On Wednesday 15th July 2020, Twitter became a victim of a cyberattack. The hack compromised 130 accounts, including Barack Obama, Elon Musk and Bill Gates to name a few. These compromised accounts posted tweets urging their followers to send them money in Bitcoin, stating the transaction would be doubled.
As the investigation is still underway, new information is being released periodically. The latest update revealed usernames were attempted to be sold, and accounts had their email addresses, phone numbers, and direct messages accessed on certain accounts.
How did this happen?
Twitter released a statement on Saturday 18th July that explained their employees had succumbed to a Social Engineering attack. The attackers had successfully manipulated a small number of their employees into handing over their credentials.
These credentials were used to access Twitter's internal systems, which included getting past two-factor authentication.
Allegedly, the hacker managed to find admin credentials within their Slack channels and used this to further hack into Twitter's systems.
Out of the 130 accounts that were targeted, 45 accounts had passwords reset and tweets compiled asking for Bitcoin payments.
What is Social Engineering?
Social Engineering, in the context of information security is,
the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes
There are a variety of Social Engineering strategies Cybercriminals use, which we have listed here.
Why should you care about this?
Twitter is a large business and one of the top social media platforms, so you would expect it to have excellent security protocols in place to help protect their data from cyber attacks. However, as we saw last week, if your employees succumb to a social engineering attack and give away their credentials, it doesn't matter how effective your security is - your business can still be hacked and your data will be at risk.
Whether your business is large or small, your employees should be a key part in your security strategy. Cybercriminals know that your employees are the easiest way for them to access your data, thus making them your weakest link. This is why they send highly-targeted emails that could trick even the savviest user into handing over their credentials.
What can you do?
Cybercriminals' tactics change frequently, which is why you should provide your users with regular training and updates on the latest security threats.
Make your users aware of how they can help protect your organisation, especially as this can help them protect their own data in their general day to day lives.
If your users are properly educated and trained on the threats of cyber attacks, including the warning signs of social engineering, they can help keep your data protected.
User awareness training is designed to make your users think twice about an email, phone call, or even the dangers of using a USB stick they find - this training is not just for new users either, it can benefit users at all levels and any department.
How can we help?
Our User Awareness Training helps educate your users on cyber threats, suspicious activity, and how to stay safe online. With 90% of security breaches occurring due to human error, user awareness training is key in keeping your organisation protected against cybercrime.
Furthermore, we can help you put together a backup and recovery plan, as sometimes it is not a matter of, "if a cyberattack will happen", but rather when - if your organisation is not prepared for an attack, you could lose all your data, especially if it is encrypted and held for ransom.
Cybercriminals do not care if your organisation is large or small, if they know they can access your data and benefit financially from it, they will.
Protect your business today - get in touch with us to find out more.