Back to blog

Give $1000. Get $2000. Did the Insider Threat Strike Again?

July 20, 2020
Did you fall for it? After all, it looked very credible. Seeing a tweet from Elon Musk’s verified account on July 15th claim, “Everyone is asking me to give back, and now is the time. You send $1,000, I send you back $2,000.” This came soon after reports came out about Musk climbing up the list of wealthiest people in the world and Tesla’s stock continuing to climb. That blue check mark carries a lot of weight. It made me pause for a minute. “Is he actually offering this? That’s crazy,” I thought. Then I went about my day, realizing I was never going to be a bitcoin millionaire anyway. That’s when the news reports started to surface about the Twitter accounts of high profile business leaders, politicians, celebrities and company accounts being hacked. Similar tweets were sent by the verified accounts of Barack Obama, Jeff Bezos, Joe Biden, Kanye West, Apple and others. It became apparent that this was not a philanthropic movement or an ingenious marketing effort to promote a new bitcoin service. Instead we were witnessing a cyberscam unfold right before our eyes. Of course, that’s just what we saw. There are concerns that the hackers were after much more than just bitcoin payments. They gained access to some of the most sensitive Twitter accounts, including all of the direct messages on those accounts. Considering they included a former President and top executives, there’s much more at stake. Twitter announced that same night that the cyberscam was likely “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” It will take some time to determine exactly what happened and whether a phishing scheme was used to gain access to the key applications or if it was something even more nefarious – an employee was paid to provide credentials so they were able to sign into the various Twitter accounts. Once the hacker gained access to the employee accounts, the cyberattack became an insider threat. For all intents and purposes, the applications don’t detect a threat because they most likely had the correct user names and passwords to log in. So now Twitter has to start examining employee logs, email and phone records to uncover what happened. This attack reinforces how no one is safe, whether data is exposed inadvertently or part of a malicious breach. The inside threat is real. But what if they had a solution at the application level that would monitor for high-risk activities and provide a complete audit trail? Click here to learn more.