For years, experts have been trying to beat it into companies’ and individuals’ brains that cyberattacks can happen to literally anyone, and the Twitter hack from July is Exhibit A for this argument. A dozen celebrities had their Twitter accounts hijacked after hackers gained access to Twitter’s own system using a sophisticated social engineering attack, according to cyber analytics firm CyberCube. Estimates suggest that more than $100,000 was lost by people sending bitcoins in response to fake messages from celebrities offering to double their money.
This hack was made that much easier due to the situation that was brought on by the coronavirus pandemic. Darren Thomson, head of cyber security strategy for CyberCube, spends a lot of time on the dark web pretending to be a criminal and talking to cybercriminals, and he says that the rumour on the forums is that the attack was made partly easier because Twitter employees are working from home and therefore not complying or being subjected to the same degree of governance and compliance as perhaps they would be if they were in their offices.
However, the Twitter hack is also the result of several other trends in cybercrime coalescing into one event.
“For a while now, we’ve seen a trend towards the idea of socially engineering attacks, so using social engineering techniques – impersonation being one of them – to fool people online into doing things they shouldn’t do,” said Thomson. “This [hack] is a clever, if not sophisticated, way of doing that.”
The second trend at work in the Twitter incident is the exploitation of the fact that people use social media today for things the platforms shouldn’t be used for, such as communicating valuable personal information.
“One of our pieces of advice coming out of this is, do not use social media to conduct any of your financial transactions,” said Thomson. “This is an example of people being compelled to send bitcoins to bitcoin wallets via social media. That’s just a bad idea, but there are plenty of people in the world that don’t see that, so we expect that trend to continue.”
Social media is, after all for many people an important channel where they get their news, connect with colleagues and friends, and, sometimes, spend an unhealthy amount of their time. Meanwhile, there’s also been an increase in the use of social media as a result of people being locked down during the coronavirus-related shutdowns.This has laid the groundwork for criminals to be able to successfully trick people into sharing data or access they shouldn’t be sharing.
The Twitter hack isn’t the only cyber incident that has come out of the pandemic. In fact, Thomson noted that there has been an increase in just about every facet of cybercrime that CyberCube tracks, such as malware infections, phishing, and others. The firm estimates that there has been around a 30% uptick year-on-year in all the subcategories of risk since the beginning of the pandemic.Moreover, that increase has been roughly double what CyberCube would normally expect to see year-on-year.
Companies especially need to be vigilant in this high-risk cyber environment, especially as one particularly costly component of cyberattacks has likewise evolved in the past year.
“The trend is now that cyber criminals have realized that demanding a ransom of a consumer valued at $300 to $1,000 is hard work when compared to putting in a bit more effort … and holding a corporation ransom as opposed to an individual,” said Thomson.