What the Twitter Counter Hack Means for Security Teams

On March 15th, hundreds of Twitter accounts were hijacked by Turkish speaking cybercriminals. They posted aggressive messages against the Netherlands after a contentious week of deteriorating relations between the Netherlands and Turkey and pivotal elections in both countries. The posts used swastikas and called the Dutch “nazis.” The hacks stemmed from a vulnerability in a 3rd party application, Twitter Counter, which confirmed the source of the issue later in the day.

The breached accounts included a number of global brands and well-followed, verified accounts, including Forbes, the official Bitcoin Blockchain account, Sport City Mexico, Starbucks, the European Parliament, UNICEF, Nike and Amnesty International, as well as many personal accounts. Most brands regained control of the accounts later in the day, but many were fully compromised for multiple hours. The breach happened in the early morning hours on the East Coast of the US, meaning remediation was slow and the posts were visible in Turkey, the Netherlands and the rest of Europe for the majority of Wednesday’s working hours.

Once again, hijacked social media accounts are making the front page. And this time, it’s not necessarily weak passwords that caused it. While we’ve written extensively on social account takeovers in the past, this attack is substantially different: the issue stemmed from a vulnerability in a 3rd party app, not exposure of the account credentials themselves. The takeaway? There’s a lot more ways to attack an organization via social than just brute forcing passwords.

What should be abundantly clear after this massive security incident is that social media accounts are crucial corporate assets for modern businesses. Social has long moved out of the realm of solely individual use, and businesses rely heavily on social media to advertise, engage customers, grow their brand and earn revenue. This year, analysts expect an increase of over 26% in social media marketing spend. Your social media accounts are just as critical as your website, your databases and your email server, but they’re far more vulnerable.

Like every other corporate asset, the security team needs visibility and control. Just like security safeguards the website, so too must they be involved with the organization’s social media accounts, which is increasingly where business engagements take place. As it stands now, dangerously few security teams incorporate social media and other external digital channels into their security posture, and incidents like these have huge impacts on brand reputation, customer trust and, ultimately, an organization’s ability to grow revenue from social media. If your Twitter account is important enough to get verification, shouldn’t it also be important enough to secure?

The obvious first step is to change your passwords and enable multi-factor authentication. You hear the same song and dance after every security incident like this (we literally wrote the guide!) If you don’t have basic security controls in place, you’re behind the ball when it comes to securing your social media presence. After all, this is far from the first time this has happened.

But again, this breach came through a 3rd party app, not leaked or brute forced credentials. It proves that securing your social media footprint is not as simple as changing a couple settings in your pages accounts. It’s an attack your social media manager shouldn’t be expected to thwart. Protecting your pages demands robust security controls that the networks themselves don’t offer.

In addition, threats on social media go far beyond cyber vandals guessing passwords; it spans breached 3rd party applications, malicious social engineering accounts, impersonations of brands and executives, spearphishing & targeted malware campaigns, data leakage, fraud, scams and much much more. We recommend you change your passwords, yes, but this is just a bandaid on a weakening dam. Publicly-facing account takeovers and the subsequent PR crises are only the tip of the iceberg. Forward thinking security and brand protection teams will look below the surface and recognize the full scope of the growing, dynamic risk vector at hand.

It’s also important to consider that as bad as this incident was, it could have been much worse. Obscene or hostile account takeovers by smash-and-grab propagandistic cyber vandals tend to make the most noise and get the most press, but imagine if a more seasoned, subtle and nefarious cyber criminal had the keys to your social accounts. They could easily go undetected for months, exfiltrating sensitive information from direct messages, sending well-disguised phishing links or malware exploits to followers, engaging with customers and extending their access into the corporate network. Imagine a series of DMs going out to followers asking them to reset their passwords, the redirect of course leading to a credential-harvesting phishing page. Both the company and the victim could be oblivious for a very long time before realizing the scope of the damage.

Organizations can tackle the full social risk vector by adopting brand protection techniques such as using automated software that scans social media and digital channels to find and eliminate security and business risks. At ZeroFox, we’re experts in securing social media pages, identifying threats to business, protecting brands and eliminating issues. If you want to know more about our solutions or want to prevent your business from PR firestorms after a social media breach, talk to an expert now.