Security

SolarWinds and Twitter’s Recent Hacks

Cyberattacks, defined as an attempt to destroy, damage, or access a computer system or network, are often perpetrated by hackers; however, they can also be orchestrated due to human error or via insider threats. Often, the term cyberattack can be interpreted in many manners as what classifies an attack versus, for example, cyber espionage, are quite similar. In recent years in the United States, two cyberattacks on organizations come to mind, the SolarWinds’ Orion breach and Twitter’s hack of several high-profile accounts; as these two businesses account for such a wide range of significant individuals, organizations, and government data stores, I believe they are certainly worth researching further.

The SolarWinds’ Orion breach, also called SUNBURST, has earned international recognition as several organizations, including many government facilities, utilized SolarWinds’ security services. The hack specifically targeted Orion, a network management product with over 300,000 customers, and was perpetrated by hackers working for the Russian SVR, also known as the KGB. The hack consisted of a maliciously altered update slipped through Orion’s backdoor. Due to several security concerns, including the fact that one of Orion’s update servers was protected with the password “solarwinds123,” the hack was quite successful and led to businesses worldwide scrambling to secure their systems and networks (Schneier, 2020).

The threat timeline for SUNBURST started on September 4, 2019, when a threat actor accessed SolarWinds. On February 20, 2020, the SUNBURST was deployed, yet it took until December 14, 2020, for SolarWinds to disclose the attack’s information to the SEC. Currently, there are multiple investigations into the hackers and those affected by the attack by both the White House and international organizations (Panettieri, 2021). The SUNBURST cyberattack could have been prevented using several security controls and methods.

 First, the fact that Orion was not open source reduced the number of eyes on the software, limiting the abilities to identify the threat through auditing to only the company’s developers. Also, a complete threat analysis of the Orion software should have been performed to accurately identify weak areas in their protective layers. As Orion was accessed by an unauthorized user, enhanced authentication protocols such as 2FA or MFA should have been implemented, as well as substantial password complexity requirements. If Orion developers and security staff were efficiently checking access and audit logs, the hack would have been identified immediately, reducing the time it took for Orion staff to correct the mistake. The above security controls would further enhance the security of the Orion software, lessening the chances that a cyberattack, such as SUNBURST, would occur. Furthermore, the above security controls would increase the incident response team’s abilities to quickly identify and correct any found security issues with the software, leading the disaster to grow to such massive status as it is currently.

Next, the recent Twitter hack on July 15, 2020, ushered in a new age of cyberattacks, as the targets in the breach were several high-profile individuals, ranging from Elon Musk to Bill Gates, and even large companies such as Apple. While cyberattacks are nothing new, never before have the targets been so well-known, not to mention the fact that the hack was so visible to the rest of the world, as it occurred on a social media site. The attack began as the hackers were social engineering Twitter’s customer service and tech support personnel; their goal was to have the Twitter employees reset their passwords via a dummy site controlled by the hackers, thus using the credentials as multifactor authentication codes. Once access was acquired, one by one, cryptocurrency accounts on Twitter began to send out fraudulent messages stating that they would give out free bitcoin, and to access it, one must simply click on a malicious link (Thompson, 2020). The messages then began to be posted fraudulently on several high-profile user accounts.

The cyberattack succeeded and led Twitter to take a harder look at how they protected their communication network. Many security controls should have been in place at Twitter to prevent such an attack, including using more advanced security protocols, mandatory employee training regards to phishing attacks, automated systems that inform Twitter’s security staff of multiple email address and password changes at a given time, and a better way to quickly shut down the service, instead of just blocking all verified Twitter accounts, such as what they did with this specific hack (Barrett, 2020).

While the human element is the weakest link in cybersecurity and one cannot always depend on, for example, a customer service staff doing the right thing, we must plan for the worst things to happen and build security protocols and policies for what to do in the event of a disaster. It seems that Twitter was running around with its head cut off, attempting to grasp the unique situation it was in, instead of following an incident response plan that they have practiced multiple times in the past. The hackers in question were Graham Ivan Clark, a seventeen-year-old from Tampa, Florida, UK resident Mason Sheppard, and Orlando, Florida resident Nima Fazeli. The hackers managed to earn around $120,000 in Bitcoin, yet the real consequences were the reduced trust in social media companies and other technology giants (Barrett, 2020). With a world run by world leaders who often use social media to convey their messages, what would have happened if instead of having Elon Musk’s account merely offer free bitcoin, a U.S. president or another government official were hacked and posted about something more serious, such as stating that the U.S. would be attacking another country in a few minutes?

References

Otero, A. R. (2019). Information Technology Environment and I.T. Audit. In Application Systems: Risks and Controls. (Fifth ed., pp. 241-264). Boca Raton, Florida: CRS Press.

Schneier, B. (2020, December 23). The US has suffered a MASSIVE Cyberbreach. It’s hard to overstate how bad it is | Bruce Schneier. Retrieved February 23, 2021, from https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols.

Panettieri, J. (2021, February 22). SolarWinds Orion security Breach: CYBERATTACK timeline and hacking INCIDENT DETAILS. Retrieved February 23, 2021, from https://www.channele2e.com/technology/security/solarwinds-orion-breach-hacking-incident-timeline-and-updated-details/.

Thompson, N. (2020, August 24). How twitter survived its biggest hack-and plans to stop the next one. Retrieved February 23, 2021, from https://www.wired.com/story/inside-twitter-hack-election-plan/.

Barrett, B. (2020, July 31). How the alleged Twitter hackers got caught. Retrieved February 23, 2021, from https://www.wired.com/story/how-alleged-twitter-hackers-got-caught-bitcoin/.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s