Celebrities’ accounts hacked in unprecedented Twitter attack

410 views

NEW YORK — The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam, The Verge reported.

We don’t know how the hack happened or even to what extent Twitter’s own systems may have been compromised — but following the unprecedented hacks of accounts including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, Twitter has confirmed it took the drastic step of blocking new tweets from every verified user, compromised or no, as well as locking all compromised accounts.

The Verge reported that Twitter said it will not restore access to their owners “until we are certain we can do so securely.”

On Wednesday evening, the company revealed that its own internal employee tools were compromised and used in the hack, which may explain why even accounts that claimed to have two-factor authentication were still attempting to fool followers with the bitcoin scam.

Late in the evening, Twitter CEO Jack Dorsey wrote, “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

Product chief Kayvon Beykpour also released a public statement on his personal account, writing, “Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers.”

The chaos began when Tesla CEO Elon Musk’s Twitter account was seemingly compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates’ account was also seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address.

Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, among others, were also compromised and began promoting the scam.

Loïc Guézo, senior director of cybersecurity strategy, EMEA at Proofpoint said, “While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin.

“People are still a main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money.

“To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response. Threat actors understand human nature and are unrelentingly focused on taking advantage of our society’s trust in digital channels.”

Francis Gaffney, director of threat intelligence and response, Mimecast, commented: “Based upon Twitter’s response, it would appear this was the result of a so-called social engineering attack. Social engineering attacks are usually quite sophisticated, and can involve substantial pattern-of-life analysis, including research of the target to craft specific bespoke lures, such as websites and tailored emails — referred to as pattern-of-life-analysis.

“The threat actor studies the target’s online presence, including their use of social media, to identify social and family networks, favorite restaurants, hobbies, sporting or musical interests. The majority of these attacks are carried out for financial gain, as is the case with this one.

“Human error is required for these attacks to be successful, which highlights the importance of regular cyber awareness training to increase employees’ knowledge about such methodologies used by threat actors. Our State of Email Security report found only 28% of organizations in KSA provide awareness training on an ongoing basis, leaving businesses increasingly vulnerable.

“At the same time, appropriately managed access controls for administrative or supervisory accounts can assist in preventing the escalation of privileges, or abuse of permissions, that this particular attack relied upon. These need to change to prevent further successful attacks such as this one, that can have massive reputational damage for any company.”

Meanwhile, Satnam Narang, staff research engineer, Tenable, said, “Several notable Twitter accounts in the cryptocurrency space have seemingly been hacked in a mass coordinated attack, including exchanges like @Coinbase, @Binance, @Gemini, @KuCoin, @Bitfinex, CEOs and founders like @CZ_Binance, @JustinSunTron, @SatoshiLite, cryptocurrency accounts like @TronFoundation, to promote a COVID-19 cryptocurrency giveaway scam.

“The accounts tweeted that they “partnered with” a company called CryptoForHealth. The domain for this website was registered on July 15. The website itself claims that, to help with the hard times endured by COVID-19, they’re partnering with several exchanges to provide a “5000 Bitcoin (BTC) giveaway” which is a ruse for advanced free fraud.

“This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams.

“Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater. This is a fast moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets.

“We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam.” — Agencies


410 views