FEATURE: BLOCKCHAIN
Sam Humphries, Security Strategist
at Exabeam
“Once we became aware of the incident,
we immediately locked down the affected
accounts and removed Tweets posted by
the attackers.
“We also limited functionality for a much
larger group of accounts, like all verified
accounts (even those with no evidence of
being compromised), while we continue to
fully investigate this.
“This was disruptive, but it was an important
step to reduce risk.”
Experts from within the cybersecurity
industry commented on the subject.
Max Heinemeyer, Director of Threat
Hunting at Darktrace, said: “There is strong
evidence to suggest that the attackers
gained access into Twitter’s back-end
systems, theoretically granting them access
to any twitter account.
“The hack used automation, was wellorganised
and targeted selected accounts
for maximum impact. The money is already
being moved from the initial Bitcoin wallet to
make tracking harder.
“These perpetrators may be financially
motivated and conducting a smash-andgrab
attack, but that does not mean the
damage done ends with the Bitcoin scam.
While Twitter put all hands-on-deck to deal
with prominent individual’s accounts, it is
unclear what other nefarious activities the
attackers have done behind the scenes.
“We can expect to see assaults of this kind
become the ‘new normal’. The story is far
from over.”
Sam Humphries, Security Strategist at
Exabeam, said: “Almost all of the huge
breaches we see in the news involve
attackers leveraging stolen user
credentials to gain access to sensitive
data. Insiders with access to privileged
information represent the greatest risk
to a company’s security.
“The rapid shift in workplace practices
during the current pandemic has been
a steep learning curve for even the
largest, most sophisticated security
organisations, and we’ve seen a
resurgence in social engineering-based
threats looking to take advantage. Sadly,
this is unlikely to be the last time we’ll see
the consequences of a failure to adapt
security operations to mitigate the new
wave of risks that lockdown and remote
working has brought – whether that’s
remote workers using unsecure
technology at home, or insiders working
away from the corporate environment
who may be more susceptible to bribery.
56 INTELLIGENTCIO www.intelligentcio.com