Cyber criminals have succeeded in taking over the Twitter accounts of famous people like Barack Obama or Elon Musk and promoting a supposed cryptocurrency deal in order to steal bitcoins.
Twitter is now assuming a social engineering attack on its own employees, which led to the hacked accounts of Elon Musk and Co., as Dmitry Bestuzhev, cybersecurity expert at Kaspersky, had already suspected.
Costin Raiu, head of the Global Research and Analysis Team (GReAT) at Kaspersky, assesses the new findings as follows:
“Yesterday's attack is possibly one of the worst security incidents on Twitter, if not the worst. We have seen high-ranking accounts being compromised in the past, which were used for posting cryptocurrency fraud; however, this is a different caliber. For example, @Jack was attacked via a SIM card hack in 2019; US President Donald Trump's account was also deleted by a Twitter employee. However, the scale of the current attack is much larger and affects many top accounts with hundreds of millions of followers.
It appears that the incident was a one-shot event in which a certain type of access was used to enable a fast, illegal system for financial gain. At the moment we don't know who is behind this. However, the cryptocurrency-related scams could point to a criminal group seeking financial gain. Because a nation state would rather use the access to collect private information such as direct messages from people of interest.
At this point, a thorough, detailed, and public investigation would be essential to restore user confidence. An explanation of the procedure, the tricks used by the attackers and the security gaps they exploited - if this was the case - is required. Some of the information released by Twitter support indicates that the employees were attacked via a social engineering scheme. It is difficult to understand that Twitter employees do not have access that is protected by means of two-factor authentication (2FA). This raises questions about how such a social engineering attack could be successful. It would also be important to know what steps have been taken to protect the platform from future misuse in order to regain user trust.
I think Twitter will work hard to close any security gaps that may be used, so that similar attacks will be difficult or impossible to carry out in the future. "
To Kaspersky.de