The (hard) key to stop phishing: How Cloudflare stopped a targeted attack and you can too

Date: Thursday, October 27 at 11am PT / 2pm ET

On July 20, 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. Text messages to employees were disguised as official-looking communications, including “cloudflare” and “okta” in the hacker-controlled domain. The fake login page was designed to steal credentials and even perform time-based one-time passwords (TOTP) to try to unlock internal company access.

While a few employees did enter their credentials, Cloudflare’s network was not compromised, thanks largely to the hardware-based security keys issued to all employees for MFA. With our Zero Trust platform in place, Cloudflare was able to move from initial attack identification through full mitigation quickly and effectively.

Join this webinar where we’ll walk through the entire chain of events in detail and discuss:

  • Why not all MFA is treated equal and strengthened FIDO U2F / FIDO2 implementations like security keys can thwart phishing attacks
  • How a ZTNA service like Cloudflare Access simplifies the rollout of strong authentication across all types of resources, even legacy apps
  • Where Cloudflare’s Zero Trust platform played a role in mitigating this and similar attacks, from blocking the new domain to logging all authentications and killing active, compromised sessions
  • How a “paranoid but blame-free” culture is critical for security and helps businesses move quickly during critical incidents

Cloudflare customers can also take advantage of an exclusive offer to purchase security keys from Yubico, the leading provider of hardware authentication security keys, at “Good for the Internet pricing” - as low as $10 per key - through their Cloudflare dashboard.

Register now!

About the presenters:

Michael Keene, Senior Product Marketing Manager, Cloudflare

Michael is a product marketer for Zero Trust at Cloudflare with career experience in both software and hardware, having written for audiences across IT, security, engineering, and research. He holds an engineering degree from Duke University.

Derek Pitts, Enterprise Security Director, Cloudflare

Derek leads Cloudflare's Enterprise Security team with the mission of securing and protecting our employees and corporate environment. He has experience leading both IT and Security teams and has been with Zero Trust solutions since 2014.

Duration: 1 hour


Your e-mail address is used to communicate with you about your registration, related products and services, and offers from select vendors. Refer to our Privacy Policy for additional information.