Security experts question, among other things, why the social network maintains the ability of employees to control user accounts.

Twitter has suffered the biggest glitch in its history in the form of an attack on high-profile accounts that has ended with more than $ 100,000 swindled into Social network users and internet security once again at stake.

It has also opened various questions in the last days. How did the attack take place? Are online tools safe? Is it possible to defend against these types of attacks? Is there total security?

«The hijacking of accounts on Twitter have raised questions about how something like this could have happened to the popular platform and who could have been the real target,» says Ben Carr, CISO of Qualys. «Many users of social media platforms wonder if their own accounts are secure.»

«Initial information seems to indicate that the gap was based on a hacker using social engineering to gain access to internal systems through an employee account . The hacker used this account to access an administration tool within the Twitter system that allowed him to take control of the user’s accounts and block them so that they do not access or modify their own accounts, «he explains. Carr.

«We know what happened» as a result of the attack, «but to answer how it could have happened, it will take more time before all the details can be confirmed,» continues this expert.

Something true is that «very few organizations still operate critical systems and access those systems without multi-factor authentication. At the same time, these organizations are not taking basic hygiene seriously and are patching systems that are known to be vulnerable, «ugly Ben Carr.

«If the initial reports are true, then we also know that Twitter has the ability and the tools to allow employees to take over accounts and tweet on their behalf. This may be one of the most worrisome revelations that have come to light, ”he denounces. «Why would Twitter maintain the ability of employees to control user accounts and why would it have on staff someone who has previously used this ability internally? «.

In the face of new questions, David Higgins, Technical Director of CyberArk in EMEA, goes beyond the supposed “success of social engineering carried out by people with privileged information”.

It seems that «more ‘traditional’ methods have been used to ‘buy’ internal cooperation and access to the administration tool, which allowed the acquisition of high profile accounts,» he indicates. Higgings, which «demonstrates that hackers will always target the privileged access and rights of an organization’s internal staff.»

«In some cases this occurs through identity theft, but it is possible that, in this case, we see an example of malicious internal personnel «, highlights the CyberArk manager.

«The lesson we must learn is that this demonstrates the importance of using strong controls and monitoring those users who have privileged access to key systems and services . It is a clear reminder of why social networks , which have become a crucial means of communication, should be treated by companies as critical infrastructure and secured as such » , incide.

«In this case it was something like ‘take the money and run’, an attempt to generate money quickly. But it could have been much worse. For example, if it had happened in the middle of the next general elections in the US and the account of one of the candidates had been compromised, what could be the potential damage of a single tweet? ”Asks the Qualys CISO. .

«Social media platforms have a high responsibility in guaranteeing the security of the system to protect the integrity of the speech» , adds Ben Carr, although «it is also everyone’s responsibility to think that If something seems too good to be true, it may be a trap. »

Chain of reactions

Dmitry Galov, security researcher at Kaspersky, remember that» no website or software is totally immune to Viruses, like humans do not stop making mistakes «, which means that» any native platform can be compromised «or that» even people with technological knowledge can fall into the traps of scammers «.

Furthermore, the popularization of remote working opens the door to new incidents. Liviu Arsene, Senior Global Cybersecurity Researcher at Bitdefender, warns that «the vulnerabilities» inherent in the «current teleworking model, in which employees are more likely to become victims of scams and dangerous emails that manage to compromise their devices and, as a consequence, the company’s systems ”.

Not surprisingly, the human component remains the weakest link in the security chain . The lesson learned is that Internet users must become aware, learn to recognize scams and apply at least two-factor authentication as a basic protection measure.