On July 15th, several Twitter accounts were hacked in an effort to scam bitcoin from users. Unfortunately, it was successful, and in just under four hours that the tweets were live, the hackers received over $100,000 in bitcoin.
If you want to read more about the timeline of the hack on July 15th, you can read about it in our previous blog.
The hackers have since been identified and arrested as investigators found that their driver’s licenses were linked to their cryptocurrency exchange accounts. All three of the attackers, including a 17-year-old Tampa teen, are in custody.
In an update released by Twitter, they identified how the hack occurred. The cybercriminals targeted a small number of employees through a phone spear-phishing attack. Instead of casting a wide net like more common phishing attempts, spear-phishing is a form of social engineering where a hacker chooses a specific individual or enterprise with a tailored message based on job position or contacts belonging to the victim. This method requires more effort, time, and planning, and is typically harder to detect. In the case of the Twitter hack, the victims were targeted through their mobile phones while working from home.
After the successful phishing attack, the hackers obtained access to Twitter’s internal network and support tools. The hackers used the stolen credentials to access Twitter’s internal systems to learn about the company’s processes for accessing account-support tools. With this information, they were then able to target 130 Twitter accounts, tweeting from 45, accessing the direct messaging inbox of 36, and downloading the Twitter data of 7.
Since the attack, Twitter has significantly limited access to their internal tools and systems to ensure ongoing account security. They have increased security protocols and will continue to share updates.
It is important to note that the attack was targeted specifically at individuals. Studies show that employees are the number one vulnerability in any organization’s cybersecurity defense.
In addition to having the proper technology protocols in place, every organization needs to invest in proper cybersecurity training. Training your employees to properly identify a phishing attempt can be the number one tool to protect your business.