Kaspersky comment: Twitter hack
July 2020 by Costin Raiu, the director of GReAT at Kaspersky
Following the news earlier this week that Twitter Confirmed it was Hacked in an Unprecedented Cryptocurrency Scam, Costin Raiu, the director of GReAT at Kaspersky provides comment on the incident:
“The attack that happened earlier this week is possibly one of the worst security incidents at Twitter, if not the worst.
We have seen compromises of high profile accounts in the past, which were used to post cryptocurrency-related scams, but they pale in comparison to this one. For instance, @Jack was hacked in 2019 through SIM-swap attacks, and president Trump’s account was deleted by a Twitter employee. Yet, the scope of the current attack is much larger, affecting many top accounts, with hundreds of millions of followers combined.
It appears that the incident was a one shot event, in which a certain type of access was leveraged to facilitate a quick, illicit scheme for financial profit. For now, we do not know who was behind it, however, the cryptocurrency-related scam would suggest a criminal group, driven by financial profit. A nation state would instead use their access to collect private information, such as DMs from persons of interest, rather than high ranking company accounts.
At this point a thorough, detailed investigation, made public in the form of a report, would be essential for regaining user trust. An explanation of the breach step by step, what tricks the attackers used and the vulnerabilities (if any) they exploited, are needed. Some of the information posted by Twitter Support indicates that their employees have been targeted in a social engineering scheme; it’s hard to fathom that Twitter employees wouldn’t have their own access protected by 2FA, so this raises questions about how it would be possible for a social engineering attack to succeed. Last but not least, what steps have been taken in order to secure the platform against future abuses would be essential to regain user confidence.
I believe that Twitter will work hard to close any security gaps that might have been used, making similar attacks really hard, if not impossible, to execute in the future.”