Cloudflare has detailed what it describes as a “targeted phishing attack” against its staff that was prevented from doing damage because all employees are required to use multi-factor authentication (MFA) in the form of physical security keys in order to access applications.
That meant that even with the correct usernames and passwords, the attackers couldn’t access accounts and no systems were compromised.
According to cybersecurity researchers at Cloudflare who analysed the attack, it was a sophisticated attack targeting employees and systems “in such a way that we believe most organizations would be likely to be breached”.
