The tweet was alarming: The Associated Press reported an explosion at the White House that injured President Barack Obama. In the wake of the Boston Marathon bombings just over a week earlier, the country was already on edge, and after the Associate Press tweet, the stock market took an immediate hit, dropping about one percent in minutes.
It didn’t take long for one of the AP’s writers to dismiss the report on her own personal Twitter feed, noting that the official AP account had been hacked and would be suspended until the problem could be rectified. While everyone who saw the message was relieved, the incident highlighted a growing problem in the world of cyber security: spear-phishing attacks designed specifically for the popular micro blogging site Twitter.
A Not-So-Funny Joke
Twitter has long been a target for pranksters who gain unauthorized access and wreak havoc on established accounts. For example, a few years ago, hackers accessed the Burger King Twitter feed and changed it to McDonald’s. The change was confusing to users — and irritating to both fast food giants — but largely innocuous.
However, the new breed of Twitter attacks is far from amusing. Capitalizing on users’ ability and desire to share everything from pictures of their cats to inspirational quotes to links to major news stories, cyber criminals are targeting popular feeds with millions of followers to spread their malware. They are counting on the fact that most people follow people that they trust on Twitter, and will be willing to click on links in their tweets.
In the case of the AP, experts believe that the criminals responsible for the fake White House bombing tweet actually have significant access to the AP network, thanks to previous spear-phishing attacks on individuals in the organization. By sending an individual reporter or employee an email or message via social media that included a link to malware, the responsible party was able to gain access to the AP network and log-in information for the media giant’s Twitter feed. This has other organizations concerned, because no longer are hackers simply looking to steal data and sell it to the highest bidder; they are using tools to create mass panic and destroy reputations.
Twitter Spearphishing – How It Works
Twitter malware uses a very specific type of attack called the Man-in-the-Browser (MitB) to spread infection. In the simplest terms, when a user clicks on a link from a Twitter feed, perhaps purporting to be an embarrassing video about a celebrity or a juicy piece of gossip, the link leads to a site that immediately infects the user’s PC. The malware injects JavaScript code into the user’s Twitter account that collects the authentication tokens. These tokens allow the malware to make calls to Twitter’s API, and cybercriminals to tweet on the victim’s behalf. Those tweets generally contain more links to the malware site, thereby quickly and effectively spreading the malware.
As if that isn’t bad enough, the malware doesn’t limit itself to collecting only social media logins. It collects all log-in information, meaning that financial and other personal data is also at risk.
How to Protect Yourself
Again, because most people trust those that they follow on Twitter, they never suspect that a link in a tweet could be a nasty virus — why would a major corporation or someone like Lady Gaga send out something harmful? It also doesn’t help that Twitter’s 140-character limit means that most URLs shared on the site are shortened, making it nearly impossible to identify a malicious link by sight. As a result, this type of spearphishing attack creates vulnerabilities that can harm both your reputation and your bottom line.
To avoid such problems, take steps to protect your network from Twitter-based spearphishing attacks. Specifically, one of the best strategies is a strong virus protection program that automatically updates to address emergent threats and protect endpoints. In addition, training and education is a key to avoiding security breaches; learning to identify the signs of an attack, and being cautious about clicking on links can help prevent disaster.
Some security experts are calling for Twitter and other social media sites to develop two-factor authentication protocols to help protect individual accounts against spearphishing, hacking and other unauthorized access. But until that happens, it’s up to users and network administrators to take steps to protect their own feeds.
