Account Takeover Attacks Cause Chaos @ Twitter
By The PhishLabs Team | July 16, 2020
On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams?
Threat actors claiming to be involved in the account takeovers have indicated the hack was carried out by paying off a Twitter employee
with access to internal systems. In response, Twitter locked down the affected accounts and removed the offending posts. They are investigating the full extent of the breach.
Elon Musk’s Twitter account was one of many taken over by cybercriminals to promote cryptocurrency scams.
Tuesday’s Twitter hack is a high profile demonstration of threat actors targeting and using social media accounts as part of their scams. Security leaders should expect questions about it. Various corporate stakeholders including senior executives and board members will want to know the risk this incident poses. They will also need to know what, if any, additional steps are being taken to mitigate the risk.
When a social media platform is compromised in this way, accounts can be taken over regardless of how social media users authenticate and protect their accounts. Enterprises can mitigate the risk by focusing on detection and response. Monitoring social media accounts
of their brands and executives for suspicious behavior (such as promoting cryptocurrency scams) can identify incidents early. Having a response process in place that defines how to escalate the account takeover, take down offending posts, and restore account ownership will expedite remediation and mitigate the impact.
That said, it is rare that threat actors compromise a social media platform itself. Attacks take place on social media all the time that are just as impactful (if not more). Threat actors frequently impersonate brands
on social media to carry out fraud. They increasingly use social media to distribute malware and phishing attacks. Social media is also prime territory for publishing leaked data, stolen credentials, PII, etc.
This Twitter hack brings social media threats into focus. It is a wakeup call for many enterprises that have overlooked social media risk. And it is an opportunity for security leaders to take proactive steps to improve their organization’s digital risk posture.