Question

In: Computer Science

Were you surprised that a company as techie as Twitter failed victim to cyber security attacks?...

Were you surprised that a company as techie as Twitter failed victim to cyber security attacks? In your view, did Twitter do a great job identifying that attack? In your view, did Twitter recover form the attack in a timely manner? Please explain.

Solutions

Expert Solution

A phishing attack on twitter 2020:

It is saitthat twitter went through serious cyber attack that took place earlier in July 2020 has found that cyber attackers gained access to its systems through a well-planned targeted social engineering spearphishing attack on its own employees. The attack took place over the phone of an employee, using a technique known as vishing which is also a part of phishing, and succeeded in gaining specific employee confidentail details that which are used gain access to Twitter’s internal support tools. From there, attackers targeted higher-level employees who had access to critical account support tools.

In words of Twitter, attackers took control of 130 Twitter accounts, tweeting malicious messages from 45 of those, accessing the direct messages of users and downloading unwanted data. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to Twitter's internal systems. They specified that they have communicated directly with the impacted account owners and worked to restore access to any accounts that may have been temporarily locked during their.

In my point of view, We cannot say that it is totally Twitter's mistake inspite of handling large number of data of users the company is trying their best to provide security. But as it have the data of people who are wellknown so many attackers tend to attack and steal the information for many purposes. I think that not only organisation but also each and every employee should be responsible. They have to careful when they are sharing any data which is confidential. Such incidents will also raise concerns about its tools and levels of employee access. So it better to grant access for very limited tools which are actually required.

It is so insane that the data got caught even though there ia zero tollerence policy of misuse of these tools and credentials, and actively monitors and audits the permissions it grants. However, clearly these safeguards failed to account for malicious actors moving laterally through its systems.

Apart from this it is a good thing taht they have identified the threat fastly. That the attackers olny has gained access to 130 accounts evethough it contains some millions of accounts. It is also tough to identify the threat and where it is actually started. So I can say that thye organisation is having the greate risk identifying and mangaing system. After knowing the attack they immediatly took action and stoped the irrelevent access. They also said that they are accelerating several of their pre-exixting security workstreams and improvements to their tools.

They improved the security software and limited the access by disabling the ports which are actually causing concerns to have no attacks in future.

Thank you.


Related Solutions

Many cyber security attacks are made possible due to common weaknesses in software. The Open Web...
Many cyber security attacks are made possible due to common weaknesses in software. The Open Web Application Security Project (OWASP) publishes information to assist in the development of secure application software. Every few years OWASP publish their Top 10 Application Security Risks, along with guidance to prevent and mitigate these common development errors. Your task is as follows: 1. Browse the OWASP Top 10 web site and read the summary page for each of the top 10 application security vulnerabilities...
Prompt: You will submit your creation of a cyber-security policy. The cyber-security policy will assess how...
Prompt: You will submit your creation of a cyber-security policy. The cyber-security policy will assess how the organization will interpret security issues that occur in the workplace. The cyber-security policy will also distinguish and examine ethical issues in the workplace that pertain to social media, email, and privacy. Compose an organizational security policy that protects the confidentiality , integrity , and availability of EQUIFAX DATA BREACH IN 2017 Original Question : Prompt: You will submit your creation of a cyber-security...
describe an experience where you were a victim of bias
describe an experience where you were a victim of bias
1.Do you think cyber insurance is necessary? If a company has strong enough security policies and...
1.Do you think cyber insurance is necessary? If a company has strong enough security policies and technology-based protection, does it need cyber insurance? 2. What types of events (risks) do you think a cyber insurance policy should cover? 3. If you were an underwriter for a cyber insurance policy, and your job is to evaluate a company's security risks, what are some of the things you would look at and look for, both positive and negative.
Did you view conflict as a negative factor in a relationship? Were you surprised to discover...
Did you view conflict as a negative factor in a relationship? Were you surprised to discover that there were positive aspects to conflict? Why do you think most people view conflict as a negative? What can we do to make the positives of conflict work for us in our relationships?
If you consider the cyber security responsibilities and obligations associated with your role or a role...
If you consider the cyber security responsibilities and obligations associated with your role or a role in which you have an interest, what are the cyber security responsibilities? To what extent do they relate in some way to databases?
Were you surprised to find that water is such an important policy area in Texas? How...
Were you surprised to find that water is such an important policy area in Texas? How can you try to conserve water in your day-to-day activities?
Were you surprised that we were not better prepared for COVID-19, given what happened with SARS?...
Were you surprised that we were not better prepared for COVID-19, given what happened with SARS? Explain your answer
Tell of a cyber-security breach: What company, what happened, and what was the outcome? What are...
Tell of a cyber-security breach: What company, what happened, and what was the outcome? What are your thoughts about this security breach?
What observations did you make during this dissection? Were you surprised by any part of the...
What observations did you make during this dissection? Were you surprised by any part of the internal anatomy of the fetal pig?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT