Segun Atanda/

After hackers breached the Twitter accounts of the Presidential candidate of the US Democratic Party, Mr Joe Biden, along with those of other recognizable public figures, executives and celebrities, a security monitoring organization has told NewsmakersNG how to prevent such attacks.

CyberLAB, an organization leading the revolution in threat intelligence in Africa offers solutions that should serve as a guide and be adopted for various organizations and their executives who are facing severe reputational damage and financial loss through unauthorized access into their social media account that could be used to plan and perform large scale cyber-attacks, fraudulent activities, and phishing among others.

Twitter was thrown into chaos on July 15, 2020, after accounts for some of the world’s most recognizable public figures, executives and celebrities started tweeting links to bitcoin scams. Twitter revealed that the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools.

In July 15th, 2020, world’s most recognizable public figures, executives and celebrities were victims of a Twitter account takeover. The breached Twitter accounts were observed to be all verified twitter accounts with over 10million followers each below is a table showing the compromised accounts and their handles.

The accounts were seen tweeting similar messages about giving back to the community which required individuals to make payment to specific bitcoin accounts and get double the amount back within a stipulated time frame.

Two bitcoin wallets were identified to have been used in the attack.

Within 24 hours, the account has processed 380 transactions and received almost 13 bitcoins or approximately USD $117,079.

A statement released by Twitter support disclosed the incident was due to a coordinated social engineering attack, which targeted some of its employees with access to internal systems and tools.

Insights gotten from other posts related to this breach inferred that the Twitter employee whose access was breached might have been bribed (not verified) by hackers to give access to the internal panels.

A hacker who went only by “Kirk” was identified as the central player. They also suggested that Kirk initially gained access to Twitter’s admin panel by first getting into a Twitter employee’s Slack account. More details are sure to come out in the coming days. The FBI is investigating, and Twitter has said it would share the results of its ongoing investigation when received.

There is also SIM Swap group Attack in this case.

SIMILAR ATTACKS IN NIGERIA

CyberLAB has observed an increase in cyber-attacks on organizations and its executive’s social media accounts in Nigeria. In June 2020, the firm identified five takeover cases of Nigerian Enterprises.

Ramon Abbas aka Hushpuppi, a recently arrested suspected Cyber-fraudster.

According to the experts, this type of attack usually involves several attempts by malicious actors to guess the password of the particular social media account or the use of orchestrated social engineering activities to obtain social media passwords.

CyberLAB could also verify there is an increase of chatter in SIM SWAP NIGERIAN underground groups.

Once one of the methods is successful, the attacker proceeds to change details of the account in order to prevent the victims from taking back the control of their accounts.

Attacks like this if successful can cause severe reputational damage to the affected organization and financial loss to unsuspecting victims. Unauthorized access to any organization or VIP’s social media account can also be used to plan and perform large scale cyber-attacks, fraudulent activities, phishing, etc as can be seen in the Twitter incident.

RECOMMENDATIONS

Below are some recommendations which have been inferred from similar attacks in Nigeria, which should serve as a guide and be adopted for various organizations and their executives.

➢ The use of a strong password for accounts

➢ Organizations should manage separate passwords for each social media account

➢ Organizations must ensure implementation of multi-factor authentication on social media accounts

➢ Use of password managers to store passwords and do not store passwords in clear-text.

➢ Use a dedicated SIM card that belongs to the organizations for multi-factor authentication, not use personal SIM card.

➢ Password reset email in use should be company email not personal email

➢ Awareness should be done for all PR and corporate communications teams to ensure they are aware of such attacks

➢ The organization should be notified as soon as possible when password reset emails are received, monitor email password reset alerts

➢ Subscription to a threat intelligence service that covers brand protection which includes (Impersonation, typo-squats, positive and negative mentions on social media, etc.)

CyberLAB’s mission is to monitor and alert users of immediate risk using a tactical approach that involves the gathering of massive amounts of data using various sources such as publicly available web-references, social media channels, and the deep dark web using a wide range of honey-pot techniques. CyberLAB Africa is modular and supports both large and growing companies requiring threat intelligence services.