Last week, Twitter was victimized by a highly organized social engineering attack that compromised 36 mostly high-profile accounts, including those belonging to Elon Musk, Barack Obama, Jeff Bezos, and Bill Gates. After gaining control of the accounts, cybercriminals used them to promote a cryptocurrency scam that netted over $120,000 in untraceable bitcoin payments before Twitter disabled the accounts.
While Twitter is still investigating the incident, they have determined that cybercriminals breached the accounts by compromising high-level system tools used by Twitter’s internal support team. This allowed them to bypass multi-factor authentication protection (2FA), initiate password resets, login to the accounts, and send Tweets. Further, cybercriminals used the “Your Twitter Data” tool to download detailed account information, including the content of direct messages, for approximately eight of the compromised accounts.
Exactly how attackers compromised Twitter’s internal tools is still a matter of speculation, but it is clear that before they compromised their systems, they first compromised Twitter’s employees, either by paying them off for the access, taking advantage of carelessness (such as a weak password), or duping them through a phishing scheme.
Whatever Twitter’s investigation ultimately uncovers, the incident illustrates the cybersecurity risks posed by company insiders, as well as the importance of identity and access management (IAM) to foil social engineering attacks.
How To Mitigate the Risk of Data Breaches
All organizations should review which employees have access to the organization’s most sensitive and critical applications, and how that access is governed and monitored. Access to high-level systems should be tightly restricted and monitored using privileged access management (PAM) controls such as password vaulting, session logging and tracking, 2FA, and automated provisioning and de-provisioning.
While it’s critical to safeguard privileged accounts, organizations cannot neglect everyone else in the company. Cybercriminals often get around PAM controls by compromising lower-level accounts, then using privilege escalation tactics to gain access to higher-level resources. Since nearly all successful data breaches are caused by weak or compromised passwords, organizations should ensure that all employees are practicing good password hygiene, such as using strong, unique passwords, 2FA, and a password manager such as Keeper’s zero-knowledge password management and security platform.
For maximum protection, organizations should pair their password manager with a Dark Web monitoring tool such as Keeper’s BreachWatch™ for business. BreachWatch for business scans Dark Web forums and notifies organizations if any employee passwords have been compromised in a public data breach.
Keeper’s password manager and BreachWatch for business can be deployed quickly, require minimal ongoing management, and scale to meet the needs of any size organization.