It’s all over the news: Hackers gained access to high profile Twitter accounts belonging to celebrities such as Jeff Bezos, Bill Clinton, Barack Obama – even the Apple corporate account. The hacked accounts urged people to send bitcoin to support a fake good cause.
Twitter responded by locking the affected accounts. While some news reports said some Twitter employees fell for a social engineering attack, Vice suggested the hack involved cooperation from an insider.
Social engineering is when crooks surf Social Media to learn all they can about organizations they want to hack. They look for people in specific jobs, usually, then research those individuals’ Social Media.
Crooks use what they learn in research to craft phishing emails designed to get their targets to click malicious links and provide access credentials.
In Twitter’s case, hackers took over high-profile customer accounts to steal $120,000 in bitcoin by asking for donations to a fake cause.
Infosecurity Magazine quoted a director at a cyber security firm saying that “a lack of awareness among employees continues to put organizations at risk of social engineering, especially when many are working from home today.”
Reports say Twitter uses lots of security, but a sophisticated phishing campaign focuses on human emotion and judgment. Malicious insiders also can be hard to spot in advance.
We always encourage layered security measures, which you can read about in this White Paper.
Our Layered Defense focuses on Prevention, Detection, and Response. This ensures a gap or weakness in a single control won’t necessarily lead to an exploit by the bad guys.
But most of all, you need ongoing cyber security training to keep your workforce on guard and even skeptical of incoming emails because some could be phishing.
Employees are working from home, outside of the automatic protections your network systems provided them in the past. This is the fourth month of pandemic-increased work-from-home, and currently, news about the virus suggests this will continue for a while.
We are still available for security assessments of your newly remote workforce and systems. If crooks can get past Twitter’s defenses, they likely will get past yours. Let us help you be prepared.