"Twitter hackers could have done more damage, but wanted a quick buck."
Comment from Liviu Arsene, senior digital threat analyst at Bitdefender
The spectacular attack on prominent Twitter accounts, which are very likely to be secured by two-factor authentication, can only point to a coordinated cyberattack on the employees and systems of Twitter. It can be assumed that the attackers exploited the home office context: Employees are much more likely to fall victim to fraud and spam e-mails, which then compromise devices and ultimately also company systems.
The Twitter breach could be the result of a spray-and-pray spearphishing campaign that cybercriminals successfully pulled off. And: It could be that the dubious fame for the “Hack of the Year” goes to Twitter. Because the attackers could probably have caused far greater damage. Instead, they tried to monetize the attack immediately. With the simple Bitcoin fraud, the hack should bring in money quickly - the situation is completely different with sophisticated attacks by groups that quietly pursue long-term goals with advanced persistent threats (APTs) in highly coordinated and sophisticated operations.
If these assumptions are correct, the general outlook for companies is bleak. Then it is likely that cyber criminals will damage even more companies than before by phishing inadequately protected employees. According to our surveys, half of the companies had no plan at the beginning of the pandemic to carry out the sudden migration of employees to the home office, the conversion of the infrastructures to remote work and the accompanying IT support. As a result, we are likely to see or discover more data breaches that either take advantage of employee negligence or misconfigurations of the infrastructure during the transition.
Large organizations may have strong security measures placed on the borders of their network. But it is to be feared that attackers are exploiting the weakest link in the cybersecurity chain: humans.
To Bitdefender.de