The Now Famous Twitter Attack: How to Protect Your Firm Against Spear Phishing

On July 15th, Twitter announced that it had detected a security incident which targeted a small number of its own employees through a phone spear phishing attack. The attack relied on a significant and concerted attempt to mislead certain Twitter employees and exploit human vulnerabilities to gain access to internal systems.

Using the credentials of employees with access to administrative tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. Twitter has communicated directly with the impacted account owners and worked to restore access to any accounts which may have been temporarily locked out during its remediation efforts.

Recommended security remediations if you have a Twitter account:

• Twitter will notify you if your account was compromised. If your data was compromised in the breach, be aware that you may be susceptible to an increase of phishing and social engineering attacks.
• Ensure multi-factor authentication is enabled on all accounts, especially financial and health care accounts.
• When logging into your account, check the last login time. If its suspicious, contact Twitter support.
• If you wish to stop using Twitter, contact Twitter support to delete all information stored within its system.

How to protect your firm against spear phishing attacks:

1. Use a strong spam filtering system with your email. At Abacus, we utilize Proofpoint as one facet of our multi-layered security approach in protecting our clients.
2. Require all employees to go through cybersecurity awareness training and conduct periodic phishing tests to ensure everyone is staying alert. At Abacus, we provide clients with annual cybersecurity awareness training and phishing campaigns through KnowBe4. All Abacus employees also undergo similar KnowBe4 training exercises.
3. Ensure your IT systems are undergoing periodic penetration tests. At Abacus, we perform several dedicated penetration tests on our systems each year, conducted by third parties. We are currently in the process of participating in our second of three penetration tests for 2020. Due to the current rise in social engineering attacks, we’ve featured this tactic as part of our ongoing engagement. We post penetration test results to the Abacus Client Portal, and results of this second test of the year are expected to be available to clients on the Portal later this quarter.

Additional insights and reference on this topic:

• Twitter: An Update on Our Security Incident
• Proofpoint: Spear Phishing Attacks
• KnowBe4: [Heads Up] Twitter Employees Fall for Social Engineering Attack And The Bad Guys Get "God Mode"