Prominent US figures have been targeted by hackers on Twitter in what the company calls a ‘disruptive’ and ‘socially engineered’ attack.
The official accounts of leading politicians and celebrities were hacked to request donations to the cryptocurrency, Bitcoin.
In a series of tweets, Twitter stated: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed.
“Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
“We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
“This was disruptive, but it was an important step to reduce risk.”
Twitter CEO Jack Dorsey tweeted: “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
Experts from within the cybersecurity industry have offered commentary on the subject.
Max Heinemeyer, Director of Threat Hunting at Darktrace, said: “There is strong evidence to suggest that the attackers gained access into Twitter’s back-end systems, theoretically granting them access to any twitter account – even that of a US president.
“Despite this level of access, we cannot assume this is the work of a nation state: many cybercriminals today have access to tools and techniques once reserved for state-sponsored attacks. The hack used automation, was well-organised and targeted selected accounts for maximum impact. The money is already being moved from the initial Bitcoin wallet to make tracking harder.
“These perpetrators may be financially motivated and conducting a smash-and-grab attack, but that does not mean the damage done ends with the Bitcoin scam. While Twitter put all hands-on-deck to deal with prominent individual’s accounts, it is unclear what other nefarious activities the attackers have done behind the scenes.
“In the run up to the US presidential election, we can expect to see assaults of this kind become the ‘new normal’. The story is far from over.”
Sam Humphries, Security Strategist at Exabeam, said: “Almost all of the huge breaches we see in the news involve attackers leveraging stolen user credentials to gain access to sensitive data. Insiders with access to privileged information represent the greatest risk to a company’s security.
“The rapid shift in workplace practices during the current pandemic has been a steep learning curve for even the largest, most sophisticated security organisations, and we’ve seen a resurgence in social engineering based threats looking to take advantage. Sadly, this is unlikely to be the last time we’ll see the consequences of a failure to adapt security operations to mitigate the new wave of risks that lockdown and remote working has brought – whether that’s remote workers using unsecure technology at home, or insiders working away from the corporate environment who may be more susceptible to bribery.
“Security practitioners need to be casting the ‘visibility and analytics net’ far wider, to better detect, investigate and remediate against these. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. This means gaining a clear understanding of the normal behaviours of everyone that accesses your network, allowing you to spot the anomalies more easily when they happen – and they will. The faster you can do this, the less time attackers have to ‘dwell’ in the network and more data – or in this case, reputation – you can potentially save.”
