Products You May Like
Twitter is again in the media spotlight due to a recent cyber attack which took place using an intrusion method called ‘spear phishing’, and included a number of big-name celebrity accounts being compromised to generate Bitcoin. Hacking enjoys a unique place in the media whether related to video games or as news in the business and tech world. However, what hacking is remains challenging to answer because of the broad range of activities which could be referred to as hacking.
As often as movies glorify hacking, the act of deliberate penetration into software or hardware systems and using them in such a way which wasn’t intended (and in some cases, unlawfully), is much more difficult to explain. Colorful on-screen lights and puzzles coupled with beeping noises with each push of a button on a keyboard provide a glamorous image to the hacking community which, more often than not, instead relies on hours spent reviewing technical documentation and many more spent engaged in security testing.
On July 30, Twitter informed users that an official update on the security breach was available and that it would detail findings as of that time. In replies to the initial Tweet by the same support account, Twitter described that this penetration happened through a human vector — human beings were used to gain access. Ultimately targeting 130 accounts, this attack, which led to some hijacked user accounts tweeting about bitcoin donation, relied on gaining credentials from staff members while continuously seeking additional employees from which to then gain a means of entry. Despite hard-working team members acting to prevent and respond to security threats, they remain common as the information age goes on.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
— Twitter Support (@TwitterSupport) July 31, 2020
Simple, But Effective Attack
Sometimes, knowing how to crack into an operating system, exploiting a login form, or being able to pull off a front hand-spring isn’t necessary. If one wants to own the keys to a castle, it could mean breaking through an entrance, scaling walls or opening a hole in them. However, human beings are a lot like castles and if someone isn’t familiar with social engineering then they might have a vulnerability and could be deceived into divulging where the key is left hanging. Some attacks are complex, causing system-wide outages where control is nearly or completely lost and recovery comes at a ransom. In contrast, with humans vulnerable in some way, this remains a simple but effective attack.
The attack proved to be bad news for Twitter, which was required to secure access and identify what went wrong, at the same time as earning exactly the kind of press it didn’t want. The intrusion was particularly costly because the breach involved many verified accounts which meant some of the well-known users had reason for mention in the news while providing a poor backlink to Twitter. Companies aren’t without hope, however, as although this problem is devastating, it isn’t a new phenomenon. As Twitter described through its support account, this was a wake-up call. The knowledge gained from the experience affords education on the problem as a case study, and the corporate world can use that same knowledge to help defend against similar cyber-attacks coming from a human vector, Twitter or otherwise.
Source: Twitter