03.08.2020
03.08.2020
SCOPE OF THE DISASTER
Hackers targeted about 130 Twitter accounts. By the time the service swung into action to combat the cyberattack, hackers managed to get access to 45 of 130 accounts and reset passwords, change related email addresses, log in to the accounts, and send tweets.
Attackers tweeted similar posts luring users to earn bitcoins, acting like typical scammers disguised as popular brands and celebrities: Apple, Microsoft Founder Bill Gates, notable investor Warren Buffett, Amazon CEO Jeff Bezos, Tesla and SpaxeX Founder Elon Musk, ex-president of the US Barack Obama, and many others. The scam generated more than $118,000 just in a couple of hours.
British and American hackers confirmed they did the job guided by a user named "Kirk", a mastermind behind the entire attack, who claimed to work at Twitter. It was Kirk who was taking money out of the tweeted bitcoin wallet, The New York Times reported on July 17.
According to NYT, Kirk contacted two other hackers "lol" and "ever so anxious" in a chat on Discord, offering to help him selling one-letter or number Twitter screen names, mostly owned by early users. Some cybercriminals make a living by hacking such short-name accounts and reselling them for thousands of dollars. In one of the first transactions, Twitter attackers made $1,500 in Bitcoin by selling the Twitter user name @y.
DECOMPOSING THE PROBLEM
On early July 14, more and more people were willing to buy a short screen name, while Kirk was increasing the price tag on his services, as he was able to quickly break into practically any account and even shared screenshots to prove he got access to Twitter’s back end. It became possible by getting into Twitter’s internal Slack messaging channel. Meanwhile, Twitter is removing the screenshot from its platform, sometimes blocking users from sharing it any further.
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” says the official Twitter update on security incident of July 18. Twitter also claims that "the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through two-factor protections."
This successful attack has been composed of a set of problems:
Weak security for remote work + lack of brand protection services + socially engineered employees
A recipe for Twitter disaster
COUNTERACTION
Problem: Weak security for remote work
Solution: Remote employees face higher risks due to unsupervised software installation, malicious websites, and unsecured internet connection. To ensure colleagues' security, information security specialists take advantage of remote access encryption, mobile protection tools, secure remote access gateways, and virtual desktops.
Problem: Lack of brand protection services
Solution: Brand Protection is a brand abuse prevention service that identifies attacks on the client’s brand and detects phishing sites and mobile applications, fraud social media accounts and groups. Social media communities illegally using a corporate brand are detected and closed as well. A strong advantage of Brand Protection is effective aftermath handling and brand reputation loss prevention.
Problem: Socially engineered employees
Solution: Training employees and testing their ability to counter social engineering.