Cyber Threats, Executive Online Protection, Privacy

Recent Cyber Attacks Confirm Personal Digital Lives are a Risk to Enterprise Security

Cyberattacks target Twilio, Cloudflare, Cisco employees in their personal digital lives.

BlackCloak was founded in large part because of the widening gap between the personal and enterprise cybersecurity and digital privacy protections afforded to business leaders, Board Members, and high-access employees. 

As we’ve written about extensively, attackers are increasingly attempting to bypass robust corporate security controls by breaching vulnerable or ill-defended personal devices, personal accounts, and home networks of key personnel. Once compromised, lateral movement into the organization, data theft, social engineering, account takeover, and other attacks become significantly easier to pull off. 

Over the past month, three notable cyberattacks targeting large organizations have occurred in which the attack vector of choice was personal emails and text messages to personal devices of high-access employees. Such attacks reinforce the need for security teams and solutions providers to recognize ‘the other 12 hours of the day’ as a significant threat to business operations, continuity, finances, reputation and more. 

Cisco confirms network breach via Gmail hack

Last month, Cisco confirmed that its network had been breached in early May by the Yanluowang Ransomware Group. The attack is confirmed to have originated from a phishing attack that targeted the personal Gmail account of a Cisco employee. 

 According to a statement by Cisco Talos:

During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.”

Also according to Cisco Talos, “the user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” 

Ultimately, the ransomware group was not successful in deploying malware. It was however able to “plant offensive hacking tools and conduct internal network reconnaissance.”

Attackers target Cloudflare and Twilio employees personal devices 

Current and former Cloudflare and Twilio employees were recently targeted by social engineering attacks on their personal devices. Cloudflare reports that over 76 employees and their families were sent smishing (SMS phishing) messages. Twilio is still investigating the totality of the breach. 

The smishing attack impersonated the IT department. Notification of password expirations and scheduling changes were sent. These malicious messages enticed users to click on fraudulent links, which redirected victims to fake login pages. 

Both companies have confirmed that employees engaged with the SMS phishing attacks. However, the impact to Cloudflare was minimal. 

As reported in Bleeping Computer, “while individual (Cloudflare) employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.”

Twilio, in contrast, has revealed that roughly 125 customers had their data accessed by the cybercriminals. In a statement to Hacker News, Twilio claims that, “there is no evidence that customer passwords, authentication tokens, or API keys were accessed without authorization.” 

Extending enterprise security with digital executive protection 

It will be sometime before Cisco, Cloudflare, and Twilio know with complete certainty the extent of damage and reconnaissance that occurred from the aforementioned attacks. What should be clear to their security teams now however is that the personal digital lives of their key personnel now represent an existential risk to the company.  And this risk cannot be solved within the footprint of the company itself. 

Cybercriminals have identified personal digital lives as the new path of least resistance into an organization. They know they can access the corporate infrastructure by breaching its most consequential people, at home, where they are vulnerable and lack enterprise-grade defenses. 

As the pioneer of Digital Executive Protection (DEP), we can help drastically reduce this proliferating risk. We combine enterprise-grade cybersecurity and digital privacy protection services with concierge support and a US-based SOC into a single SaaS platform that is fast to set up and frictionless to use.  

Visit our product page for more information on our digital executive protection solution. Let’s get your DEP program started before your most valuable employees are targeted in their personal digital lives.