On Wednesday, July 15, the Twitterverse was ablaze with what Twitter itself has described as a “coordinated social engineering attack” that was launched at around 4pm ET. The outcome of this breach was compromised Twitter accounts of many well-known people and organizations, including Jeff Bezos, Elon Musk, Bill Gates, former President Barack Obama, Joe Biden, Uber and many others. The malicious attackers had posted on these accounts that they would return double the amount of money sent to several Bitcoin addresses, duping some of their followers.
Insider Threats Are Lurking
Twitter stated that it was a social engineering attack, but let’s put that term into some perspective. There are four (4) types of insider threats that all organizations, such as Twitter, generally face.
First, there’s the malicious insider who takes advantage of their access to systems to plan an attack and inflict harm on their organization. The second type of insider threat is the complicit insider who also uses their access to cause damage and engage in the malicious activity, but may not be actively involved in the planning. It’s like a security guard at a bank who disables the alarm or opens the safe for the bad guys to grab the cash.
Next, we have the deceived insider who was duped into providing access to attackers, whether it was through a social engineering attack, malware or some other technique. Malicious hackers often perform Open-Source Intelligence (OSINT) gathering, where they choose their targets very carefully and spend time scouring social networks and other information sources to compromise them.
Lastly, we have insider threats that don’t fit nicely in th ..
Support the originator by clicking the read the rest link below.
