The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam.
The attackers simultaneously compromised Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Joe Biden, Mike Bloomberg, Apple, Uber, as well as those of cryptocurrency exchanges Binance, Coinbase, KuCoin and Gemini, the CoinDesk news site and other top crypto accounts.
Twitter reacted by locking down the affected accounts, removing Tweets posted by the attackers, and limiting functionality for all verified accounts, but not quickly enough to prevent many gullible users falling for the scam and sending money to the attackers.
“The accounts tweeted that they ‘partnered with’ a company called CryptoForHealth. The domain for this website was registered on July 15. The website itself claims that, to help with the hard times endured by COVID-19, they’re partnering with several exchanges to provide a ‘5000 Bitcoin (BTC) giveaway’ which is a ruse for advanced free fraud,” Satnam Narang, Staff Research Engineer at Tenable, explained.
This type of scam is common, but what makes this incident notable is that the scammers have managed to legitimate Twitter accounts to launch it, he notes. Because of this, users were more likely to place their trust in the CryptoForHealth website or the provided Bitcoin address.
Before Twitter locked the hijacked accounts and deleted the scammy tweets, the attackers apparently received nearly $118,000 in Bitcoin.
How have the Twitter accounts been hijacked?
As the compromised accounts began tweeting the scam in a coordinated manner, many speculated on how they attackers pulled off the massive compromise.
It soon became quite obvious that the attackers must have compromised them all from one central place.
Some users noticed that some of the hijacked accounts had been associated with one specific email address:
Yep! Crazy – looks like a full takeover/hijack pic.twitter.com/toug6PYnYr
— harrydenley.eth ◊ (@sniko_) July 15, 2020
Motherboard’s sources said that a Twitter insider (admin) was bribed or coerced to use an internal user management tool to reset the email address and password on the affected accounts. Others speculated that the attackers managed to compromise the corporate account of a Twitter employee.
Earlier today, Twitter confirmed that last speculation.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company explained.
“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
The attack points to a greater poblem
According to the BBC, the same email address that was used to register the CryptoForHealth domain was used to register an Instagram account with the same name. On it, the attackers posted a message that said: “It was a charity attack. Your money will find its way to the right place.”
Many have pointed out that, given how much US politicians depend on Twitter to keep the citizenry informed about their thoughts and actions, the attackers could have used the access to those accounts to do much more damage.
Others have posited that the Bitcoin scam was perhaps just a smokescreen:
Stage 1: Throw up simple bitcoin scam for some nice walkin-around money.
Stage 2: Exfiltrate DMs for later use in blackmail, etc. If you’re already sitting on data like OPM, etc., you have a nice amount of kompromat for leverage/profit.
— Jim Wagner (@jimwagmn) July 15, 2020
US Senator Josh Hawley demanded from Twitter more information about the hack, including and answer to the question of whether the attack threatened the security of US President Donald Trump’s account (which has not be made to tweet out the scammy message).
“The Twitter hack highlights how bad actors are using highly trafficked social media channels to wreak havoc,” noted Richard Bird, Chief Customer Information Officer, Ping Identity.
“The news of this exploit is extremely concerning as it really focuses attention on the inherent weaknesses in Big Tech security, which has been a point of focus across the country as we head into a presidential election and as we navigate the challenges driven by the pandemic. Disinformation and exploitation of supposedly trusted social media channels only amplifies the anxieties and concerns that consumers and citizens are already dealing with in this country and others.”
“Given the accounts’ relatively high profile, including that of a former US President, it’s likely that federal law enforcement and intelligence assets from both the public and private sector will be brought to bear on this very problem,” noted Kevin O’Brien, Co-Founder and CEO, GreatHorn.
“It’s highly likely that this will result in attribution, although I suspect we’ll find that this occurred from a non-US location, increasing the difficulty of apprehending the responsible parties.”
Ping Identity, the Intelligent Identity solution for the enterprise, announced the availability of PingID multi-factor authentication (MFA) in AWS Marketplace. Customers can now quickly procure and deploy PingID to secure work from home while adding an additional layer of security to their AWS infrastructure.
Ping’s Intelligent IdentityTM platform provides enterprises a digital identity solution for securely accessing services, applications, and APIs from virtually any device or location.
The PingID MFA service makes it easy for enterprises to offer strongly authenticated access to applications running nearly anywhere, in the cloud, on-premises or across hybrid IT environments.
Ping Identity is an Advanced Technology Partner in the AWS Partner Network (APN) and also achieved AWS Security Competency status. PingID complements existing AWS services to allow customers to provide a secure and seamless experience across their cloud and on-premises environments.
“Ping Identity is committed to working with AWS to address the security needs of today’s enterprises as they continue their digital transformation initiatives and migrate to the cloud,” said Loren Russon, vice president, product management and technology alliances, Ping Identity.
“Adding PingID to AWS Marketplace is another important step in helping our global customers quickly increase security at scale and enable secure work from home solutions.”
Here are a few photos from the event, featured vendors include: Tenable, Ping Identity, PKWARE, eSentire, Deloitte, Securonix, and Futurex.
Ping Identity, a pioneer in Intelligent Identity solutions, announced its continued support for enterprises in developing a Zero Trust security infrastructure with new capabilities, practical guidance, and technology integrations.
As organizations move away from a static perimeter-based security approach, they’re embracing strategies that require authentication and authorization of every user, device, and network, as well as dynamic policies that factor in numerous risk signals, and intelligent data sources.
Advanced Zero Trust features
To support organizations in their Zero Trust efforts, the Ping Intelligent Identity platform offers:
- Enhanced passwordless authentication capabilities: Enabled by support for the FIDO2 passwordless authentication flow, and an “Identifier First” adapter, users are prompted for an identifier—such as a username—which triggers user verification via push notification, facial or fingerprint check, or another non-password authentication method.
- Expanded identity intelligence: User-behavior based attack detection on APIs to block access if necessary, the ability to evaluate whether two authentication requests from different locations are possible in the time elapsed between them (impossible travel velocity), and IP address reputation assessment before granting access.
- Broadened enterprise coverage: Fine-grained control over who has access to user-related data to address data privacy challenges.
New technology integrations
ID DataWeb and Ping Identity partner to verify that users are who they say they are during device registration as part of step-up authentication and account recovery. “Continuous identity verification is an essential security component,” states Matt Cochran, VP of Product and Operations, ID DataWeb.
“Our customers need to instantly verify three aspects of their users—who they are, their physical context and their relationships. The result is that they can drive decisions for account opening, authentication or sensitive transactions.”
MobileIron and Ping Identity together offer greater context for device posture assessment and corresponding policy creation to allow or deny user access.
“With modern work increasingly taking place on mobile devices, organizations need a solution that establishes complete control over business data and supports worker productivity,” said Brian Foster, SVP of Product Management, MobileIron.
“Ping Identity provides an authentication authority, which when combined with our unified endpoint management software allows for heightened security based on a range of device attributes. The result is a more secure mobile work experience and increased productivity.”
Zscaler’s Zero Trust Network Access (ZTNA) service, Zscaler Private Access™, and Ping Identity partner to ensure that only authorized users can view and connect to authenticated private apps and data.
New integrations take this one step further, allowing IT teams to benefit from automatic termination of a user session in the event of potential security risk.
“To protect the business, security must be invisible to users and omnipresent. Traditional security methods that treat users as an IP address and rely on firewall appliances hosted in a datacenter are antiquated in today’s mobile cloud-driven workplace,” says Punit Minocha, SVP of Business and Corporate Development, Zscaler.
“We are happy to be working with Ping Identity to help protect enterprise data and enable cloud transformation by bringing together two Zero Trust ecosystem leaders built with user experience and scalability in mind.”
Ping Intelligent Identity platform enhancements accelerate enterprise digital transformation efforts
Ping Identity, a pioneer in Intelligent Identity solutions, announced significant updates to the Ping Intelligent Identity platform, including improved support for DevOps, multi-cloud automated deployment, as well as secure user authentication experiences that are designed to safely eliminate the use of passwords.
These new capabilities broaden Ping Identity’s solution reach across enterprise digital transformation efforts with cloud options spanning public cloud, private cloud or a multi-tenant Identity-as-a-Service.
Docker images and kubernetes orchestrations: Solutions within the Ping Intelligent Identity platform are now available as Docker images and Kubernetes orchestrations, allowing customers to quickly deploy multiple Ping solutions as pre-configured bundles.
The automated deployment of these solutions support DevOps workflows and multi-cloud deployment across the growing list of cloud providers that support Docker and Kubernetes.
These new deployment options provide extremely fast time-to-value for IT teams tasked with infrastructure management, and can enhance security and reliability by reducing the risk and cost of inconsistent configurations.
Hosted private cloud
Dedicated cloud environment: As enterprises progress on their cloud transformation journeys, some are choosing to outsource IAM infrastructure management to improve efficiencies and lower costs.
PingCloud Private Tenant provides just that through highly configurable authentication and directory tools, combined with concierge support options in a Private Cloud solution hosted and managed by Ping Identity.
PingCloud Private Tenant provides customizable security and control in a Private Cloud, including data isolation to help ensure global organizations remain compliant and a step ahead of regulatory requirements.
Cloud service customization: PingOne for Enterprise provides a multi-tenant cloud solution that is fast and easy to setup and manage, and now provides additional branding and customization options to present a more seamless user experience.
Expanded global reach: As demand for PingOne for Customers grows, Ping has responded by expanding its deployment to its data center in the Asia-Pacific region to improve performance and address regional data compliance needs.
Passwordless with FIDO: Ping Identity expanded use cases for passwordless authentication with the additional support of the FIDO2 standard.
FIDO2 support within the Ping Intelligent Identity platform enables passwordless authentication with Windows Hello, enhancing end user experience and reducing the chances of security attacks or passwords being compromised.
“Enterprises today find themselves at various stages of digital transformation, which require flexible and agile identity solutions that satisfy cloud your way,” said Loren Russon, vice president, product management, Ping Identity.
“At Ping, we’re dedicated to providing our enterprise customers the customizable cloud solutions they need to achieve their modernization initiatives.”
Ping Identity, a pioneer in Intelligent Identity solutions, highlights the appointments of Yancey Spruill and Lisa Hook to its board of directors prior to its recent initial public offering. Yancey Spruill is an experienced executive in the technology sector, and currently serves as the chief executive officer of DigitalOcean, a privately-held cloud computing company. Prior to DigitalOcean, he also served as the chief financial officer and chief operating officer at SendGrid a cloud-based email communications … More