On July 15th, Twitter suffered its most devastating attack in its history. Several high-profile Twitter accounts were hacked to promote a cryptocurrency scam. Some of the high-profile accounts belonged to Bill Gates, Elon Musk, Joe Bidden and Apple.
Twitter confirmed through its platform that it had indeed been hacked. "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," said Twitter's support team late Wednesday. According to Tech Crunch, a source told them that the hacker was able to gain control of an internal tool to take over the popular Twitter accounts. “The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed whatever funds a victim sent ‘will be sent back doubled.’” By the time Twitter had shut down these and other verified accounts, the hackers had already made $120,000 in Bitcoins.
So, how does a breach like this affect the average business owner? What lessons can you learn from this hack to apply to your own business? From what is known about the hack so far, there are 3 steps you can implement right now that could help prevent a similar catastrophe from happening to your business.
1. Cyber Security Awareness is Key
Twitter says the attack was caused by a targeted social engineering scam. Simply put, the hackers tricked the Twitter employees into giving up enough information to gain access internally to the user accounts. The hackers could have used any number of methods to try and trick the employees. While it’s still not known exactly how the employees were duped, if you own a business, you need to ensure your employees are trained to spot scams, how not to fall for them, and to not give out privileged information. The best part is cyber awareness training isn’t expensive. As far a cyber security investment is concerned, this is where you get the best “bang for your buck.”
2. Privileged User Accounts Need More Protection
In a company the size of Twitter, you would imagine only a few people would have access to a tool such as the one that was used to take over those accounts. Assuming this is the case, these accounts absolutely need the most protection possible. Implementing multi-factor authentication on the privileged accounts or zero trust could have helped prevent this attack.
3. Tame The Insider Threat
The other possibility in a hack like this, is that this might have been an inside job. When it comes to your business, you have to protect it from inside and out. Do you know if your employees are happy? Could they/would they take a bribe to steal information from your business? It’s not just a matter of spying on employees. Changes in network traffic and data use can sometimes provide a clue as to what is going on with your staff. Monitoring your network to identify anomalies ahead of time can help prevent a potential attack.
If your business need help following any of these steps, Uzado is here to help. Contact us today to help you address your cyber security needs.