It has been reported that attackers, in the most recent incident, launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims.
However, Ilya Sachkov, the CEO of threat intelligence firm Group-IB, believes that the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.”
“This could have ended far worse, affecting the stock market heavily or even resulting in a geopolitical catastrophe. This is the least they could have done with the God-mode access they had.”
Likewise, James Carder, the Chief Security Officer and Vice President of LogRhytm Labs, said that amid international efforts to contain the coronavirus outbreak, hackers are “quickly taking advantage and exploiting the uncertainty of this time” for their financial gain.
According to experts, @Twitter should take urgent measures to avoid a black swan scenario by reconsidering on how its employees access accounts, reports @conexiondigicol https://t.co/RUJocIjk1d — Cointelegraph (@Cointelegraph) July 21, 2020
Carder said that experts need to evaluate how the attack was possible and pointed out the need to strengthen social media platforms in terms of privacy.
“This hack also brings into concern why — in the first place — Twitter granted its employees with the functionality to tweet on behalf of their customers. It is clear that social media organizations need the ability to manage accounts, and particularly the ability to take down offensive or inappropriate content, the employees should not have access to post an entirely unique Tweet on a user’s behalf. This points to a likely case of too much functionality available in the platform and not enough robust controls.”
Brett Callow, the threat analyst at malware lab Emsisoft, said that the subsequent security efforts are taken by Twitter likely aren’t enough to preclude the possibility of another such incident in the future.
Thus, Callow concluded:
“While Twitter will no doubt work to improve its security, the fact is that there is no completely sure-fire way to prevent account take-overs and similar incidents will almost certainly happen again, though hopefully not on this scale.”