Black Basta Team and double extortion ransomware attacks

Protect smartphones and tablets from cyber risks: the mobile security

 View all
CYBERSECURITY

Twitter attack: the three lessons to learn

The recent cyber-attack that hit Twitter has created a lot of media sensation, especially because it is the first time that one of the great global social media platforms has been compromised in such a vast and blatant way.

Beyond the economic and image damage produced by the attack, this event must push us to make some broader considerations, starting from the implications for cybersecurity and privacy, up to the role that certain social networks have now assumed in the sphere of social and political life.

For more related articles, check our blog.

 

The dynamics of the attack

On July 15, 2020, between 8:00 PM and 10:00 PM UTC, several Twitter accounts of celebrities, each with millions of followers, were compromised by a cyber-attack aimed at soliciting a monetary scam. Essentially, the attackers asked users, through the official profiles of these celebrities, to send bitcoins to a specific wallet, with the promise that the money sent would then be returned and doubled.

The scam was carried out using high-profile accounts to reach millions of people simultaneously. The first tweet of this type was sent from Elon Musk‘s Twitter account and then from those of other relevant people such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Michael Bloomberg, Warren Buffett, Floyd Mayweather, Kim Kardashian and companies like Apple and Uber. Twitter believes that 130 accounts were compromised and that only 45 of them were later used to tweet.

More than 12 bitcoins, the equivalent of over $ 110,000, have been sent to one of the addresses involved. The social network intervened after a few hours, blocking the compromised accounts and deleting all the fraudulent tweets.

Twitter later confirmed the incident, calling it “a coordinated social engineering attack by people who targeted some of our employees with access to internal systems and tools.” Which explains how the attackers managed to use the platform’s administrative systems to edit accounts and publish tweets directly.

 

The importance of the human factor

The first of the three lessons that can be learned from this story concerns what has always been considered the Achilles’ heel of every computer security system: the human factor. In fact, it is obvious that even the most advanced cybersecurity structure in the world becomes useless if the real people who must guarantee its integrity make a mistake or, even worse, decide to violate it in accordance with external entities.

Although all of this was already widely known, the Twitter case brought back the discussion on how to prevent this type of accident. The main problem is that these are highly unpredictable events, precisely because they are caused by people’s free actions and not by the malfunction of some software.

Mainly for this reason, many experts suggest relying increasingly on certain new technologies, such as artificial intelligence and machine learning systems, not only to prevent external threats, but also to monitor the behavior of internal employees. Others, however, propose more stringent limitations and controls for access to administrative systems, but barring new revolutionary innovations, it is likely that the human factor will continue to be a serious problem also in the near future.

 

The vulnerability of our personal data

The second aspect that must be considered is that relating to privacy and the risk of exposure of one’s personal data. In fact, many have become accustomed to assuming social networks are totally safe environments for communicating and sharing photos and information, so as to lose any prudence in their use. But if someone has managed to access the personal profiles of people like Bill Gates and Elon Musk, it is clear that nobody can consider himself truly safe.

For this reason, it is essential to invest in the development and diffusion of a culture of information security, which above all underlines the great risks that can be run in transmitting private information via social networks. Greater awareness of these issues would significantly contribute to limiting the number of accidents, also because reducing the vulnerability to certain types of attacks that exploit social engineering, such as phishing, would precisely mitigate the incidence of the human factor.

 

The problem of the link between politics and social media

The third, and perhaps more serious, element on which it is necessary to reflect concerns the ever-closer link between politics and social platforms. If for years there has been talk of “fake news” and the political influence of anonymous groups of hacker-activists, this attack puts democratic society before new disturbing scenarios.

Several analysts, including those from the Washington Post, immediately stressed the potentially catastrophic consequences of a possible attack of this type during the election campaign period or at the time of the elections. The chaos generated by the dissemination of false information and the consequent blocking of accounts could influence the outcome of a vote in certain ways, threatening the functioning of democratic society in the digital age.

 

Conclusions

These are just some of the main aspects that this story has brought to the spotlight, but it is clear that an attack of this magnitude will continue to produce debates and confrontations, which is good, because only a general awareness of the risks and threats within cyberspace will help prevent even more disastrous events in the future.

1