Late on Thursday, July 30th, Twitter posted an update to its investigation of the incident involving the takeover of high-profile accounts. Attackers targeted Twitter employees using voice phishing, known as “Vishing,” to trick employees into sharing their credentials to access the internal network of Twitter. The attack first targeted Twitter employees who did not have access to sensitive software tools needed to control accounts, and then used those accounts to find information needed to target other employees who had a higher level of access. Further phone-based phishing of those employees succeeded in gaining their credentials and access to Twitter software tools that were used to reset the passwords and change recovery email addresses for Twitter user accounts. The attackers targeted 130 Twitter accounts, tweeted from 45, accessed the direct messages of 36, and downloaded the Twitter Data of 7. Twitter said that it is in the process of changing policies and security controls to better protect access to sensitive internal tools in the future.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security