Following the news of the Twitter cyber attacks, please find below advisory comment from David Emm, principal security researcher at Kaspersky Lab, who provides insight on why Twitter believes these attacks were “state-sponsored”.
It has been revealed that Twitter has sent warnings to a number of users because their accounts may have been hacked by “state-sponsored actors”, who they believe have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers. This potential attack underlines the importance of not over-sharing in social networks: i.e. not posting anything sensitive that could be used by a would-be attacker, and also making sure your account is secure should an attacker wish to target you.
If you wouldn’t like to see something on the front page of a national newspaper, it’s best not to share it on Twitter or in any other social network. This includes information about the company you work for in case it could be used by an attacker to sneak their way into your employer’s network. This is evidenced in the Twitter attack, as it is believed that many of the users targeted work for, or are active in, activism and privacy groups, or those using Tor, the browser used to access the web anonymously. Targeted attacks of all kinds use social engineering tricks to gain an initial foothold in the organisation they want to attack, so it would be interesting to know why Twitter believes these attacks are “state-sponsored”. No one should assume that their social network accounts are immune from attack just because they think no nation-state could possibly be interested in them, and it is important to remember that you lose control instantly of anything you post online as it becomes public property.
I would recommend that anyone using Twitter takes this opportunity to change their password – including changing them on any other sites where the same password has been used. It’s a growing concern that many use the same password and personal details across multiple online accounts, meaning that if their details have been compromised by one attack they could find other accounts suffer too.
Customers should also be cautious about any e-mails they receive purporting to be from Twitter. The hackers behind the attack may already have been able to formulate phishing emails, so consumers must think carefully about whether the emails they receive are legitimate. I would caution against clicking links in emails you are unsure of – it’s always better to type the website address manually, to avoid the risk of being redirected to a phishing site. People should also be aware that scammers may also approach people via telephone, claiming to be from Twitter and requesting remote access to the computer. Do not give out any of your personal details, or access to your computer, to anyone.
About David Emm
David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon’s Software, and Systems Engineer and Product Manager at McAfee. In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security. David is a knowledgeable advisor on all aspects of online security.