Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

After a Wave of Attacks, Twitter Warns Media About Security

After a series of attacks against accounts maintained by media companies, Twitter has issued a memo on security best practices and encouraged them to remain vigilant. The warning comes after several high-profile accounts were targeted by a Pro-Syria activist group, including one attack that impacted Wall Street.

After a series of attacks against accounts maintained by media companies, Twitter has issued a memo on security best practices and encouraged them to remain vigilant. The warning comes after several high-profile accounts were targeted by a Pro-Syria activist group, including one attack that impacted Wall Street.

Syrian Electronic Army (SEA) has claimed responsibility for last month’s attacks, including those that targeted three CBS News accounts. The (SEA) claimed responsibility for the messages posted on the feeds for 60 Minutes, 48 Hours and CBS Denver, which included comments that President Obama was “shamelessly in bed with Al-Qaeda” and that the CIA was arming Al-Qaeda terrorists in Syria.

Shortly after those hacks, the SEA targeted the Twitter account used by the Associated Press, reporting that there were explosions at the White House, and that President Obama was injured. As the fake news alert gained traction online, Wall Street suffered when the DOW took a 130 dip and the S&P dropped 12 points.

The SEA also targeted 11 feeds used by Britain’s Guardian newspaper. During the Guardian attack, which targeted the news agency’s book, film, photography, and travel feeds – as well as those maintained by multiple journalists – the SEA posted messages encouraging anyone who viewed the hacked communications to follow various group accounts. In their memo, Twitter said that they “believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

“These incidents appear to be spear phishing attacks that target your corporate email,” the warning reads, which goes on to encourage awareness training, password changes, and the need for email security.

“Keep your email accounts secure. Twitter uses email for password resets and official communication. If your email provider supports two-factor authentication, enable it. Change your e-mail passwords, and use a password different from your Twitter account password.”

Other advice includes limiting access to corporate Twitter accounts, and to designate a single system for access. That controlled system should also be dedicated to Twitter access, and shouldn’t be used to “read email or surf the web,” to reduce the chances of malware infection.

Time will be the only indication as to if their efforts have any impact.

A full copy of the memo is online.  

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.