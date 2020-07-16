It has been reported that Twitter accounts of billionaires Elon Musk, Jeff Bezos and Bill Gates and many other prominent figures are hacked in an apparent Bitcoin scam. The tweets generated from these high profile accounts are asking for donations in cryptocurrency. It was a “co-ordinated” attack targeting Twitter employees with access to internal systems and tools. Industry leaders provide an insight into this breach below.
EXPERTS COMMENTS
Loïc Guézo, Senior Director, CyberSecurity Strategy SEMEA, https://www.proofpoint.com/
July 16, 2020
To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response.
While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin. People are still the main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this sca ....While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin. People are still the main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money. To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response. Threat actors understand human nature and are unrelentingly focused on taking advantage of our society’s trust in digital channels.
[Read More >>]
[Read More >>]
Dan Panesar, Director UK & Ireland, Securonix
July 16, 2020
The complexity of internal systems within organisations presents a vastly increased attack surface.
The Twitter hack looks a classic case of insider threat. The insider’s behaviour can be malicious, complacent, or ignorant, which in turn amplifies the impact to the organisation resulting in monetary and reputation loss. Using traditional technologies – such as data loss prevention( DLP) tools, privileged access management (PAM) solutions, and other point solutions – is not sufficient to d ....The Twitter hack looks a classic case of insider threat. The insider’s behaviour can be malicious, complacent, or ignorant, which in turn amplifies the impact to the organisation resulting in monetary and reputation loss. Using traditional technologies – such as data loss prevention( DLP) tools, privileged access management (PAM) solutions, and other point solutions – is not sufficient to detect insider threat behaviour today. The complexity of internal systems within organisations presents a vastly increased attack surface, which requires advanced security analytics that utilise purpose-built algorithms to detect specific user behaviour anomalies. Why do we need to look at the connected behaviours of users? Well, typically, an exfiltration attempt like this is preceded by a data snooping activity, so being able to spot these ‘abnormal' behaviours in advance greatly reduces the likelihood of the actual data theft being successful. In order to detect this type of abuse, which is an important insider threat for companies to combat, organisations like Twitter need to deploy multi-stage detection, which combines a rare occurrence of an event in conjunction with anomalies that indicate suspicious or abnormal behaviour. This approach will prove to be way more effective since it combines all the deviations from what is deemed as “normal” behaviour for accounts, users, and systems.
[Read More >>]
[Read More >>]
Jake Moore, Cybersecurity Specialist, ESET
July 16, 2020
Although changing account passwords would be a good idea, it wouldn’t have been enough to stop this hack.
This appears to be the biggest hack involving a social media platform yet, and it was carried out with good old fashioned social engineering at the heart of it. Rather than going for the account holders themselves, the hackers went for the source and decided to hijack a number of twitter employees who are granted unprecedented access into any account they choose. Acting like a help desk, these e ....This appears to be the biggest hack involving a social media platform yet, and it was carried out with good old fashioned social engineering at the heart of it. Rather than going for the account holders themselves, the hackers went for the source and decided to hijack a number of twitter employees who are granted unprecedented access into any account they choose. Acting like a help desk, these employee accounts were enabled to use a specific admin tool and do whatever they wanted, which is likely to be a problem for many businesses. Some organisations lend an incredible amount of trust to certain employees. However, although they may be trusted to not compromise an account themselves, it must be taken into consideration that the employees could be targeted by criminal hackers. This appears to be a huge combination of unfortunate errors involving targeted employees. Working from home is also likely to have added a further strain, as it can make social engineering attacks much easier to fall for when there is not a local soundboard sitting next to you. Although changing account passwords would be a good idea, it wouldn’t have been enough to stop this hack. Make sure you check your email address is still the one connected to your account. The real awareness, however, lies in educating Twitter users to use caution. When a message like this seems too good to be true, it probably is, regardless of who has posted it. Bitcoin doubling schemes are synonymous with the criminal fraternity and must be avoided and reported where possible.
[Read More >>]
[Read More >>]
Chris Boyd, Lead Malware Intelligence Analyst, Malwarebytes
July 16, 2020
The consequences of a rogue, compromised Trump tweet (for example) could be devastating.
This attack is a stark reminder of just how fragile platform security can be, and that despite our best efforts at locking accounts down individually, it's all for nothing if things go wrong behind the scenes. Given how much Twitter drives conversation generally, we should probably be thankful the hackers were more interested in making easy Bitcoin cash than looking to cause chaos on a social, pol ....This attack is a stark reminder of just how fragile platform security can be, and that despite our best efforts at locking accounts down individually, it's all for nothing if things go wrong behind the scenes. Given how much Twitter drives conversation generally, we should probably be thankful the hackers were more interested in making easy Bitcoin cash than looking to cause chaos on a social, political, or economic scale. The consequences of a rogue, compromised Trump tweet (for example) could be devastating.
[Read More >>]
[Read More >>]
George Glass, Head of Threat Intelligence, Redscan
July 16, 2020
If something appears too good to be true, then it usually is.
The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them. If something appears too good to be true, then it usually is. This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber-attacks. More can always be done to improve cyber resilience and detect and r ....The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them. If something appears too good to be true, then it usually is. This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber-attacks. More can always be done to improve cyber resilience and detect and respond to threats before they are able to cause damage – both to finances and reputation.
[Read More >>]
[Read More >>]
Colin Bastable, CEO , Lucy Security
July 16, 2020
The wider question is: what else has been accessed? Is there more info to be released, like DMs?
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console. Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spe ....It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console. Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spearphish the Admin, or perhaps that Admin opened a spoof internal Twitter email with a payload designed to harvest his credentials. The targets will not garner much sympathy from the wider Twitterati, as we already see on social media. The world waits to see if The Donald’s account was hacked. The wider question is “what else has been accessed? Is there more info to be released, like DMs?” It is highly unlikely that Biden or Obama run their Twitter accounts – they have operatives to do that, so probably not much private gold to be mined at that level. Black eye for @Jack.
[Read More >>]
[Read More >>]
James McQuiggan, Security Awareness Advocate, KnowBe4
July 16, 2020
If you haven't changed your password on Twitter, now would be a good time.
Several years ago, there was a similar event where a few accounts were seemingly breached. It turned out to be a third party access system that was causing the issues. This incident could be a similar situation on a much larger scale with these celebrity and blue check accounts. A much larger concerning notion could be cybercriminals have had access to these accounts or possibly worked their way ....Several years ago, there was a similar event where a few accounts were seemingly breached. It turned out to be a third party access system that was causing the issues. This incident could be a similar situation on a much larger scale with these celebrity and blue check accounts. A much larger concerning notion could be cybercriminals have had access to these accounts or possibly worked their way into a Twitter employee account, and inevitably worked their way into the Twitter backend's administrative systems. Either way, people using Twitter will want to monitor their accounts for suspicious activity, disregard anyone's request to send money towards a match with Bitcoin or other cryptocurrencies. If you haven't changed your password on Twitter, now would be a good time.
[Read More >>]
[Read More >>]
Todd Peterson, IAM evangelist, One Identity
July 16, 2020
Touching such high profile Twitter accounts should be tied to an approval process.
Providing great customer support for high profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover. However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access. Touching such high profile Twitter accounts should ....Providing great customer support for high profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover. However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access. Touching such high profile Twitter accounts should be tied to an approval process, where a single person can not act alone, without a detailed explanation and an approval by a superior. A modern record-and-review monitoring system would have also stopped the lone actor in their tracks by flagging the highly unusual activity and helping to retrace and undo their steps.
[Read More >>]
[Read More >>]
Chloé Messdaghi, VP of Strategy, Point3 Security
July 16, 2020
Whatever the source of the hack, this news should be a reminder to have a game plan in place.
If these hacks were via a third party, this is an important reminder that customers should always ask vendors, “How are you taking security serious? What necessary steps are being done? What’s the security policy?” All of these questions need to be taken into consideration. When it comes to purchasing third-party applications, is it safe? Do they keep things up to date? And how often do they ....If these hacks were via a third party, this is an important reminder that customers should always ask vendors, “How are you taking security serious? What necessary steps are being done? What’s the security policy?” All of these questions need to be taken into consideration. When it comes to purchasing third-party applications, is it safe? Do they keep things up to date? And how often do they update? Also, having some sort of vulnerability disclosure is important – this allows users to report vulnerabilities they’ve found in real-time so that they can be addressed quickly. If these hacks weren’t via a third party, that’s a whole different ballpark. This might mean it happened to a Twitter employee – perhaps someone gained access through an employee’s account. In this instance, organizations should be reminded to make sure their team members know how to secure themselves. They need to be trained and understand why it’s important to be trained to stay safe for everyday usage for not only their own privacy rights, but for the company as well. When it comes to security response plans, I know that IBM’s recent study found that 74% of organizations report their plans are either ad-hoc, inconsistent, or completely non-existent, and only 1/3 of organizations had some sort of playbook in place for an attack – which is so scary. As companies, we’re literally failing our customers. These numbers say that we’re failing our customers. Companies put so much money and time into marketing, sales, etc., and we totally forget about security. A data breach costs a company on avg $8.19 million in the U.S. Whatever the source of the hack, this news should be a reminder to have a game plan in place. Twitter should have a game plan in place. Companies should revisit their security game plans, reinforce security training, and make sure that every single team member knows that they each hold a key that can bring down the entire company.
[Read More >>]
[Read More >>]
Stuart Reed, VP , Nominet
July 16, 2020
Building resilience towards social engineering attacks provides a significant line of defense.
The biggest and most technically adept companies in the world continue to become victims of these types of attacks for one reason – a lack of awareness among employees, enabling hackers to access infrastructure by preying on human vulnerabilities. Since the outbreak of COVID-19, we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick thei ....The biggest and most technically adept companies in the world continue to become victims of these types of attacks for one reason – a lack of awareness among employees, enabling hackers to access infrastructure by preying on human vulnerabilities. Since the outbreak of COVID-19, we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems. The fact that so many employees have been working from home has increased the risk of social engineering - an increased dependence on ‘virtual’ communications like email, video conferencing, and calls, renders users more vulnerable to social engineering attacks. Technical countermeasures against phishing attempts and detecting malicious activities today are much more robust than they have been in the past. The human, on the other hand, is more complex and hard to predict in certain scenarios while easy to manipulate in others. Security awareness educates employees about manipulative techniques that might be used against them and also highlights the benefits of adapting their information security behaviour. Building resilience towards social engineering attacks provides a significant line of defense.
[Read More >>]
[Read More >>]
Shorful Islam, Chief Product & Data Officer, OutThink
July 16, 2020
Even if they have sat through security awareness training, when busy working, it’s hard to spot when a hack is taking place.
The fact that so many high profile accounts have been breached suggests that this probably wasn’t due to the individuals – such as Elon Musk, Joe Biden or Kanye West – having poor passwords, but is likely to have come about from a Twitter employee with privileged access. Unfortunately, it looks as though the breach has been extremely successful, and members of the public have been duped into ....The fact that so many high profile accounts have been breached suggests that this probably wasn’t due to the individuals – such as Elon Musk, Joe Biden or Kanye West – having poor passwords, but is likely to have come about from a Twitter employee with privileged access. Unfortunately, it looks as though the breach has been extremely successful, and members of the public have been duped into sending large sums of money to a cybercriminal instead of their favourite celebrity. It is also unclear what kind of access the hackers have on these accounts, so the effects may be felt well beyond this one scam. Breaches like this show that cybercrime can happen to anyone, even if you work at a large tech company, such as Twitter, where you would think employees are more clued in about cybercrime than in other industries. But, we shouldn’t be blaming users – the hack is likely to have been very sophisticated and incredibly difficult to spot, involving sophisticated social engineering. Even if they have sat through security awareness training, when busy working, it’s hard to spot when a hack is taking place. Instead, we should be getting to know users – who are posing the greatest risk and why? Are users complying with policies? Which users exhibit risky behaviours? Or who poses a potential risk? By getting to know their users, CISOs can create accurate risk profiles and make targeted, personal interventions, such as limiting access or deploying multi-factor authentication to potentially high-risk individuals to ensure that incidents like this don’t occur again.
[Read More >>]
[Read More >>]
Tim Mackey, Principal Security Strategist, Synopsys CyRC
July 16, 2020
For those accounts that were apparently compromised, it would be valuable if they could provide details on the method of attack.
For those accounts that were apparently compromised, it would be valuable if they could provide details on the method of attack. Doing so would allow everyone to ensure that the attack vector used can’t be successfully replicated again. For those who may have been tempted to send Bitcoin to the address, it should be noted that the old adage of “if it appears too good to be true” likely appli ....For those accounts that were apparently compromised, it would be valuable if they could provide details on the method of attack. Doing so would allow everyone to ensure that the attack vector used can’t be successfully replicated again. For those who may have been tempted to send Bitcoin to the address, it should be noted that the old adage of “if it appears too good to be true” likely applies to these types of offers.
[Read More >>]
[Read More >>]
Michael Borohovski, Director of Software Engineering, Synopsys
July 16, 2020
We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.
Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were usi ....Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application. Indeed, some of the accounts (Tyler Winklevoss, for example) have confirmed they were using multi-factor authentication and got hacked anyway. If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction, albeit a very profitable one. We haven't seen data on this, and won't until a post-mortem is released by Twitter, but it's a possibility.
[Read More >>]
[Read More >>]
Ed Bishop, CTO, Tessian
July 16, 2020
Twitter's description of the attack highlights the need to protect people within an organization at all costs.
Although this incident started with a social engineering attack, this is just the beginning. Once someone's account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter's systems, or spent time poking around, to le ....Although this incident started with a social engineering attack, this is just the beginning. Once someone's account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter's systems, or spent time poking around, to learn how to backdoor into people's accounts and tweet on their behalf. Twitter's description of the attack highlights the need to protect people within an organization at all costs. Social engineering attacks - often a spear-phishing email that impersonates a trusted party - are designed to trick or persuade an employee to visit a fraudulent website that then steals credentials, or installs malware. This incident also shows the importance of limiting permissions for administrators.
[Read More >>]
[Read More >>]
[Read More >>]