Alex Bransome, Chief Information Security Officer at Doherty Associates, experts in managing and securing cloud Services, reacts to the news that prominent US Twitter accounts have been hacked in a Bitcoin scam.
“This was clearly a targeted and co-ordinated attack on Twitter in which hackers were able to gain access to highly privileged, internal tools. These tools usually used to administer Twitter’s systems by authorised staff, in the hands of the attackers allowed them to take control of high-profile accounts.
“The attack appears to have begun with sophisticated social engineering. Social engineering is still the most common tool in the attacker’s arsenal, used to gain access into an organisation systems.
“Security at Twitter is clearly taken seriously. They have been engaged in a successful public bug-bounty program since 2014, where the security research community is invited to find flaws in its systems in return for a pay-out.
“These attackers were clearly advanced in their capability and are likely to have had inside information to support this attack. Considering the access the attackers had, and what they could have done with that level of influence on Twitter, the profile of the attacker appears to be more of an organised e-Crime group seeking quick profit via Bitcoin. Bitcoin cryptocurrency is often used in this way due to its anonymous nature.
“This is another clear example of how we as humans are still the weakest link in the security chain. Whether that is via a malicious insider leaking sensitive information to an adversary, or clicking a link in a phishing email, it is critical this area is sufficiently covered in our security programs.”
Alex is a highly experienced cyber security expert who works directly with Doherty Associates’ clients to advise on and design security solutions that protect and support their businesses. Alex consults on security governance, risk and compliance projects for clients, alongside conducting security audits and gap analysis of client IT environments. He and his team monitor client environments for security threats, support the remediation of client penetration tests, vulnerability scans, and incident activities and is continually building Doherty’s cyber security offering, keeping up to date with the latest emerging security solutions.