Support Across the Midwest

June 16, 2025

Cyolo Unveils Major New Capabilities, Expanding Secure Remote Access Coverage for OT and Cyber-Physical Systems

June 16, 2025

Qualys Expands Public Sector Footprint with Opening of Washington, D.C. Office

June 11, 2025

Archives

  • June 2025 (32)
  • May 2025 (59)
  • April 2025 (91)
  • March 2025 (57)
  • February 2025 (47)
  • January 2025 (73)
  • December 2024 (82)
  • November 2024 (41)
  • October 2024 (87)
  • September 2024 (61)
  • August 2024 (65)
  • July 2024 (48)
  • June 2024 (55)
  • May 2024 (70)
  • April 2024 (79)
  • March 2024 (65)
  • February 2024 (73)
  • January 2024 (66)
  • December 2023 (49)
  • November 2023 (80)
  • October 2023 (67)
  • September 2023 (53)
  • August 2023 (72)
  • July 2023 (45)
  • June 2023 (61)
  • May 2023 (50)
  • April 2023 (60)
  • March 2023 (69)
  • February 2023 (54)
  • January 2023 (71)
  • December 2022 (54)
  • November 2022 (59)
  • October 2022 (66)
  • September 2022 (72)
  • August 2022 (65)
  • July 2022 (66)
  • June 2022 (53)
  • May 2022 (55)
  • April 2022 (60)
  • March 2022 (65)
  • February 2022 (50)
  • January 2022 (46)
  • December 2021 (39)
  • November 2021 (38)
  • October 2021 (39)
  • September 2021 (50)
  • August 2021 (77)
  • July 2021 (63)
  • June 2021 (42)
  • May 2021 (43)
  • April 2021 (50)
  • March 2021 (60)
  • February 2021 (16)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Fall 2025
    • Spring 2025

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    LINKEDIN AND TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates

    LinkedIn

    @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2025 Disaster Recovery Journal
    • Terms of Use
    • Privacy Policy