Last week Twitter was involved in a breach that resulted in the compromise of high-profile accounts including those of President Barack Obama, Democratic candidate Joe Biden, and Tesla CEO Elon Musk.
According to Twitter, attackers targeted certain Twitter employees through a social engineering scheme. The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through two-factor protections. Hackers were able to access tools only available to Twitter’s internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. Twitter also believes that hackers may have attempted to sell some of the usernames.
Twitter is continuing their investigation of this incident, but it looks like the hack started with a social engineering attack (i.e. phishing). Twitter said the hackers had targeted its employees “with access to internal systems and tools”. According to the FBI, “The accounts appear to have been compromised to perpetrate cryptocurrency fraud,” and has urged the public to be vigilant.
What should businesses do to protect themselves?
- Cybersecurity awareness training & phishing testing
We can’t stress this enough – conduct regular security awareness training and phishing testing! This is your first line of defense against hackers. ACE IT Solutions can help train employees and conduct phishing tests.
- 24x7x365 Security Monitoring
- Logging & Log Management
- SIEM & SIEM Reporting
- Vulnerability Scanning
- Access Management & Risk Assessment
- Dark Web Monitoring
ACE IT Solutions offers solutions to help businesses protect against, and recover from, phishing attacks, malware and other security breaches. We continually invest in evolving our information protection program, developing our people, processes, technology and systems to create best-in-class risk management services. Protecting your information requires a strong defense on all fronts: from setting a dynamic cybersecurity strategy to developing and implementing comprehensive controls and information security services.
Contact us at 646.558.5575 or firstname.lastname@example.org with questions about phishing and cybersecurity risk management.