Shattering the fake sense of security in tech, the recent Twitter hack highlighted altruism, greed, fame, social engineering through SIM swapping and insider threats to rob $120,000 from victims causing the political and economic damage.
Targeting influential celebrities on Twitter, cyber hackers orchestrated a social engineering-based attack promoting a cryptocurrency scam. Business leaders, politicians, celebrities, and billionaires’ accounts were hacked using Twitter’s administrative tools, coming as a shock for all.
Personal Twitter accounts that got hacked include those of Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Joe Biden, President Barack Obama, Warren Buffet, Bill Gates, and others. Shockingly, Apple and Uber’s Twitter accounts also got hacked.
SIM swapping allows the threat actors to trick, coerce, or bribe employees of their victims to get easy access to administrative tools and privileged account credentials, to change the mail address of each targeted account.
The two-factor authentication was turned down so that an account change alert could be sent to the hacker’s email address. With the targeted accounts being under complete control, hackers began promoting their cryptocurrency scam.
Though, initially, this seemed to be a massive credential-based attack, because 80% of the data breaches track today back to privilege access abuse. They typically first get triggered by phishing attacks, which remain the precursor to multiple attacks where the attackers try to capture such credentials and then leverage them to attack the victim’s organizations.
As more information became available, with screenshots being shared of internal Twitter tools, the red flags were visible. The typical attack pattern experienced were in three distinct phases in the cyber-attack lifecycle – compromise, exploration phase, and the exfiltration of private data, which includes covering up all tracks and potentially establishing a backdoor for future attacks.
As was later confirmed by Twitter, this was a case of insider threats, where an insider is used for this attack, having both intent and motivation involved. Considering the current global environment and related economic hardships, the insider threats scenario has worsened, as pending absences or pay cuts may tempt employees to exfiltrate data to get a new job or make up for income losses.
But, this situation turned out to be confusing as the first suspicion was phishing attacks, followed by compromised credentials and later turning out to be an insider threat. Firms need to be prepared for all eventualities.
Organizations have to reconsider the way that they’ve structured their defense controls and take an approach of an in-depth strategy with various layers of defenses. The primary layer for multi-factor authentication (MFA) still remains as low-hanging fruit.
There are still multiple businesses out there that are not taking adequate advantage of implementing MFA. Organizations need to go further beyond MFA if they wish to have a layered security strategy.
There has been an uptick in cyber threats since the start of the pandemic. Some of them also targeted social media platforms, but others might be a little bit smarter as social media is easily detectable if something goes wrong.