It has been reported that Twitter accounts of billionaires Elon Musk, Jeff Bezos and Bill Gates and many other prominent figures are hacked in an apparent Bitcoin scam. The tweets generated from these high profile accounts are asking for donations in cryptocurrency. It was a “co-ordinated” attack targeting Twitter employees with access to internal systems and tools. Industry leaders provide an insight into this breach below.
Experts Comments
Cybercriminals are using a “wait and learn” approach to gather intelligence and launch sophisticated attacks.
This week’s attack on Twitter was extremely sophisticated, and likely wasn’t an isolated incident. Coordinated attacks like these take time and resources to execute, so it’s likely the attackers had already gained a foothold on Twitter’s networks, and spent weeks - or even months - stealthily gathering intelligence before they made their public moves.
This speaks to a larger trend we’re seeing in cybercrime, where hackers exploit workers via phishing attacks to gain access to a.....Read More
I believe that Twitter will work hard to close any security gaps that might have been used, making similar attacks really hard, if not impossible, to
The attack that happened earlier this week is possibly one of the worst security incidents at Twitter, if not the worst.
We have seen compromises of high profile accounts in the past, which were used to post cryptocurrency-related scams, but they pale in comparison to this one. For instance, @Jack was hacked in 2019 through SIM-swap attacks, and President Trump's account was deleted by a Twitter employee. Yet, the scope of the current attack is much larger, affecting many top accounts, with.....Read More
Chris Hauk, consumer privacy champion, Pixel Privacy
Early reports indicated the Twitter Bitcoin hack was enabled by "a coordinated social engineering attack" that targeted Twitter employees. This underscores how easy it is to fall for a social engineering attack, even if you're an employee of a social network and who should be more security conscious than your average office worker.
The ability for a hacker to gain the ability to post on multiple Twitter accounts is quite scary, and Twitter should consider itself lucky that the hacker’s aim .....Read More
Raif Mehmet, VP EMEA at Bitglass
Twitter's new work from home policy has clearly exposed information required by hackers to infiltrate key systems. A zero Trust CASB solution with multifactor authentication and SSO is essential to prevent these types of attacks when employees are accessing a labyrinth of both sanctioned and unsanctioned SAAS applications. Visibility alone into user activity is essential if forensics is to pinpoint root cause.
Regardless of how far or deep, Twitter’s first job is explaining exactly what transpired and why, and what will be done to repair what is now a damaged trust.
Insider driven attacks are the hardest nut to crack – whether they are malicious or unintentional because of the abuse of valid access. With Twitter acknowledging that inside role, the next question becomes – how was the act as invasive and possible at such scale? That seems to be a question whose answer lies in the insider tool used. What does that tool enable in terms of access and control, who has access to it, and what are the mechanisms for oversight? Whether one or 10 people, the.....Read More
The rogue tweets are no longer an issue at this point, but the root cause of the incident.
On Wednesday, hackers broadcast a cryptocurrency scam to hundreds of millions of Twitter users by tweeting from dozens of hijacked, high-profile Twitter accounts. Based on Twitter’s communications regarding the matter and other reporting, we know that the attack involved internal Twitter tools, changes of associated email accounts, and a website promoting a fake giveaway project supposedly organised by several cryptocurrency exchanges. The rogue tweets are no longer an issue at this point,.....Read More
Organisations have an opportunity to do more by understanding the ‘human layer’ of security, including breach personas and where different risks lie.
News today that Twitter has suffered a co-ordinated attack targeting its employees "with access to internal systems and tools" is deeply concerning. However, screenshots obtained from two sources who took over accounts which suggest that this breach was caused by an intentionally malicious insider adds an additional layer of concern and complexity to this saga.
In our 2020 Insider Data Breach, we found that 75% of IT leaders surveyed believe employees have put data at risk intentionally in.....Read More
A compromised user account still has access to data, but it remains encrypted all the time, even when in use.
The latest Twitter hack exposes the identity and access management vulnerability and the risk of administrator accounts being compromised, leaving data vulnerable.
It appears that cybercriminals gained access to Twitter's internal network, then used an admin tool to control the user accounts of prominent individuals and organisations to post fraudulent messages. Using social engineering to gain access to Twitter staff accounts, giving access to data stored in the network. According to.....Read More
Unless Twitter identifies the root cause and patches it, we could see similar attacks in the near future.
This is a very serious hack that could have resulted in a lot of damage in financial markets should a tweet have been attributed to a personality with influence like POTUS, the treasury secretary or the chairman of the Federal Reserve Bank. In a very short period of time, one of the bitcoin wallets saw more than 300 contributions, some at around $5,000, totaling over $118,000 in received funds.
This was obviously a carefully coordinated attack that required a non-trivial amount of preparation. .....Read More
This breach shows that in today’s world of increasing data loss events, organizations have little choice but to take action to protect sensitive data.
This is not the first time the privacy of Twitter users have been impacted by its employees, nor the first time that Twitter employees were responsible for sensitive data disclosure. The account of Twitter's own CEO Jack Dorsey was compromised a few months ago after his phone number was taken over in a SIM swapping attack. Last year, two employees were accused of abusing their access to internal Twitter resources and helping Saudi Arabia spy on dissidents living abroad.
Although Twitter has .....Read More
it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter.
The Twitter attack is an interesting one and we were lucky the actors involved were interested in monetizing the compromise versus creating potential significant unrest through the high profile accounts that were impacted. On the technical side, it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter. However, due to the number of accounts compromised it’s quite possible that an internal.....Read More
Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority.
With any compromise, the targeted business jeopardizes losing user trust. The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors. Cybercriminals were able to access the high-profile accounts by tricking employees via a “coordinated social engineering attack” into giving up their credentials. Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority .....Read More
While there are no guarantees, this is the formula even in the case of an Achilles Heel type of exploit or vulnerability.
Twitter is garnering headlines today, but they aren't the first and won't be the last social media platform to suffer a breach. Today, many brands and people are immune to embarrassment around cyber: it’s a Teflon effect. In this case, the celebrities and figureheads' reputations and brand strength are being abused; but they aren’t exhibiting arrogance, overconfidence and most importantly don’t appear to have done anything wrong.
Unless this Twitter attack is the first punch in a one-two .....Read More
The Twitter hack demonstrated the real risks when employees have the ability to impersonate users.
The Twitter hack demonstrated the real risks when employees have the ability to impersonate users. In this case, Twitter has disclosed that their hack originated with a social engineering attack targeting key employees with administrative access to the tweet streams of verified users. Given the importance someplace on the tweets of celebrities and elected officials, we’re lucky that the attackers chose to demonstrate their abilities by soliciting Bitcoin. In effect, the reality that attackers .....Read More
It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam.
In post-exploitation scenarios, we can understand what the attackers' motives are. In this case, these attackers are an outwardly financially motivated group leveraging some of the most popular Twitter accounts in a simple cryptocurrency scam. It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam. We can, and should, expect this attack group to take full advantage of their admin-level access to Twitter's platform .....Read More
Joe Carson, Chief Security Scientist & Advisory CISO, Thycotic
The Twitter attack is an interesting one and we were lucky the actors involved were interested in monetizing the compromise versus creating potential significant unrest through the high profile accounts that were impacted. On the technical side, it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter. However, due to the number of accounts compromised it’s quite possible that an internal.....Read More
To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response.
While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin.
People are still the main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and.....Read More
The complexity of internal systems within organisations presents a vastly increased attack surface.
The Twitter hack looks a classic case of insider threat. The insider’s behaviour can be malicious, complacent, or ignorant, which in turn amplifies the impact to the organisation resulting in monetary and reputation loss. Using traditional technologies – such as data loss prevention( DLP) tools, privileged access management (PAM) solutions, and other point solutions – is not sufficient to detect insider threat behaviour today. The complexity of internal systems within organisations.....Read More
Although changing account passwords would be a good idea, it wouldn’t have been enough to stop this hack.
This appears to be the biggest hack involving a social media platform yet, and it was carried out with good old fashioned social engineering at the heart of it. Rather than going for the account holders themselves, the hackers went for the source and decided to hijack a number of twitter employees who are granted unprecedented access into any account they choose.
Acting like a help desk, these employee accounts were enabled to use a specific admin tool and do whatever they wanted, which is.....Read More
The consequences of a rogue, compromised Trump tweet (for example) could be devastating.
This attack is a stark reminder of just how fragile platform security can be, and that despite our best efforts at locking accounts down individually, it's all for nothing if things go wrong behind the scenes. Given how much Twitter drives conversation generally, we should probably be thankful the hackers were more interested in making easy Bitcoin cash than looking to cause chaos on a social, political, or economic scale. The consequences of a rogue, compromised Trump tweet (for example) could .....Read More
If something appears too good to be true, then it usually is.
The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them. If something appears too good to be true, then it usually is.
This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber-attacks. More can always be done to improve cyber resilience and detect and respond to threats before they are able to cause damage – both to finances and reputation.
The wider question is: what else has been accessed? Is there more info to be released, like DMs?
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console.
Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spearphish the Admin, or perhaps that Admin opened a spoof internal Twitter email with a payload.....Read More
If you haven't changed your password on Twitter, now would be a good time.
Several years ago, there was a similar event where a few accounts were seemingly breached. It turned out to be a third party access system that was causing the issues.
This incident could be a similar situation on a much larger scale with these celebrity and blue check accounts. A much larger concerning notion could be cybercriminals have had access to these accounts or possibly worked their way into a Twitter employee account, and inevitably worked their way into the Twitter backend's.....Read More
Touching such high profile Twitter accounts should be tied to an approval process.
Providing great customer support for high profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover. However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access. Touching such high profile Twitter accounts should be tied to an approval process, where a single person can not act alone, without a detailed.....Read More
Whatever the source of the hack, this news should be a reminder to have a game plan in place.
If these hacks were via a third party, this is an important reminder that customers should always ask vendors, “How are you taking security serious? What necessary steps are being done? What’s the security policy?” All of these questions need to be taken into consideration. When it comes to purchasing third-party applications, is it safe? Do they keep things up to date? And how often do they update? Also, having some sort of vulnerability disclosure is important – this allows users to.....Read More
Building resilience towards social engineering attacks provides a significant line of defense.
The biggest and most technically adept companies in the world continue to become victims of these types of attacks for one reason – a lack of awareness among employees, enabling hackers to access infrastructure by preying on human vulnerabilities. Since the outbreak of COVID-19, we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems. The fact that so many employees have been working from home has.....Read More
Even if they have sat through security awareness training, when busy working, it’s hard to spot when a hack is taking place.
The fact that so many high profile accounts have been breached suggests that this probably wasn’t due to the individuals – such as Elon Musk, Joe Biden or Kanye West – having poor passwords, but is likely to have come about from a Twitter employee with privileged access. Unfortunately, it looks as though the breach has been extremely successful, and members of the public have been duped into sending large sums of money to a cybercriminal instead of their favourite celebrity. It is also.....Read More
We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.
Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were using multi-factor authentication and got hacked anyway. If the hackers do have access to the backend.....Read More
Twitter's description of the attack highlights the need to protect people within an organization at all costs.
Although this incident started with a social engineering attack, this is just the beginning. Once someone's account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter's systems, or spent time poking around, to learn how to backdoor into people's accounts and tweet on their behalf.
Twitter's description of.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@ Joe Skocich, VP of Global Sales and Marketing, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The advice from Twitter to “reset passwords” is expected and doesn’t get at the root of the problem. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-major-us-twitter-accounts-hacked-in-bitcoin-scam
Facebook Message
@ Joe Skocich, VP of Global Sales and Marketing, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The advice from Twitter to “reset passwords” is expected and doesn’t get at the root of the problem. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-major-us-twitter-accounts-hacked-in-bitcoin-scam