Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
186675 TECHREPUBLIC 2020-7-31:
Breach of high-profile Twitter accounts caused by phone spear phishing attack
1.000 Find similar Compare side-by-side
186699 THEVERGE 2020-7-30:
Twitter says a spear phishing attack led to the huge bitcoin scam
0.931 0.666 Find similar Compare side-by-side
186677 ARSTECHNICA 2020-7-31:
Twitter hackers used “phone spear phishing” in mass account takeover
0.991 0.665 Find similar Compare side-by-side
187004 THENEXTWEB 2020-7-31:
Prosecutors claim to have caught teenage mastermind behind Twitter hack
0.079 0.569 Find similar Compare side-by-side
186484 THEVERGE 2020-7-28:
US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia
0.509 Find similar Compare side-by-side
186899 ARSTECHNICA 2020-7-31:
Florida teen charged as “mastermind” in Twitter hack hitting Biden, Bezos, and others
0.176 0.479 Find similar Compare side-by-side
186544 THEVERGE 2020-7-29:
US files expanded charges against former Twitter employees accused of espionage
0.438 Find similar Compare side-by-side
186447 TECHREPUBLIC 2020-7-28:
Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses
0.391 Find similar Compare side-by-side
186782 TECHREPUBLIC 2020-7-30:
Security: This nasty surprise could be waiting for retailers when they open up again
0.353 Find similar Compare side-by-side
186790 TECHREPUBLIC 2020-7-30:
How security leaders can help SOC analysts adjust to working from home
0.343 Find similar Compare side-by-side
186723 THEVERGE 2020-7-31:
Twitter permanently suspends white supremacist David Duke
0.342 Find similar Compare side-by-side
186993 THENEXTWEB 2020-8-3:
Pardon the Intrusion #23: Read this if you have a wearable
0.303 Find similar Compare side-by-side
186994 TECHREPUBLIC 2020-8-3:
How to better protect your organization against mobile threats
0.303 Find similar Compare side-by-side
186725 TECHREPUBLIC 2020-7-31:
That job offer in your inbox might be part of a North Korean cyberattack
0.292 Find similar Compare side-by-side
186788 TECHREPUBLIC 2020-7-30:
How to find and fix vulnerable default credentials on your network
0.292 Find similar Compare side-by-side
186492 TECHREPUBLIC 2020-7-29:
How to protect your website's database from hackers
0.288 Find similar Compare side-by-side
186652 TECHREPUBLIC 2020-7-31:
Top 6 cybersecurity trends to watch for at Black Hat USA 2020
0.284 Find similar Compare side-by-side
186499 THENEXTWEB 2020-7-29:
Twitter expands its Stories-like Fleets to the Netherlands
0.280 Find similar Compare side-by-side
186507 TECHREPUBLIC 2020-7-29:
It's not OK, Cupid: Security flaws could expose user data and more
0.280 Find similar Compare side-by-side
186595 TECHREPUBLIC 2020-7-28:
Why security professionals are facing more work stress
0.279 Find similar Compare side-by-side
186594 TECHREPUBLIC 2020-7-28:
Distance learning makes universities more vulnerable to cyberattack
0.276 Find similar Compare side-by-side
186545 THENEXTWEB 2020-7-28:
Twitter says this new app for copying others’ timelines violates its rules — but it may live on
0.275 Find similar Compare side-by-side
186500 TECHREPUBLIC 2020-7-29:
How IT leaders were unprepared for the security challenges posed by COVID-19
0.268 Find similar Compare side-by-side
186524 THENEXTWEB 2020-7-28:
How to change your name on Facebook, Twitter, and other social media platforms
0.259 Find similar Compare side-by-side
186773 TECHREPUBLIC 2020-7-30:
Gartner: Nearly 90% of HR leaders believe their orgs have failed at boosting diversity
0.256 Find similar Compare side-by-side

1

ID: 186675

URL: https://www.techrepublic.com/article/breach-of-high-profile-twitter-accounts-caused-by-phone-spear-phishing-attack/

Date: 2020-07-31

Breach of high-profile Twitter accounts caused by phone spear phishing attack

A scam post made from tech icon Bill Gates' Twitter account, which was one of many breached accounts used to tweet similar messages. We've blacked out the bitcoin address. Twitter has confirmed that the breach of several high-profile accounts that occurred on July 15 was caused by a phone spear phishing attack that targeted a small number of employees. (TechRepublic).   In an update posted on Thursday, Twitter said that the attackers were able to gain access to the company's internal network as well as to employee credentials, which they used to sign into certain internal support and account management tools. Not all of the employees initially targeted had permission to use the account tools, Twitter added. But the attackers managed to use those credentials to access specific internal systems and thus obtain information about Twitter's account processes. From there, the attackers were able to target other employees who had access to the account tools. Using the credentials of the affected employees, the attackers managed to compromise 130 different Twitter accounts, including those of Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, and Barack Obama, according to Twitter. The attackers tweeted from 45 of these accounts, accessed the direct mail inboxes of 36 accounts, and downloaded Twitter data from seven breached accounts. However, Twitter didn't specify the names of all the accounts that were affected. Spear phishing refers to a type of phishing attack in which criminals email specific individuals with the goal of gaining their account credentials or other sensitive information. Twitter didn't explain what it meant by a "phone spear phishing attack." This could mean that the attackers actually called certain employees by phone rather than using email to find out their credentials, or it could mean targeted employees received a message by phone or email convincing them to call a certain person masquerading as a legitimate Twitter administrator. When asked for further details by TechRepublic, a Twitter spokesperson said the company had nothing to share outside of the blog post. But two security experts offered their thoughts on phone spear phishing. "A phone phishing attack would be similar [to email spear phishing], but instead the targets are telephoned and the criminal would attempt to elicit information, in this case, probably their account credentials," Mike McLellan, senior security researcher for Secureworks, told TechRepublic. " They might, for example, pretend to be from IT support or some other role with perceived authority, to persuade the user that it's OK to divulge information to them. Phishing attempts by phone are less common, because they are far more resource intensive than email and is perhaps indicative of the fact that Twitter was very specifically targeted in this case." As with many types of cyber crimes, spear phishing, whether by email or phone, begins with research on the part of the attacker. "Phone spear phishing starts with research by cybercriminals utilizing Open Source Intelligence techniques to learn about people and roles in the organization, all from online information," said James McQuiggan, security awareness advocate with KnowBe4. "They target midlevel managers or other employees who feel no one knows. Over time, a rapport is established until the cybercriminal feels comfortable taking advantage of the target. " Whatever specific spear phishing method was used in the breach, clearly the attackers relied on a combination of technical skills and social engineering know-how to be able to convince employees into sharing their account credentials. Of course, that's the M.O. for many phishing attacks and other types of malicious campaigns. "This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems." Twitter acknowledged. "This was a striking reminder of how important each person on our team is in protecting our service." Other than training employees through phishing simulations and similar methods, trying to correct human behavior is always challenging. That's why socially engineered attacks are often successful. "This incident demonstrates that social engineering is still a common method for attackers to gain access to internal systems," Ray Kelly, principal security engineer at WhiteHat Security, told TechRepublic. " The human is often times the weakest link in any security chain. Proper employee training and employing services that test human susceptibility to social engineering attacks such as email spear phishing, phone calls, and in-person attacks can be invaluable to help prevent the employee from being the security gap in any organization." Still, the attack begs the question of why Twitter didn't have tighter security in place to better protect its account and management tools. "Within any organization, it's essential to have a layered security structure to access the crown jewels or sensitive systems that are critical to the organization," McQuiggan said. "Restricted accounts, multifactor authentication (MFA), limiting system access, and periodic reviews can significantly reduce the risk of unauthorized access and exposure."   In its update, Twitter explained that it uses its account tools to help with different support issues, to review content, and to respond to reports. The company said that access to these tools is strictly limited and given only for business reasons. Though these tools and the associated processes are always being updated, Twitter said it's looking into how to make them more sophisticated. "We're always investing in increased security protocols, techniques and mechanisms— it's how we work to stay ahead of threats as they evolve," Twitter said. "Going forward, we're accelerating several of our preexisting security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams. We will continue to organize ongoing companywide phishing exercises throughout the year." By compromising so many high-profile accounts, the incident was particularly alarming because so many people now rely on Twitter for news and information. A tweet allegedly from a president or other politician or a prominent CEO can have a profound and immediate effect, potentially impacting stock markets, elections, and other elements critical to society. What does Twitter need to do to prevent another such incident in the future? "It may come down to a system where access to the critical systems will require the MFA of two different people," McQuiggan said. "In banks, a vault requires two people to open it, as each person has two of the four numbers needed to open it. They cannot share their numbers and must protect them. A similar concept could be the need to have two people authenticate to perform the most sensitive or critical actions within an organization. " Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays