In 2020 businesses surged into online workspaces as we battled the rise of COVID-19. The shift to remote work enabled business continuity across the globe, however the opportunity soon opened up gaps and exposed many companies to social engineering attacks while they and their staff were adjusting to the change. One such example was Twitter.
In 2020 Twitter experienced a social engineering attack where a large number of high-profile accounts were accessed, and a bitcoin scam was posted by these accounts. Forty-five accounts including those of Elon Musk, Bill Gates and Kanye West were used in the scam.
To gain access to Twitter’s system, the attackers pretended to be members from the IT team, they called remote workers claiming there was a VPN issue. Twitter utilised VPN when their staff were working from home that consistently experienced issues that required IT support. The employees were directed to an identical phishing site where the attackers were able to see and use the staff credentials to login to the real site. As they were logging in at the same time as the employee, the multi-factor authentication notifications were approved by the employees. Through this, the attackers were able to access numerous Twitter accounts where they asked followers to purchase Bitcoin through the shared link.
Twitter users purchased over $118,000 US in bitcoin through the links. The team of attackers were also able to download personal data from many of the compromised accounts. The bitcoin was unable to be tracked so the transactions were could not be reversed, resulting in losses to the affected users.
Twitter shares dropped 3.8% following the attack and they temporarily blocked verified accounts for two hours whilst they investigated the event.
Twitter only became aware of the unauthorised access when it was clear that multiple high-profile accounts were posting the Bitcoin scam. Following the event, they made improvements to their security including hiring a CISO, improving muti-factor authentication, conducted cyber awareness training, and implemented additional information security controls.
The exploitation Twitter experienced is a fantastic reminder that cyber events don’t just come from malware or advanced hacking techniques; this was a relatively simple social engineering attack exploiting the confusion created by a change in business operations.
Twitter, and many more companies like them made very quick changes to business operations and had to do so with little risk evaluation [we may assume] of how that risk event may play out or be enhanced by change.
A lesson to us all that continuity strategies and tools within our incident response plans should emphasise the importance of risk assessments, giving a quick check box indicating will [x] decision increase likelihood or exposure to [y], or questioning will this decision introduce new risks to our environment?
Risk management is at the heart of business continuity and is a vital tool to support resiliency, we need to react quickly to survive but always have a finger on the pulse in terms of risk, so we do not continue to suffer one event after the other, or worse still suffer many at the same time!
We cannot foresee every possible event before they occur, but a little pre-planning to give the tools that enhance decision making quickly is invaluable.
How ISD Cyber can help
ISD Cyber assists many organisations in developing business continuity strategies to enhance their existing systems and planning.
We can work with you to refine your plans, enhance team capability and understanding of their roles and responsibilities through training and we can facilitate exercises to challenge the assumptions within your plans and strategies.
Contact us today on firstname.lastname@example.org for further information about risk management and what it means to your business.