The breaches into the Twitter accounts of the powerful and famous is yet another indication that all that cyber security still sports vulnerabilities.
It’s all about viruses these days. Just when we thought COVID-19 was the main threat, social media steps up to remind us that it too is a source of critical infection. No one is immune…
From presidents and philanthropists to innovators and industrialists, a massive attack was launched this week on prominent Twitter accounts as part of a colossal cryptocurrency scam. Having gained access to a number of high profile verified accounts – Presidents Trump and Obama, former Vice-President Joe Biden, Bill Gates, Elon Musk and Kanye West – the hackers began sending tweets on Wednesday afternoon offering to double the amount of any bitcoin payments sent to their respective addresses.
This created a “tweeting frenzy”, and the association with the most powerful Twitter accounts in the US could only have served to give the perpetrators of this scam the kudos they were looking for. The Twitter community reacted… and with dangerous results.
Whilst Twitter sought to take control, these hacked accounts were rendered “mute”, unable to respond. The “land of free speech” had seen its most powerful and vocal citizens silenced and become a “country of censorship”.
Exposes inbuilt chinks all over again
This incident raises some big questions for all users of social media platforms. First, how could this have happened?
Twitter Support is reported to have commented in one tweet that this was a “co-ordinated social engineering attack executed by people who successfully targeted some of our employees with access to internal systems and tools”.
Conclusions? Clearly, a potential for breach or vulnerability in Twitter’s own systems and security protocols exists. Second, a presence of some in the company’s workforce who were prepared to be involved in collusion for reward? Worrying!
Investigations are underway, so it would be too inappropriate to speculate. But it is likely a combination of many “e-exposures” led to this highly unfortunate incident for which Twitter may continue to pay a price.
So, what was the impact? From a measured perspective, in the four hours the tweets remained live, the Bitcoin wallet being promoted received deposits totalling in excess of $100 million and spread over approximately 300 transactions.
However, these numbers only equate to the hard – or tangible – spoils enjoyed by the hackers and are not the end of the story. What about the damage done to the reputation of Twitter to keep its user community safe, a reduction in user confidence, the downtime while fixing the gaps, and investigating how this could have happened?
Further, what about its victims who doubtless suffered loss of reputation through being unable to respond on the platform while their accounts were hijacked – not once but twice? (First by the hackers and second by Twitter’s security team who shut the accounts down.)
Let’s talk defence
It’s clear cyber crimes are on the rise and the unscrupulous will seek to profit using the backdrop of COVID-19-chaos. That’s why there has never been a better time to protect ourselves – and our businesses – from such “invisible” infections.
Cyber insurance is readily available… but still a highly under-utilised protection product. Offering affordable assurance against potentially enormous financial exposure, such policies can cover risks such as business interruption losses caused by a hacking, ransomware, malware or virus attack that prevents an organisation or individual from trading.
It will also apply to business interruption losses and any costs to minimise a cyber extortion threat (i.e., where a third-party has stolen data and now threatens to restrict or deny your service). Plus costs related to restoration of data that has been accidently deleted, destroyed, corrupted or encrypted by a virus, ransomware or hacking event.
Critically, in the Twitter scenario, your liability for losses caused to third-parties through transmission of any virus/ransomware/malware is covered, as well as liability for the loss or manipulation of personal data or the breach of privacy legislation anywhere in the world. Many policies also provide the services of a specialist IT forensic team to assist in the event of a cyber loss or attack, helping both the insured and any affected third-parties stop the ongoing effects of the effect and investigate what happened.
For any virus, there’s usually a vaccine. And for cyber the cure could be a good insurance policy and a sound risk management programme. Let’s hope Twitter had the immunisation of insurance.