TheDinarian
News • Business • Investing & Finance
⚠️Inside a cyberattack method that targets your cellphone⚠️
Is it really Okta? Or is it actually 0ktapus?
September 30, 2022
post photo preview

A recent spree of “smishing” attacks points to what some experts anticipate will be a wider threat in the future.

The technique, which claims victims at Twilio and targeted others at Cloudflare, combines text messages intent on luring victims into clicking on a link, leans on the ubiquity of smartphones, seeks to manipulate human nature, and works around an increasingly common defensive measure.

A campaign that relied on the technique gathered steam this summer and targeted more than 130 companies,according to a report from cyberfirm Group-IB last month. The attackers compromised nearly 10,000 user credentials.

The technique works like this:

  • Hackers send phony text messages to prospective victims, luring them to click on a link by pretending to be, say, a member of their employers’ IT teamtelling them that their password had expired or their schedule had changed. Typically known as “phishing” when the lures arrive via email, this is known as “smishing” because it’s a portmanteau of “phishing” and “SMS,” commonly known as texting.
  • The link leads to a fake Okta site or another tool that verifies a sign-in, known as multifactor authentication or MFA. (Group-IB named the campaign in its report 0ktapus because of the Okta angle.)
  • Once the hackers get the code that their victim unwittingly gives them, they’re able to roam around in the victims’ networks.

The Group-IB figures are dramatic, saidRyan Olson, vice president of threat intelligence at Palo Alto Networks’ Unit 42.

“That means they had success on like 70 individuals per company on average, and I don’t know what all the companies are or how big they are, but that was extremely successful for a phishing attack,” Olson told me. “If you were to send a phishing attack over email, you’re lucky if one in a 1,000 people even sees the email and makes it through the filters, let alone click on it, let alone type in their multifactor authentication code as well. That’s a huge amount of success.”

Olson said his company has already seen copycats of the original campaign and expects it to expand, a view others in the cyber field share.

“It’s going to grow,” predictedAngelos Stavrou, founder and chief science officer at Quokka, a mobile privacy company known until recently as Kryptowire.

Why it works

In most cases, people don’t have as many defenses on their personal phones to block malicious messages as a large organization has on their work emails, Olson said. (Separately, theIRS warned about smishing attacks Wednesday.)

Smishing is a lesser known threat, and people are more accustomed to clicking on text messages, some of which their employer might send,Olson said. And attackers have learned that they can spam requests for MFA log-in codes and some people will eventually give in, which isapparently what happenedinthis month’s Uber breach.

MFA is a well-regarded defensive technique touted by federal officials and major tech companies alike, but as it has grown more common, “MFA fatigue” has taken hold. Often, users just want to make the messages stop and clicking on them is the quickest way.But Olson said you don’t need to be a dummy to fall for the trick.

Often users don’t trigger an MFA request until they sign into a system they use at work. But Olson himself recently got an MFA message because he had timed out of a system that was idle on his computer. Some office workers, in other words, get routine prompts to reauthorize.

For Stavrou, the reason it works is the steady escalation of defense and offense, and how everyday users respond.

“As we become more advanced, the adversary has become more advanced,” he told me. “The information that the user is presented with is increasing faster than they can handle.”

While 0ktapus focused on Okta, Palo Alto Networks has seen campaigns centered on other authentication tools as well, like Duo or Microsoft 365.

The risks and the fixes

There are some limits to the attack method. It requires hackers to use a login code within a certain amount of time, but Olson said that process is likely automated. The overall technique, according to Group-IB and others, doesn’t require major skills.

What can the hackers do to victims if successful? “Recent disclosures reveal that the initial compromises were just part of the attack,” Group-IB noted, pointing to the potential to steal cryptocurrency or use stolen information to launch attacks on other victims.

Some keys tofending off the attacksinclude physical devices like the Yubikey, which make it harder for hackers to intercept identity verification; reliance on apps like Google Authenticator rather than text messages for authentication codes; or employee awareness programs.

Until then, “anytime a technique shows this much success, other threat actors will copy it,” Olson said.

Link

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
Pyth Network Is Playing A MAJOR Role 😉

The @PythNetwork is playing a major role in financial data transparency by powering on-chain publishing of real-time Commerce Department GDP data. This initiative marks a huge leap for blockchain-based economic oracles, enabling markets to react instantly to official, anonymized metrics. As other economic indicators join this movement, decentralized finance stands to gain unprecedented data transparency and efficiency.

🔎Why This Matters:

🔹Publishing GDP and other markers on-chain lets oracles deliver accurate, up-to-the-minute pricing for DeFi and trading.

🔹The result is real-time market reactions, making price discovery and risk management faster and more reliable.

🔹Scrubbing data for anonymity preserves privacy while boosting trust in the blockchain ecosystem.

👉The Impact:

🔹Official government data feeds power smarter financial markets, improving decision-making for users worldwide.

🔹 PYTH Network’s leadership sets a new standard for integrating public ...

00:00:34
The future of home cinema and gaming?

Too cool, must have in the new life ahead. 😉

00:01:21
Why did the SEC drop their appeal against Ripple?

@s_alderoty @Ripple

00:01:24
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading

(Dinarian Note: This Is Entirely Possible, We Are In Unchartered Waters. Tia, the celebrity psychic that took the departed Michelle Whitedove's position, is predicting only a 2 year bear market coming after this bull cycle. Time will tell...)

“4 year cycles are over…”😶‍🌫️

In this episode of the Cashu podcast I sit down with 👉SMQKE, one of the top XRP & ISO-20022 fundamental analysts, to break down:

💥 Quadrillions set to flow through blockchain
💥 Why ISO tokens were preselected to upgrade SWIFT
💥 The Genius & Clarity Acts, stablecoins & regulation
💥 End of the 4-year cycle & rise of institutional money
💥 Bitcoin’s fate vs XRP, XLM, XDC, SHX & more

A must-watch for anyone serious about XRP, ISO-20022 tokens & the future of crypto.

Full Episode:

XRP 101 ✅️
post photo preview

‼️ AUGUST 2025: CENTRAL BANK OF NIGERIA ORDERS FULL ISO 20022 MIGRATION ACROSS ALL SYSTEMS BY OCTOBER 2025‼️

Documented.📝💨

OP: Smqkedqg

post photo preview
post photo preview
The Great Onboarding: US Government Anchors Global Economy into Web3 via Pyth Network

For years, the crypto world speculated that the next major cycle would be driven by institutional adoption, with Wall Street finally legitimizing Bitcoin through vehicles like ETFs. While that prediction has indeed materialized, a recent development signifies a far more profound integration of Web3 into the global economic fabric, moving beyond mere financial products to the very infrastructure of data itself. The U.S. government has taken a monumental step, cementing Web3's role as a foundational layer for modern data distribution. This door, once opened, is poised to remain so indefinitely.

The U.S. Department of Commerce has officially partnered with leading blockchain oracle providers, Pyth Network and Chainlink, to distribute critical official economic data directly on-chain. This initiative marks a historic shift, bringing immutable, transparent, and auditable data from the federal government itself onto decentralized networks. This is not just a technological upgrade; it's a strategic move to enhance data accuracy, transparency, and accessibility for a global audience.

Specifically, Pyth Network has been selected to publish Gross Domestic Product (GDP) data, starting with quarterly releases going back five years, with plans to expand to a broader range of economic datasets. Chainlink, the other key partner, will provide data feeds from the Bureau of Economic Analysis (BEA), including Real Gross Domestic Product (GDP) and the Personal Consumption Expenditures (PCE) Price Index. This crucial economic information will be made available across a multitude of blockchain networks, including major ecosystems like Ethereum, Avalanche, Base, Bitcoin, Solana, Tron, Stellar, Arbitrum One, Polygon PoS, and Optimism.

This development is closer to science fiction than traditional finance. The same oracle network, Pyth, that secures data for over 350 decentralized applications (dApps) across more than 50 blockchains, processing over $2.5 trillion in total trading volume through its oracles, is now the system of record for the United States' core economic indicators. Pyth's extensive infrastructure, spanning over 107 blockchains and supporting more than 600 applications, positions it as a trusted source for on-chain data. This is not about speculative assets; it's about leveraging proven, robust technology for critical public services.

The significance of this collaboration cannot be overstated. By bringing official statistics on-chain, the U.S. government is embracing cryptographic verifiability and immutable publication, setting a new precedent for how governments interact with decentralized technology. This initiative aligns with broader transparency goals and is supported by Secretary of Commerce Howard Lutnick, positioning the U.S. as a world leader in finance and blockchain innovation. The decision by a federal entity to trust decentralized oracles with sensitive economic data underscores the growing institutional confidence in these networks.

This is the cycle of the great onboarding. The distinction between "Web2" and "Web3" is rapidly becoming obsolete. When government data, institutional flows, and grassroots builders all operate on the same decentralized rails, we are simply talking about the internet—a new iteration, yes, but the internet nonetheless: an immutable internet where data is not only published but also verified and distributed in real-time.

Pyth Network stands as tangible proof that this technology serves a vital purpose. It demonstrates that the industry has moved beyond abstract "crypto tech" to offering solutions that address real-world needs and are now actively sought after and understood by traditional entities. Most importantly, it proves that Web3 is no longer seeking permission; it has received the highest validation a system can receive—the trust of governments and markets alike.

This is not merely a fleeting trend; it's a crowning moment in global adoption. The U.S. government has just validated what many in the Web3 space have been building towards for years: that Web3 is not a sideshow, but a foundational layer for the future. The current cycle will be remembered as the moment the world definitively crossed this threshold, marking the last great opportunity to truly say, "we were early."

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto Donations👇
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
US Dept of Commerce to publish GDP data on blockchain

On Tuesday during a televised White House cabinet meeting, Commerce Secretary Howard Lutnick announced the intention to publish GDP statistics on blockchains. Today Chainlink and Pyth said they were selected as the decentralized oracles to distribute the data.

Lutnick said, “The Department of Commerce is going to start issuing its statistics on the blockchain because you are the crypto President. And we are going to put out GDP on the blockchain, so people can use the blockchain for data distribution. And then we’re going to make that available to the entire government. So, all of you can do it. We’re just ironing out all the details.”

The data includes Real GDP and the PCE Price Index, which reflects changes in the prices of domestic consumer goods and services. The statistics are released monthly and quarterly. The biggest initial use will likely be by on-chain prediction markets. But as more data comes online, such as broader inflation data or interest rates from the Federal Reserve, it could be used to automate various financial instruments. Apart from using the data in smart contracts, sources of tamperproof data 👉will become increasingly important for generative AI.

While it would be possible to procure the data from third parties, it is always ideal to get it from the source to ensure its accuracy. Getting data directly from government sources makes it tamperproof, provided the original data feed has not been manipulated before it reaches the oracle.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

Read full Article
post photo preview
List Of Cardano Wallets

Well-known and actively maintained wallets supporting the Cardano Blockchain are EternlTyphonVesprYoroiLaceADAliteNuFiDaedalusGeroLodeWalletCoin WalletADAWalletAtomicGem WalletTrust and Exodus.

Note that in case of issues, usually only queries relating to official wallets can be answered in Cardano groups across telegram/forum. You may need to consult with specific wallet support teams for third party wallets.

Tips

  • Its is important to ensure that you're in sole control of your wallet keys, and that the keys used can be restored via alternate wallet providers if a particular one is non-functional. Hence, put extra attention to Non-Custodial and Compatibility fields.
  • The score column below is strictly a count of checks against each feature listed, the impact of specific feature (and thus, score) is up to reader's descretion.
  • The table represents current state on mainnet network, any future roadmap activities are out-of-scope.
  • Info on individual fields can be found towards the end of the page.
  • Any field that shows partial support (eg: open-source field) does not score the point for that field.

Brief info on fields above

  • Non-Custodial: are wallets where payment as well as stake keys are not shared/reused by wallet provider, and funds can be transparently verified on explorer
  • Compatibility: If the wallet mnemonics/keys can easily (for non-technical user) be used outside of specific wallet provider in major other wallets
  • Stake Control: Freedom to elect stake pool for user to delegate to (in user-friendly way)
  • Transparent Support: Easy approachability of a public interactive - eg: discord/telegram - group (with non-anonymous users) who can help out with support. Twitter/Email supports do not count for a check
  • Voting: Ability to participate in Catalyst voting process
  • Hardware Wallet: Integration with atleast Ledger Nano device
  • Native Assets: Ability to view native assets that belong to wallet
  • dApp Integration: Ability to interact with dApps
  • Stability: represents whether there have been large number of users reporting missing tokens/balance due to wallet backend being out of sync
  • Testnets Support: Ability to easily (for end-user) open wallets in atleast one of the cardano testnet networks
  • Custom Backend Support: Ability to elect a custom backend URL for selecting alternate way to submit transactions transactions created on client machines
  • Single/Multi Address Mode: Ability to use/import Single as well as Multiple Address modes for a wallet
  • Mobile App: Availability on atleast one of the popular mobile platforms
  • Desktop (app,extension,web): Ways to open wallet app on desktop PCs
  • Open Source: Whether the complete wallet (all components) are open source and can be run independently.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto
XRP: r9pid4yrQgs6XSFWhMZ8NkxW3gkydWNyQX
XLM: GDMJF2OCHN3NNNX4T4F6POPBTXK23GTNSNQWUMIVKESTHMQM7XDYAIZT
XDC: xdcc2C02203C4f91375889d7AfADB09E207Edf809A6

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals