One more hack and this one is the biggest social media cyberattack with 130 accounts hacked but unfortunately, this is not the first time when Twitter got hacked. In 2017, an employee deleted President Donald Trump’s account on his last day of work. Last year hackers were successful in hijacking the account of Jack Dorsey Twitter CEO. By the SIM swap attack on AT&T, a mobile provider of the phone number tied to Jack Dorsey’s account.
It all started after a tweet requesting for donations in the cryptocurrency from the official accounts of Apple & Uber followed by Tesla CEO – Elon Musk and Microsoft co-founder Bill Gates then hackers took over accounts of Barak Obama, Biden, Mike Bloomberg, Amazon CEO – Jeff Bezos, Floyd Mayweather, entertainers Kanye West and wife Kim Kardashian and many more well-known personalities.
Twitter also revealed that hackers have downloaded personal information including the private messages, email accounts, address book, images & videos attached to private messages of up to 8 individuals.
The tweet noted “All Bitcoin sent to the address below will be sent back double! If you send $1000, I will send back $2000. Only doing this for 30 minutes. [the link]. Enjoy!”
What is the impact of Twitter hack?
It could be one of the most expensive tweets in history.
This time with the hack of high profile public figures, executives and celebrities twitter accounts raised so many questions on cybersecurity. Hackers started tweeting out links to bitcoins scams. It was reported that in just 24 hours of time bitcoin wallet got a value of $120,000 through 518 transactions by Chain analysis, a research company that tracks the movement of cryptocurrencies.
The stock market value of Twitter has gone down. This is not an only financial loss but reputation loss also. And the followers lost their money by falling into this trap.
Is it just a smokescreen of a big incident or is it over? We will come to know as time goes by.
But we need to understand the reasons behind it. For now, there are no details on how this happens.
What could be possible ways to hack Twitter?
Hackers got access into an internal Twitter administrative tool by one or all of the reasons mentioned below:
Hackers tricked an employee with spear-phishing scam & steal the password of Twitter’s system administrators.
Someone coerced an employee to provide access.
Coordinated social engineering attack on some employees having access to administrative tools.
By bribing employees.
Hackers might exploit a vulnerability in a particular operating system and might have got access to every computer that runs on that system’s software.
Not having strong Privileged Access Management Solutions, otherwise, it should raise the flag if there is any change in the popular Twitter accounts.
After getting access to the Twitter administrative tool then they might have hacked these 130 popular Twitter accounts with Sim Swapping.
What is Sim Swapping?
Sim Swapping: Attackers can change the email address of the attached account and disable multi-factor authentication. Hackers trick the mobile network into transferring your number to a sim card in hacker’s possession – including the one-time security code required to access personal accounts.
It can go worst if the hackers go on like disrupting an election, taking control of the stock market, attempting to start a war by issuing false statements from the world leader’s accounts.
Actions are taken by Twitter
Twitter locked all the affected accounts and removed posts by the attackers. And acknowledged the incident and announced, “it’s a coordinated social engineering attack” and working on it to fix it.
Could the attack be prevented?
Maybe yes. This incident has highlighted that all major social media platforms such as Facebook, Twitter, and youtube, to cross-check their security measures & administrative access and role. This signals that whatever we do online, even our private chats are at risk without proper security and administrative controls. Though it is not sure the reason behind this attack but it highlights the weakest link in the cybersecurity chain is “User” or “Human error”. Maybe this hack will serve as a wake-up call.
No matter how many cybersecurity control measures are there in the infrastructure, companies must provide proper security awareness training. Due to Covid19, work from home has become the new normal, companies and its employees are on the radar of cybercriminals.
How Teceze can help you?
Teceze can help you in adopting cybersecurity measures to mitigate cyber risks and make your system robust to combat the prevailing cyber threats.
Teceze cybersecurity assessment can help in understanding, managing, controlling, and mitigating the cyber threats across your organisations. The major purpose of a cyber risk assessment is to guide the decision-maker and support proper risk responses.
The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.