On Friday, the FBI, the Internal Revenue Service (IRS), the U.S. Secret Service, and florida police arrested Graham Clark, 17, of Tampa, Florida, and accused the youngster of being the “brain” of the biggest breach of security and privacy in Twitter history. Two other people have also been charged through the US Department of Justice, adding 22-year-old Nima Fazeli from Orlando and Mason Sheppard, 19, in the United Kingdom, according to a report by The Verge.
It was also only Friday that the microblogging service, however, answered some questions about this month’s unprecedented phishing attack, which allowed hackers to tweet from some of their most prominent accounts.
“Social engineering that took place on July 15, 2020 targeted a small number of workers through a phishing attack over the phone,” Twitter announced via a blog post. “A successful attack forced attackers to gain access to our internal network and the express credentials of workers that allowed them access to our internal tools. Not all target workers were legal to use account control tools, but attackers used their credentials to access our internal systems and download data about our processes.”
The social media company also admitted that some of its workers had been targeted by a phone phishing attack, posing as colleagues or, in all likelihood, members of the company’s security team.
The 3 hackers then won the Twitter accounts of former President Barack Obama, former Vice President Joe Biden, Microsoft founder Bill Gates, technology visionary Elon Musk and musician Kanye West, among others, as a component of a massive Bitcoin scam.
“This scenario underscores the importance of cybersecurity cultural awareness within an organization’s end-user community,” warned Bill Santos, president and chief operating officer of Cerberus Sentinel. “The truth is that you are the ultimate naive employee, and constant training, testing, and reinforcement are the maximum vital steps an organization can take to protect against such attacks.”
Known threat
What is particularly worrying in this specific case is that Mr Clark had already been in the crosshairs of law enforcement, which highlights the fact that cybercrime is still taken seriously enough.
“As we know, one of the young men arrested today has already been investigated in April, and the secret service has taken 700,000 bitcoins from it in the past,” said Chloe Messdaghi, Point3 Security’s vice president of strategy.
The existing Covid-19 pandemic, which employs many other people remotely, as well as many understaffed companies, has created a very good typhoon for such attacks.
“We are at a time when other people are beaten and the attackers know and actively exploit it,” Messdaghi added.
“That’s why we’re seeing an increase in cellular phishing in particular,” he noted. “Think about it: now more than ever, if someone receives an SMS on their cell phone from a boss who doesn’t do it that way, chances are to link it to lines of communication between offices that have been erased and rewritten the pandemic. And if a worker is invited through a user who claims to be their boss with a message that says “we have a serious problem” and please call a helpline number without delay, they are more likely to meet before thinking. , because the pandemic has caused others to be beaten and eager to respond to security threats.”
Mobile threats
It is also true that while we have all been informed of the risks of unsolicited emails and our desktop/laptop computers are loaded with antivirus/anti-malware software, our cell phones are open gateways for bad actors.
“In most cases, the cell phone is a much better form of phishing than touch-sensitive computing; Studies imply that even expert users are 3 times more likely to fall into the trap of a phishing link on a small screen compared to a desktop computer. PC sensitive because visually it is more logistically difficult to determine a link,” Messdaghi said.
She presented some non-unusual approaches to cellular phishing, which come with SMS messages that warn of a security scenario or ask the recipient to “click here to validate”; URL padding, where a bad actor takes a valid domain and adds malicious extensions; Small malicious URLs that take the unsuspecting recipient to an unsafe and harmful site; and cell verification code scams.
“There will have to be a lot more conversations about cellular phishing in particular, and about any phishing actually,” Messdaghi added. “Rule number one: check everything you get, adding everything you get from your employer.”
Social directed
In this latest top attack, hackers used Twitter accounts as a component of a rather undeniable Bitcoin scam, but what concerns it is that it may have been used to have an effect on the stock market, discredit Americans during an election year, or even cause a foreign incident.
Although the latest exploit may have taken money from some Americans, the scenario may also have been much worse. The queried accounts may also have provided indescribable non-public information, adding the contacts, information to the hackers.
“Social media platforms, like any other online service, are vulnerable to knowledge engagement or vector account identity theft,” Santos said.
“Relying on data posted on independent verification of social media is the subject of manipulating attackers, whether through hacking or desdata campaigns,” Santos added.
Fortunately, the attackers opted for the proverbial fruit.
“Cybercriminals generally seek currency scams, such as fraudulent tweets related to bitcoins sent during the recent attack on Twitter, but they also compromise ordinary accounts and send messages asking for cash to their contacts who claim to be the victim trapped in a foreign country,” Santos says. . Nation-states continually bombard social media with campaigns of contempt to publicize their own interests, from collecting aid for favorite political projects to inciting social unrest through worry and hatred. As a general rule, it is worth checking any data presented on social media and seeking external confirmation before sending cash or blindly believing in the stories presented, especially if they seem designed to be incendiary or disturbing. “