Just when you thought nothing else could go wrong in 2020, Twitter lands in the biggest hacking scam that involved some of the most powerful names in the world — Jeff Bezos, former President Barack Obama, Elon Musk, Kayne West, Bill Gates, Joe Biden, Warren Buffet as well as company accounts of Uber, Apple and notable crypto companies like Coinbase, Binance, Ripple among others. Twitter confirmed this to be “a coordinated social engineering attackOpens a new window by people who successfully targeted some of our employees with access to internal systems and tools.â€
Account Takeover Attacks Throw Twitter Into a Tizzy
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020Opens a new window
In what is clearly an Account Takeover attack (ATO), bitcoin spammers targeted 130 accounts to tweet about a cryptocurrency scam and defrauded them into sending 13 bitcoinOpens a new window (approximately USD $117,000) their way. While Twitter confirmed the investigation is ongoing, hackers hinted about an ‘insider activity’, carried out by paying off a Twitter employee which gaveOpens a new window them a certain level of access to internal systems.
Between the high-profile hack and public outcry, Twitter is being panned for its slow reaction to the intrusion which was first detected on July 15th, with tweets originating from Binance’s official account about a “partnered initiative for “CryptoForHealth†to give back “5000 BTC to the community†with a link to donate/send money.†Binance sounded the alarmOpens a new window on the scam and blocked Binance wallet addresses from depositing cryptocurrency into the hacker’s addresses.
What’s more worrying is that given Twitter’s massive reach and scale, the social media heavyweight was not aware of the hacking activities unfolding until corporate players and figures voiced security concerns about the malicious attack.
Troubled Times Ahead for Twitter
Social media hacks are not uncommon. Online scams such as phishing emails, malware, and ransomware scams abound and are on an upswing amid the pandemic. But what’s probably more jarring is how this coordinated crypto scam has spotlighted lack of security monitoring policies at Twitter. KuppingerCole’s Lead Analyst Alexei Balaganski wrote in a noteOpens a new window , “Does it imply that the company has no appropriate security monitoring tools in place, which would have at least alerted about suspicious behavioral anomalies in their network?â€
Well, if this really is an inside job, as Vice MotherboardOpens a new window claims, this could be even more damning for Twitter. Balaganski adds,Opens a new window “The idea of employees having unchecked access to powerful administration tools, giving them a potential ability to manipulate any account, access sensitive personal data, or even post on their behalf raises a lot of concerns.â€
And there are other troubling questions too. “Does Twitter even have any privileged access controls in place for these tools? How could it be compliant with regulations like GDPR and CCPA?†Balaganski noted.
Learn More: Why Cybersecurity Matters: The Equifax Data BreachOpens a new window
Beyond Twitter: Lessons for Enterprises
Twitter’s security failure has echoes of the high-profile 2016 Mirai botnet DDOS attack that was staged by three Minecraft players and caused widespread Internet outage. The Twitter hack has also drawn parallels with the 2019 Capital One data breach, purported to be an insider attack where more than 100 million Capital One customers’ accounts were compromised.
What does this mean for enterprises? Insider threats are touted to be the leading cause of data breaches in 2020 and the widespread shift to remote work has increased the likelihood of these malicious insider threats. While organizations are focused on securing data from external bad actors, the fact remains that they must also defend against employees — the weakest link in the cybersecurity chain. Remember, Twitter’s debacle happened when the hacker gained access to the admin tool, which means organizations will step up investment in the Privileged Access Management (PAM) tools.
There are other bigger concerns. In light of the attack, CISOs should review password management and authentication policies, and invest in keystroke monitoring and audit trails to ensure foolproof security against insider attacks. Cybersecurity expert and CEO of ApproyoOpens a new window Chris Carter told Toolbox a top way to fight back against insider threats is to bring on solutions and software that will monitor the keystrokes of your employees.
The human aspect aside, social media security is often an overlooked aspect in an organization’s cybersecurity strategy. The attack will prompt CISOs to take steps to strengthen the organization’s ‘digital risk posture’ by monitoring and identifying suspicious activity on corporate brands’ accounts, and have a response plan in place to remediate or restore accounts in case of external threats.
Do you think users will trust Twitter with their data after its massive security failure? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!