Virtualization Technology News and Information
DoorDash breach linked to Twilio attackers - Experts chime in


DoorDash is the latest victim of the hacking group dubbed "0ktapus," which has stolen 10K employee credentials from about 130 organizations - including Twilio and Signal - this year via phishing attacks. 

In DoorDash's blog post, it states that the attackers obtained credentials from employees of a third-party vendor, which were then used to access DoorDash's internal tools and systems. 

According to a report by Ponemon Institute, 51% of businesses have suffered a data breach caused by a third party, with 44% suffering a breach within the previous 12 months. Out of these 44% of organizations, 74% of data breaches were the result of giving too much-privileged access to third parties. 

Data accessed includes names, email addresses, delivery addresses and phone numbers of DoorDash customers. Some users also saw payment card information stolen, but not all. For DoorDash drivers, hackers accessed data that "primarily included name and phone number or email address."


Gal Helemski, CTO and co-founder, PlainID

"When it comes to internal breaches where networks are compromised, identity is still the number one challenge. Organizations must adopt a "Zero Trust" approach, which means trusting no one - not even known users or devices - until they have been verified and validated. Access policies and dynamic authorizations are a crucial part of the zero-trust architecture, as they help to verify who is requesting access, the context of the request, and the risk of the access environment.

Instead of pouring more money into a shotgun approach to security, organizations need a more focused strategy oriented on purchasing the highest reward tools. Identity and authorization are where the smart money should be going. If we assume hackers are already in the network, it makes sense to focus budgets on technologies that restrict movement inside the network."

Jeannie Warner, director of product marketing, Exabeam

"This is a storybook case of the damage credentials in the wrong hands can cause. Compromised credentials are often derived from a URL in a phishing message. A carefully crafted message containing the malicious link is sent to an unsuspecting employee. As soon as it's clicked, the cycle of information loss and damage begins. Any company should aim to nip this problem early on by identifying and alerting these malicious links.

There are many public and commercial data providers that offer blacklisting services or databases for potential phishing domains/URL lookups. However, like any signature-based approach, newly-crafted phishing URLs cannot be identified this way. New machine learning approaches can actually flag a suspicious phishing URL previously unknown to blacklist data providers and should be considered by frequently targeted industries, such as technology and communications providers. Innovative organizations need a modern approach to securing their environments in order to spot these types of attacks quickly. To help achieve this, machine learning-powered SIEM, automated investigation and response tools, and UEBA technology should absolutely be part of their security stack."

Tim Prendergrast, CEO, strongDM

"The DoorDash breach, along with those experienced by Twilio, Signal and more, that gave hackers access to customers' data highlight how crucial strong access management and infrastructure are to maintain strong security. Attackers are relentlessly looking for ways into internal systems because it grants them a VIP pass into databases, and servers and access to everything companies don't want leaked publicly. Once attackers get those valid credentials, they can wreak havoc internally. The first step here is, rather than point fingers, because in truth this could have happened to anyone, that it is important for CISOs to re-evaluate the visibility and control of access across both applications and infrastructure."

Arti Raman (She/Her), CEO & Founder, Titaniam

"Following the recent Twilio phishing attack, attackers gained access to its systems after tricking and stealing credentials from multiple employees targeted in the phishing incident and then used the stolen credentials to gain unauthorized access to information related to a limited number of Twilio customer accounts, as well a multiple third party associates of Twilio, including most recently, DoorDash. As this incident proved, despite security protocols put in place, information can be accessed using privileged credentials, allowing access to hackers to steal underlying data. 

The most effective solution for keeping customer PII safe and minimizing the risk of extortion is data-in-use encryption, also known as encryption-in-use. Encryption-in-use provides enterprises with unmatched immunity to data-focused cyberattacks. Should adversaries gain access to data by any means, data-in-use encryption keeps the sensitive information encrypted and protected even when it is actively being utilized. This helps neutralize all possible data-related leverage and dramatically limits the impact of a data breach." 

Neil Jones, director of cybersecurity evangelism, Egnyte

"The alleged cyber-attack on delivery application DoorDash reminds us that an organization's cybersecurity is only as strong as the security protection of its third-party vendors. Here, we see how social engineering tactics and suspicious network activity can lead to fraudulent account access and ultimately impact a brand's reputation. The good news is that DoorDash did a lot of the right things here: 1) Detecting the suspicious access quickly, 2) Involving law enforcement agencies on a timely basis, 3) Providing rapid and clear user disclosure, 4) Providing a dedicated call center number for impacted parties and 5) Committing to make potential cybersecurity improvements in the future. For all organizations, general cybersecurity awareness training, anti-phishing education and restricting access to company data based on a user's "Business Need to Know" are powerful deterrents to social engineering attacks."


Published Friday, August 26, 2022 4:40 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2022>