The recent attack on the Twitter accounts of numerous celebrities and companies leaves some questions open to experts. So clearedAlthough internal tools played an important role, how the attackers got access to them is completely unclear.
Liviu Arsene, leading analyst for digital threats at Bitdefender, assumes, for example, that the cracked Twitter accounts were secured “using two-factor authentication”. The attackers must have succeeded in overcoming this hurdle, which is supposed to reliably protect accounts even if a password is lost.
“The spectacular attack on prominent Twitter accounts can only point to a coordinated cyber attack on Twitter employees and systems. It is suspected that the attackers-Use context: Employees are much more likely to fall victim to scams and spam emails, which then compromise devices and ultimately corporate systems. “
The analyst also suspects that Twitter has been spared even greater damage. By attacking Twitter’s internal systems, the backers “could have done much more damage.” Instead, they tried to “monetize the attack immediately.” “With the simple Bitcoin fraud, the hack should quickly bring in money – the situation is very different for sophisticated attacks by groups that use advanced persistent threats (APTs) to pursue long-term goals in highly coordinated and sophisticated operations.”
The security provider Exabeam does not rule out that even an insider is behind the attack. “What seems clear at the moment is that it is an attack based on compromised user data, either by unsuspecting employees or by an allegedly malicious insider on the network. Both of these happen not infrequently, because almost half of all data breaches, consciously or unconsciously, are caused by some kind of insider threat. ”
Exabeam also speculates that the home office increases the risk of attacks on companies – and may also have played a role in the case of Twitter. Such attacks could only be identified through a precise analysis of user behavior. “Knowing normal behavior makes anomalies easier to spot. The time for detection plays an important role: Because the faster you recognize that something bad is happening in the network, the less time the attackers have to stay in the network. “
The experts agree that this is one of the worst or even the worst security incident in the history of Twitter. “We have seen high-level account compromises used to post cryptocurrency fraud in the past; however, this is a different caliber. For example, @Jack was attacked via a SIM card hack in 2019; President Donald Trump’s account was also deleted by a Twitter employee. However, the scale of the current attack is much larger and affects many top accounts with hundreds of millions of followers, ”said Costin Raiu, head of the Global Research and Analysis Team at Kaspersky.
“At the moment we don’t know who is behind it. However, the cryptocurrency fraud could point to a criminal group looking for financial gain. A nation state would rather use the access to collect private information such as direct messages from people of interest, ”Raiu added.
In order to restore user trust, a thorough and public investigation is “essential”. “An explanation of the procedure, the tricks used by the attackers and the vulnerabilities they exploited – if that was the case – is required.”
So far, Twitter itself has only spoken of a coordinated social engineering attack. In this context, Kaspersky assumed that the accounts of Twitter employees were also protected by two-factor authentication. “This raises questions about how such a social engineering attack could be successful. It would also be important to know what steps have been taken to protect the platform from future abuse in order to regain user trust, ”added Raiu. “I think that Twitter will work hard to close any security gaps that may be used, making similar attacks difficult or impossible to carry out in the future.”