Reports have surfaced that the Twitter accounts of prominent companies, politicians and celebrities were compromised on Wednesday, 15 July 2020. Hackers were able to gain large scale access to the Twitter accounts of several prominent and influential US personalities and companies to promote a cryptocurrency scam.
It is concerning that the accounts of prominent figures were targeted and compromised. Given the level of influence and prominence several of those individuals have on social media, the hackers had the potential to cause greater havoc. On this occasion, it appears the hackers were financially motivated to perform the cyber attack by seeking “donations” via Bitcoin. The hackers sent out tweets asking people to donate Bitcoin to an address and the Twitter account holder would double the donation.
Twitter responded to the incident by investigating the security incident, removing messages and preventing a number of verified account holders from tweeting. The FBI is investigating the incident and advised the public not to fall for the scam by sending cryptocurrency to the link cited in the tweet.
At this stage, there is minimal information on the root cause of the incident and how the hackers were able to access the Twitter accounts. Security experts have mused the attack was due to a security weakness in Twitter’s service, as opposed to the account users’ security measures. On Wednesday evening, Twitter stated it believed it was the target of a coordinated social engineering attack that successfully targeted its employees with internal access to systems and tools.
Social engineering is a common method hackers use to conduct cyber attacks which basically involves manipulating a target to make security mistakes. To mitigate the risk of your staff falling victim to a social engineering attack, we recommend:
- training your staff on the common types of social engineering methods
- adopting technologies that can minimise malicious software used by hackers, and
- having policies in place for staff to follow to mitigate the risk of your staff falling victim to a social engineering attack.