Experts Insight On Major US Twitter Accounts Hacked in Bitcoin Scam

It has been reported that Twitter accounts of billionaires Elon Musk, Jeff Bezos and Bill Gates and many other prominent figures are hacked in an apparent Bitcoin scam. The tweets generated from these high profile accounts are asking for donations in cryptocurrency.  It was a “co-ordinated” attack targeting Twitter employees with access to internal systems and tools. Industry leaders provide an insight into this breach below.


EXPERTS COMMENTS
Chloé Messdaghi, VP of Strategy,  Point3 Security
July 16, 2020
Whatever the source of the hack, this news should be a reminder to have a game plan in place.
If these hacks were via a third party, this is an important reminder that customers should always ask vendors, “How are you taking security serious? What necessary steps are being done? What’s the security policy?” All of these questions need to be taken into consideration. When it comes to purchasing third-party applications, is it safe? Do they keep things up to date? And how often do they ....
[Read More >>]
Costin Raiu, Director of GReAT,  Kaspersky
July 20, 2020
I believe that Twitter will work hard to close any security gaps that might have been used, making similar attacks really hard, if not impossible, to
The attack that happened earlier this week is possibly one of the worst security incidents at Twitter, if not the worst. We have seen compromises of high profile accounts in the past, which were used to post cryptocurrency-related scams, but they pale in comparison to this one. For instance, @Jack was hacked in 2019 through SIM-swap attacks, and President Trump's account was deleted by a Twitte ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 17, 2020
Chris Hauk, consumer privacy champion, Pixel Privacy
Early reports indicated the Twitter Bitcoin hack was enabled by "a coordinated social engineering attack" that targeted Twitter employees. This underscores how easy it is to fall for a social engineering attack, even if you're an employee of a social network and who should be more security conscious than your average office worker. The ability for a hacker to gain the ability to post on multipl ....
[Read More >>]
Steve Preston, Vice President, Marketing,  TrapX Security
July 17, 2020
Cybercriminals are using a “wait and learn” approach to gather intelligence and launch sophisticated attacks.
This week’s attack on Twitter was extremely sophisticated, and likely wasn’t an isolated incident. Coordinated attacks like these take time and resources to execute, so it’s likely the attackers had already gained a foothold on Twitter’s networks, and spent weeks - or even months - stealthily gathering intelligence before they made their public moves. This speaks to a larger trend we ....
[Read More >>]
Raif Mehment, VP EMEA,  Bitglass
July 17, 2020
Raif Mehmet, VP EMEA at Bitglass
Twitter's new work from home policy has clearly exposed information required by hackers to infiltrate key systems. A zero Trust CASB solution with multifactor authentication and SSO is essential to prevent these types of attacks when employees are accessing a labyrinth of both sanctioned and unsanctioned SAAS applications. Visibility alone into user activity is essential if forensics is to pinpoin ....
[Read More >>]
Tim Bandos, Vice President of Cybersecurity,  Digital Guardian
July 17, 2020
Regardless of how far or deep, Twitter’s first job is explaining exactly what transpired and why, and what will be done to repair what is now a damaged trust.
Insider driven attacks are the hardest nut to crack – whether they are malicious or unintentional because of the abuse of valid access. With Twitter acknowledging that inside role, the next question becomes – how was the act as invasive and possible at such scale? That seems to be a question whose answer lies in the insider tool used. What does that tool enable in terms of access and contro ....
[Read More >>]
Alex Valdivia, Director of Research,  ThreatConnect
July 17, 2020
The rogue tweets are no longer an issue at this point, but the root cause of the incident.
On Wednesday, hackers broadcast a cryptocurrency scam to hundreds of millions of Twitter users by tweeting from dozens of hijacked, high-profile Twitter accounts. Based on Twitter’s communications regarding the matter and other reporting, we know that the attack involved internal Twitter tools, changes of associated email accounts, and a website promoting a fake giveaway project supposedly organ ....
[Read More >>]
Tony Pepper, CEO,  Egress
July 17, 2020
Organisations have an opportunity to do more by understanding the ‘human layer’ of security, including breach personas and where different risks lie.
News today that Twitter has suffered a co-ordinated attack targeting its employees "with access to internal systems and tools" is deeply concerning. However, screenshots obtained from two sources who took over accounts which suggest that this breach was caused by an intentionally malicious insider adds an additional layer of concern and complexity to this saga. In our 2020 Insider Data Breach, ....
[Read More >>]
Nigel Thorpe, Technical Director,  SecureAge
July 17, 2020
A compromised user account still has access to data, but it remains encrypted all the time, even when in use.
The latest Twitter hack exposes the identity and access management vulnerability and the risk of administrator accounts being compromised, leaving data vulnerable. It appears that cybercriminals gained access to Twitter's internal network, then used an admin tool to control the user accounts of prominent individuals and organisations to post fraudulent messages. Using social engineering to gain ....
[Read More >>]
Mounir Hahad, Head ,  Juniper Threat Labs, Juniper Networks
July 17, 2020
Unless Twitter identifies the root cause and patches it, we could see similar attacks in the near future.
This is a very serious hack that could have resulted in a lot of damage in financial markets should a tweet have been attributed to a personality with influence like POTUS, the treasury secretary or the chairman of the Federal Reserve Bank. In a very short period of time, one of the bitcoin wallets saw more than 300 contributions, some at around $5,000, totaling over $118,000 in received funds. T ....
[Read More >>]
Lotem Finkelsteen, Head of Threat Intelligence,  Finkelsteen
July 17, 2020
This breach shows that in today’s world of increasing data loss events, organizations have little choice but to take action to protect sensitive data.
This is not the first time the privacy of Twitter users have been impacted by its employees, nor the first time that Twitter employees were responsible for sensitive data disclosure. The account of Twitter's own CEO Jack Dorsey was compromised a few months ago after his phone number was taken over in a SIM swapping attack. Last year, two employees were accused of abusing their access to internal ....
[Read More >>]
Tony Cole, CTO ,  Attivo Networks
July 17, 2020
it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter.
The Twitter attack is an interesting one and we were lucky the actors involved were interested in monetizing the compromise versus creating potential significant unrest through the high profile accounts that were impacted. On the technical side, it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter. How ....
[Read More >>]
Joe Skocich, VP of Global Sales and Marketing,  Identité
July 17, 2020
The advice from Twitter to “reset passwords” is expected and doesn’t get at the root of the problem.
These Twitter hacks are an example of how hackers can get around various methods of security, including the strongest passwords and even two-factor authentication. The advice from Twitter to “reset passwords” is expected and doesn’t get at the root of the problem. Major social media companies need to be implementing stronger methods of authentication to secure users - and not just relying on ....
[Read More >>]
Logan Kipp, Director,  SiteLock
July 17, 2020
Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority.
With any compromise, the targeted business jeopardizes losing user trust. The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors. Cybercriminals were able to access the high-profile accounts by tricking employees via a “coordinated social engineering attack” into giving up their credentials. Twitter, and any bus ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
July 17, 2020
While there are no guarantees, this is the formula even in the case of an Achilles Heel type of exploit or vulnerability.
Twitter is garnering headlines today, but they aren't the first and won't be the last social media platform to suffer a breach. Today, many brands and people are immune to embarrassment around cyber: it’s a Teflon effect. In this case, the celebrities and figureheads' reputations and brand strength are being abused; but they aren’t exhibiting arrogance, overconfidence and most importantly don ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
July 17, 2020
The Twitter hack demonstrated the real risks when employees have the ability to impersonate users.
The Twitter hack demonstrated the real risks when employees have the ability to impersonate users. In this case, Twitter has disclosed that their hack originated with a social engineering attack targeting key employees with administrative access to the tweet streams of verified users. Given the importance someplace on the tweets of celebrities and elected officials, we’re lucky that the attacker ....
[Read More >>]
Tarik Saleh, Senior Security Engineer and Malware Researcher,  DomainTools
July 17, 2020
It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam.
In post-exploitation scenarios, we can understand what the attackers' motives are. In this case, these attackers are an outwardly financially motivated group leveraging some of the most popular Twitter accounts in a simple cryptocurrency scam. It is extremely unlikely that these hijacked Twitter accounts were only used, in a small window of time, to spread a cryptocurrency scam. We can, and should ....
[Read More >>]
Joseph Carson, Chief Security Scientist & Advisory CISO,  Thycotic
July 16, 2020
Joe Carson, Chief Security Scientist & Advisory CISO, Thycotic
The Twitter attack is an interesting one and we were lucky the actors involved were interested in monetizing the compromise versus creating potential significant unrest through the high profile accounts that were impacted. On the technical side, it’s impossible to state specifically at this point in time how the systems were taken over since we don’t have the internal details from Twitter. How ....
[Read More >>]
Loïc Guézo, Senior Director, CyberSecurity Strategy SEMEA,  Proofpoint
July 16, 2020
To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response.
While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin. People are still the main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this sca ....
[Read More >>]
Dan Panesar, Director UK & Ireland,  Securonix
July 16, 2020
The complexity of internal systems within organisations presents a vastly increased attack surface.
The Twitter hack looks a classic case of insider threat. The insider’s behaviour can be malicious, complacent, or ignorant, which in turn amplifies the impact to the organisation resulting in monetary and reputation loss. Using traditional technologies – such as data loss prevention( DLP) tools, privileged access management (PAM) solutions, and other point solutions – is not sufficient to d ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
July 16, 2020
Although changing account passwords would be a good idea, it wouldn’t have been enough to stop this hack.
This appears to be the biggest hack involving a social media platform yet, and it was carried out with good old fashioned social engineering at the heart of it. Rather than going for the account holders themselves, the hackers went for the source and decided to hijack a number of twitter employees who are granted unprecedented access into any account they choose. Acting like a help desk, these e ....
[Read More >>]
Chris Boyd, Lead Malware Intelligence Analyst,  Malwarebytes
July 16, 2020
The consequences of a rogue, compromised Trump tweet (for example) could be devastating.
This attack is a stark reminder of just how fragile platform security can be, and that despite our best efforts at locking accounts down individually, it's all for nothing if things go wrong behind the scenes. Given how much Twitter drives conversation generally, we should probably be thankful the hackers were more interested in making easy Bitcoin cash than looking to cause chaos on a social, pol ....
[Read More >>]
George Glass, Head of Threat Intelligence,  Redscan
July 16, 2020
If something appears too good to be true, then it usually is.
The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them. If something appears too good to be true, then it usually is. This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber-attacks. More can always be done to improve cyber resilience and detect and r ....
[Read More >>]
Colin Bastable, CEO ,  Lucy Security
July 16, 2020
The wider question is: what else has been accessed? Is there more info to be released, like DMs?
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console. Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spe ....
[Read More >>]
James McQuiggan, Security Awareness Advocate,  KnowBe4
July 16, 2020
If you haven't changed your password on Twitter, now would be a good time.
Several years ago, there was a similar event where a few accounts were seemingly breached. It turned out to be a third party access system that was causing the issues. This incident could be a similar situation on a much larger scale with these celebrity and blue check accounts. A much larger concerning notion could be cybercriminals have had access to these accounts or possibly worked their way ....
[Read More >>]
Todd Peterson, IAM evangelist,  One Identity
July 16, 2020
Touching such high profile Twitter accounts should be tied to an approval process.
Providing great customer support for high profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover. However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access. Touching such high profile Twitter accounts should ....
[Read More >>]
Stuart Reed, UK Director,  Orange Cyberdefense
July 16, 2020
Building resilience towards social engineering attacks provides a significant line of defense.
The biggest and most technically adept companies in the world continue to become victims of these types of attacks for one reason – a lack of awareness among employees, enabling hackers to access infrastructure by preying on human vulnerabilities. Since the outbreak of COVID-19, we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick thei ....
[Read More >>]
Shorful Islam, Chief Product & Data Officer,  OutThink
July 16, 2020
Even if they have sat through security awareness training, when busy working, it’s hard to spot when a hack is taking place.
The fact that so many high profile accounts have been breached suggests that this probably wasn’t due to the individuals – such as Elon Musk, Joe Biden or Kanye West – having poor passwords, but is likely to have come about from a Twitter employee with privileged access. Unfortunately, it looks as though the breach has been extremely successful, and members of the public have been duped into ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
July 16, 2020
For those accounts that were apparently compromised, it would be valuable if they could provide details on the method of attack.
For those accounts that were apparently compromised, it would be valuable if they could provide details on the method of attack. Doing so would allow everyone to ensure that the attack vector used can’t be successfully replicated again. For those who may have been tempted to send Bitcoin to the address, it should be noted that the old adage of “if it appears too good to be true” likely appli ....
[Read More >>]
Michael Borohovski, Director of Software Engineering,  Synopsys
July 16, 2020
We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.
Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were usi ....
[Read More >>]
Ed Bishop, CTO,  Tessian
July 16, 2020
Twitter's description of the attack highlights the need to protect people within an organization at all costs.
Although this incident started with a social engineering attack, this is just the beginning. Once someone's account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter's systems, or spent time poking around, to le ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article