abney associates hong kong cybercrime reports
Twitter has sent messages to news organisations warning them about future attacks and providing them with a list of security tips, in the wake of a slew of account hijacks.
But analysts are not wholly impressed with the micro-blogging firm’s attitude to security.
The Syrian Electronic Army has been causing carnage on Twitter of late, hacking accounts belonging to prominent media bodies, including AP, the BBC and the Guardian.
Attackers have duped media bodies into handing over Twitter credentials with spear phishing attempts, which see specially-crafted emails sent to journalists, either asking them for information or tricking them into clicking on malicious links.
Silly Twitter advice?
That’s why Twitter sent out advice to various organisations last night. But one particular recommendation has invited scorn – to designate one computer for Twitter use, and to not use that machine for reading email or using the Internet.
“It is ridiculous. Not only is it unreasonable for consumers to take that kind of advice because it is simply expensive, but it is not suitable for businesses either,” Simon Edwards, technical director of Dennis Technology Labs and founding member of the Anti Malware Testing Standards Organisation, told TechWeekEurope.
He was also concerned about the lack of two-factor authentication – something Twitter has been called out on numerous times. Google and Facebook both offer it, so Twitter should too, the argument goes.
Twitter asks for mobile numbers during the sign-up process, so it should not take a huge effort to implement two-factor authentication where a unique code is sent to the mobile device, Edwards added.
The email sent to media last night, from the Twitter News Team, offered various pieces of password advice, saying they should contain elements of randomness and be changed regularly. But there have been no promises or even hints two-factor authentication will arrive.
Companies should create a formal incident response plan for a Twitter account hijack too, the team said, offering assistance for phishing attacks.
“We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers,” the email read.
“These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organisation and following the security guidelines below is vital to preventing abuse of your Twitter accounts.”