The need to safeguard data and networks has never been more critical with cybersecurity threats evolving both in sophistication and scale. According to a 2019 survey of hackers and cybersecurity professionals attending the Black Hat Conference, service accounts are targets because hackers can easily lift privileges and gain access to sensitive information.
Despite the obvious threat, one in three security professionals indicate that service account passwords are changed only after an incident or never rotated. Both hackers and security professionals agree that the best ways to protect a service account from compromise is by removing unnecessary service accounts, rotating credentials frequently and monitoring all privileged account activity to detect suspicious behaviour.
Joseph Carson (thycotic.com) reports that the biggest social media hack of 2020 occurred on 15 July with a tweetstorm targeting Twitter’s high-profile corporate executives, celebrities, and world leaders. These executives became the victims of account hijackings which resulted in unauthorised tweets generated from their accounts that could potentially have reached more than 360 million Twitter users.
“Kanye West, Elon Musk, Presidential Democratic Candidate Joe Biden, Michael Bloomberg, and former President Barack Obama all had unauthorized tweets sent out claiming they were giving away some of their wealth, and anyone who sent bitcoins to the specified BTC wallet would get their funds matched.” Carson reports that more than $100,000 USD was sent to the BTC wallets in the first few hours of the tweets.
Jack Dorsey, co-founder and CEO of Twitter, responded to the attack by saying that security experts are considering a variety of theories of what might have transpired, including SIM swapping, social engineering, a sophisticated nation-state attack, cyber mercenaries, or malicious insiders.
It is likely that the financial fraud component was not the main motive and could have been a ploy to demonstrate the cyber criminal’s ability to compromise high profile Twitter accounts. It is possible that an employee with an administrator role was targeted by a spear-phishing scam to steal their credentials. This is a common criminal hacker technique widely deployed today.
Carson says that “This incident is a great reminder of the importance of the principle of least privilege, sometimes referred to as zero trust”. Regardless of whether that access is at the authorization/administrative level or provides access to sensitive data, all employee access should be considered privileged access. Thus, all security controls must be improved to prevent abuse from both external and malicious insiders. When it comes to access, companies should ensure that employees have the least level of privilege, but still be able to complete their tasks.