Recently, Twitter experienced a terrified cyber attack in which a lot of high-profile accounts were hijacked. The targeted accounts included those of Elon Musk, Barack Obama, and Bill Gates. The Federal Bureau of Investigation is also now looking into this attack. Several details are still unknown to us, however, the social media platform has confirmed that the attackers gained access to Twitter’s internal systems by coordinating a social engineering attack on one of the company’s employee.
Reports from TechCrunch and Motherboard suggest that the hackers were able to access an internal dashboard that allowed them to reset the login credentials on select accounts and take control of those accounts. Early into this attack, some individuals started to theorize that this was exactly what was happening during the attack. SocialProof Security’s CEO, Rachel Tobac is a professional hacker hired by several companies to break into their security systems to expose vulnerabilities.
Rachel Tobac tweeted that the hackers had likely accessed Twitter’s employee admin panel as the attack was starting to unfold. Tobac stated that the admin privileges accessed by the attackers are common among tech companies. Several companies have a lot of admin access and it is unchecked, added Tobac. She said that it is pretty rare that she gets stopped while executing an attack and cannot get admin access. Oftentimes, she gets admin access within only five minutes.
Tobac’s company has worked with several major companies including Uber, PayPal, and Facebook. She suggested a few things for tech companies with these types of admin systems. Tech companies should require multiple employees to log off on some specific decisions.
She said that companies should have at least 2 sets of eyes when they have to make a really big decision such as changing email of big influencers such as Barak Obama, Apple and Uber. Tobac suggests multi-factor authorization for even signing in with those login credentials at work. She added that tech companies can also have threat detection. If companies have an insider threat, and they mark some high-value behaviors as possible threat actions, it will alert them if they see them going off multiple times in one hour.
Employees should be trained and technical tools should also be made available to them, recommends Tobac. Experts have already warned that the Twitter attack might be part of something larger than only bitcoin scams. Some cybersecurity experts believe that the bitcoin scam might have been a way for attackers to show off. Twitter is under fire to explain to lawmakers how such an attack could happen. Tobac thinks that this is an issue that several firms do not take seriously. Experts believe that this is a big wake-up call for companies across the globe to limit their admin access or have improved security checks.
Photo: REUTERS/Mike Blake
Read next: Twitter's Executive Bemoans Current Machine Learning Limitations
Reports from TechCrunch and Motherboard suggest that the hackers were able to access an internal dashboard that allowed them to reset the login credentials on select accounts and take control of those accounts. Early into this attack, some individuals started to theorize that this was exactly what was happening during the attack. SocialProof Security’s CEO, Rachel Tobac is a professional hacker hired by several companies to break into their security systems to expose vulnerabilities.
Rachel Tobac tweeted that the hackers had likely accessed Twitter’s employee admin panel as the attack was starting to unfold. Tobac stated that the admin privileges accessed by the attackers are common among tech companies. Several companies have a lot of admin access and it is unchecked, added Tobac. She said that it is pretty rare that she gets stopped while executing an attack and cannot get admin access. Oftentimes, she gets admin access within only five minutes.
Tobac’s company has worked with several major companies including Uber, PayPal, and Facebook. She suggested a few things for tech companies with these types of admin systems. Tech companies should require multiple employees to log off on some specific decisions.
She said that companies should have at least 2 sets of eyes when they have to make a really big decision such as changing email of big influencers such as Barak Obama, Apple and Uber. Tobac suggests multi-factor authorization for even signing in with those login credentials at work. She added that tech companies can also have threat detection. If companies have an insider threat, and they mark some high-value behaviors as possible threat actions, it will alert them if they see them going off multiple times in one hour.
Employees should be trained and technical tools should also be made available to them, recommends Tobac. Experts have already warned that the Twitter attack might be part of something larger than only bitcoin scams. Some cybersecurity experts believe that the bitcoin scam might have been a way for attackers to show off. Twitter is under fire to explain to lawmakers how such an attack could happen. Tobac thinks that this is an issue that several firms do not take seriously. Experts believe that this is a big wake-up call for companies across the globe to limit their admin access or have improved security checks.
Photo: REUTERS/Mike Blake
Read next: Twitter's Executive Bemoans Current Machine Learning Limitations
