Twitter is a vital media and marketing platform with a massive audience base. With 330 million monthly active users recorded in 2019, it’s one of the biggest social media platforms and makes a significant contribution to brand visibility and growth. So, what happens when Twitter gets hacked?
On 15 July, attackers compromised several high-profile accounts, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple. The hijacked accounts, which have tens of millions of followers, sent a series of tweets proposing a classic bitcoin scam: “If you transfer cryptocurrency to a specific bitcoin wallet, they will receive double the money in return”. Approximately $180,000 was sent to those bitcoin wallets and, needless to say, no money was paid back. This scam demonstrates that having software security and crisis management plans in place is a “must-have” not a “should have”—now more than ever.
So how did the attackers gain access? According to Twitter, they used a spear phishing attack to target Twitter employees by phone. After stealing employee credentials and getting into Twitter’s systems, attackers could target other employees who had access to account support tools. Spear phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
This kind of attack reveals how imperative it is for organizations to implement people-centric cybersecurity framework. Attackers do not view the world in terms of a network diagram—they target human vulnerabilities across channels. The best way to combat attacks like these is to implement a complete social media security solution that scans all social networks and reports fraudulent activity.
Here are four best practices Proofpoint implements to safeguard our customers’ social channels:
Account Protection: Proofpoint alerts on account tampering by unauthorized third parties to protect against security risks.
Content Origination: Proofpoint tracks where content originates from on managed accounts and can alert when unauthorized apps make posts (third party apps are the source of most social media account hacks).
Content Classification: Proofpoint scans and classifies all content on managed accounts and alerts on compliance, security and reputational risk. Additionally, Proofpoint supports remediation of the content either manually or automatically.
Custom Classification for High-Risk Topics: Many Proofpoint customers leverage Proofpoint’s custom classifications to alert on current events or topics (e.g. Covid-19 or Bitcoin) that may be subject to scams and malicious content.
It doesn’t stop there; you need policies to safeguard your content collaboration platforms, including:
- Corporate Governance Program: Establish appropriate people-centric policies on each content collaboration platform. Now is the time to review and use administrative controls within communication platforms to limit your exposure to risk.
- Employee Training and Education: Provide employees with best practices and guidance on their compliance obligations during this time, such as:
- The proper channels to use for internal versus external communications
- How to avoid exposing private information
- Screen sharing rules
- A Trusted, People-Centric Technology Stack: Treat content collaboration platforms with the same caution and policies you do with email. Capture and archive the content into a single platform and have supervision and advanced analytics to help you identify potential risk
This Twitter hack is a timely reminder that attackers prey on people. With the widespread deployment of SaaS platforms and rising incidence and sophistication of impostor attacks, the stakes are higher than ever for organizations. People are the primary target of attackers and are often the best and final line of defense for organizations; making a focus on people, as well as more traditional layers of security and training is critical to brands today.