Twitter Confirms Spear-Phishing Attack Caused Account Takeover

Spread the love

Twitter Confirms Spear-Phishing Attack Caused Account TakeoverTwitter has confirmed that the social engineering attack which enabled the takeover of major accounts was achieved by a spear-phishing attack.

In an update to its previous statement, Twitter said the attack occurred on July 15 and “targeted a small number of employees through a phone spear-phishing attack.” This attack enabled the attackers to obtain access to both the internal network and specific employee credentials that granted them access to internal support tools.

“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes,” it said. This then enabled them to target additional employees who had access to account support tools.

Using the credentials of the employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36 and downloading the Twitter data of seven. 

In the initial attack, Twitter said on 16 July that the coordinated account hijacking campaign wad done by a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” For a period of time, accounts with millions of followers belonging to Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Elon Musk, Kanye West and others were briefly hijacked and used to promote a cryptocurrency scam. The corporate accounts of Apple, Bitcoin, Coinbase and others were also taken over.

A day later, Twitter disclosed that 130 accounts were targeted, and the successfully compromised accounts represented a  “small subset” of the total number of accounts the attackers had in their crosshairs.

Answering questions about access to user accounts, Twitter said it has teams around the world that help with account support that use proprietary tools to help with a variety of support issues. “Access to these tools is strictly limited and is only granted for valid business reasons,” it explained. “We have zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions and take immediate action if anyone accesses account information without a valid business reason.”

However, Twitter said it is now “taking a hard look at how we can make [the access tools] even more sophisticated.”

Looking forward, it said since the attack it has “significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation” and it is continuing to invest in increased security protocols, techniques and mechanisms.

“Going forward, we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams. We will continue to organize ongoing company-wide phishing exercises throughout the year.”

Stuart Reed, UK director at Orange Cyberdefense, said: “As suspected, this breach resulted from social engineering – hackers preying on human vulnerabilities. Technical countermeasures against phishing attempts and detecting malicious activities today are much more robust than they have been in the past. The human, on the other hand, is more complex and hard to predict in certain scenarios while easy to manipulate in others.

“It is vital organizations employ a layered approach of people, process and technology for optimal cybersecurity. This incident underlines the critical importance of awareness and education among employees and the role they play in good data hygiene – cybersecurity is not the sole concern of an individual or a function, it is a shared responsibility of all.”

X ITM Cloud News


Leave a Reply

Next Post

Crypto Firm Ledger’s Breach Hits One Million Customers

Fri Jul 31 , 2020
Spread the love          Crypto Firm Ledger’s Breach Hits One Million CustomersCrypto-wallet firm Ledger has revealed a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands. Aside from the email addresses, which could be used in […]

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware