Hacking of Indian PM Narendra Modi’s Twitter account — Expert Insight

Here’s a comment from leading cyber-security vendor Check Point on the news that a Twitter account of Indian Prime Minister Narendra Modi has been hacked.

Subscribe
Notify of
guest
5 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
September 4, 2020 7:15 pm

With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage.

Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack Obama, Jeff Bezos and Elon Musk. This raises the question of whether platforms are doing enough to keep our information safe.

The previous Twitter attack was reportedly initiated by the hacker gaining access to the Twitter administrative tool likely through a compromised employee account, and, should this be the same, it again demonstrates how employees and contractors are a weak link with regards to security in an organisation. In order to limit the impact of these attacks, the key focus should be on a strong education programme to improve employee vigilance. From a risk mitigation perspective, as well as awareness training, companies should follow the principle of least privilege (reportedly 1000 twitter employees and contractors previously had ‘God Mode’ access) and they should be sure to invest in sophisticated cybersecurity solutions and services to bolster their cyber resilience.

Last edited 2 years ago by Matt Aldridge
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
September 4, 2020 7:12 pm

With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage.

Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack Obama, Jeff Bezos and Elon Musk. This raises the question of whether platforms are doing enough to keep our information safe.

The previous Twitter attack was reportedly initiated by the hacker gaining access to the Twitter administrative tool likely through a compromised employee account, and, should this be the same, it again demonstrates how employees and contractors are a weak link with regards to security in an organisation. In order to limit the impact of these attacks, the key focus should be on a strong education programme to improve employee vigilance. From a risk mitigation perspective, as well as awareness training, companies should follow the principle of least privilege (reportedly 1000 twitter employees and contractors previously had ‘God Mode’ access) and they should be sure to invest in sophisticated cybersecurity solutions and services to bolster their cyber resilience.

Last edited 2 years ago by Matt Aldridge
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
September 4, 2020 9:03 am

Social media accounts, particularly those with large influence, are among the most valuable digital assets around. If criminals gain access to them, they can not only perpetrate fraud, such as asking unsuspecting followers to pay cryptocurrency under false pretenses – but they can spread disinformation, lies, or social engineer others via private messages.

It\’s therefore vitally important that organisations, vendors, and users, take all steps necessary to protect their social media accounts. For users, this includes, but is not limited to ensuring passwords are strong and not reused and enabling MFA where it is available. Additionally, users of social media accounts should be wary of links sent to them, or messages which are unexpected or appear out of the ordinary. Remaining vigilant online at all times is essential to help prevent being a victim of online scams, fraud, and even corporate espionage.

Last edited 2 years ago by Javvad Malik
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
September 4, 2020 9:01 am

Trust and Security is a joint relationship between Technology platform providers and individual/end-users using the platform. While it’s vital that Twitter’s corporate environment is secure, it’s also important to look at this breach from a High-Value end-user targeted perspective also. Those Twitter users considered “High-Value Targets” such as Modi, must stay security conscious around the clock and make decisions to protect themselves and limit their personal risk. After all, with such a public-facing user, the knock-on effects of a hack on a social media account could be potentially devastating, revealing sensitive direct message conversations, or tricking people into Bitcoin scams such as this.

They can do this by actively making personal risk-based decisions when using social media services, either personally or via their social media teams. These decisions could include making sure they adhere to security best practices such as password hygiene, limiting access to their accounts to as few devices/individuals as possible, and applying two-factor authentication on all loops, tools, and logins.

Last edited 2 years ago by Niamh Muldoon
Derek Middlemiss
Derek Middlemiss , Cyber security Evangelist
InfoSec Expert
September 4, 2020 8:47 am

The hacking of the Indian Prime Minister’s Twitter account indicates that coordinated social engineering attacks are fast becoming a norm. We’ve now seen several instances of these attacks on Twitter, such as the celebrity accounts hacked in July this year. Twitter has long been the de-facto platform for people with the coveted blue check-mark, such as politicians, journalists, executives, and celebrities who make news and shape culture. It is primarily that large-scale influence that makes the social media platform such an attractive target for hackers.

It’s important to understand that Twitter is not the only social media platform at high risk of cyber-attacks. WhatsApp and TikTok, for example, are equally at high risk. With so much traction, data, and speed of information travel, hackers can design some of the most sophisticated cyber-attacks to execute on the masses. In the past, Check Point researchers discovered security flaws on both WhatsApp and TikTok. The truth is that end users are the weakest link.

To stay safe, users of Twitter and other social media platforms should install anti-virus software and email filters. These will block sophisticated phishing attacks and prevent lateral cyber-attacks within an organization by scanning and blocking internal threats in real-time. Social media users should also double check a website\’s security before entering any sensitive information by looking for a URL that begins with \”https\” and properly spells the name out of the website, which indicates that a site is secure.

Last edited 2 years ago by Derek Middlemiss
5
0
Would love your thoughts, please comment.x
()
x