Twitter To News Outlets: More Takeovers Ahead

  /     /     /  
Publicated : 22/11/2024   Category : security


Twitter To News Outlets: More Takeovers Ahead


Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?



Twitter this week warned news and media outlets to expect ongoing attempts to take over their Twitter accounts and offered detailed guidance for how businesses could improve their security posture.
There have been several recent incidents of high-profile news and media Twitter handles being compromised. We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers, read a memo distributed this week by Twitter and
reprinted by Buzzfeed
.
Twitters security outreach campaign comes in the wake of the Syrian Electronic Army this week compromising more than a dozen Twitter accounts
maintained by the
Guardian
to decry its lies and slander about Syria. That followed the hacktivist group last week compromising multiple Associated Press accounts and issuing a hoax tweet claiming that
explosions at the White House
had injured President Obama. The tweet led to a brief downturn in the stock market. The groups previous Twitter account compromises have affected Al-Jazeera English, BBC, CBS, France24, National Public Radio, Reuters and Sky News.
How does Twitter recommend that businesses at high risk of having their Twitter accounts compromised -- by a hacktivist group thats strongly aligned to Syrian President Bashar al-Assad, or anyone else with a grudge -- protect themselves?
For starters, it recommended employee training, pointing out that recent account takeovers appear to be spear-phishing attacks that target corporate email. Thus it recommends that businesses promote individual awareness of these attacks within the organization. In other words,
train your employees to recognize fake emails
.
[ Two-factor authentication is a step in the right direction, but its just a start. Read
Twitter Two-Factor Authentication: Too Little, Too Late?
]
Twitter also recommends that businesses set a randomly generated password thats at least 20 characters in length, to never distribute passwords via email, use
password managers
, regularly change passwords and also ensure that all authorized applications that are allowed to access a Twitter account are recognized. It also recommends tying the Twitter account email to an email system that
uses two-factor authentication
-- be it Gmail, Hotmail or a corporate email system -- to make it harder for attackers to use password resets to gain control of accounts.
Finally, Twitter also suggested that high-risk businesses consider setting aside one computer for tweeting and little else. Dont use this computer to read email or surf the Web, to reduce the chances of malware infection, Twitter recommended. This helps keep your Twitter password from being spread around.
Twitters guidance to businesses aside, is there more that the company could do to protect its users? Notably, Twitter is reportedly
beta-testing two-factor authentication
for its site. But two-factor authentication wont protect Twitter users from having their credentials intercepted via malware or phishing attacks. Thats why many security experts have been
calling on Twitter to put more robust defenses in place
for blocking account takeovers -- for example, by taking a page from Facebook and allowing users to register machines as trusted, or requiring additional login credentials when someone tries to access an account from a new geographic region for the first time.
Twitter may also need to begin encrypting the session tokens it issues. Not all account hijacks are based on phishing and spear-phishing. Sometimes tweets are sent out because an unencrypted session is hijacked and while this may not be the case in this instance, its sometimes convenient for service providers to assume that security breaches are the fault of the user, said David Harley, senior research fellow at security firm ESET, in a
blog post
.
There are limits to what Twitter [or the user] can do about this issue, Harley added. However, the risk can be reduced by browsing from VPN connections and/or accessing sites via SSL, but thats not always convenient. What might also help is not having a Twitter account running permanently in the background, but that may not be convenient for many Twitter users either.
People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital
How Hackers Fool Your Employees
issue of Dark Reading: Effective security doesnt mean stopping all attackers. (Free registration required.)

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter To News Outlets: More Takeovers Ahead