A recent security investigation has brought to light a disturbing trend in which cybercriminals exploit the verified status of X (formerly Twitter) accounts by compromising the passwords of verified users and then selling or utilizing these accounts for scams, as reported first by TechRadar.
KNUTSFORD, UNITED KINGDOM APRIL 21: In this photo illustration the Twitter account of Elon Musk is seen on a mobile cellphone on April 21, 2023 in Knutsford, United Kingdom.
Gold Rush in the Dark Web
CloudSEK, the cybersecurity research firm behind the study, delved into the dark web forums where verified X accounts were bought and sold.
The research revealed that these compromised accounts, once in the hands of malicious actors, were used to perpetrate scams, including phishing attacks and financial fraud, targeting the followers of the original account owner.
The prices for these accounts varied based on factors such as the account's age and the number of followers it had. A fresh X account could be purchased for as little as $0.30, while older accounts with a gold affiliation, especially those aged over five years, commanded prices ranging from $1200 to $2000.
The number of followers associated with an account also influenced the price, with an account boasting 28,000 followers being advertised for $2000 to $2500.
The compromise of these accounts typically occurred through brute force attacks on passwords. Many of the targeted accounts had been dormant for extended periods, making them more susceptible to attacks due to the likelihood that adequate password security measures had not been implemented, according to the research.
This revelation follows the previous chaos surrounding the introduction of Twitter Blue, a subscription service that allowed users to acquire a small blue checkmark denoting a verified or trustworthy account.
Read Also: 23andMe Blames Victims on Recent Data Breach Incident Concerning 6.9 Million Users
Ethereum Co-founder's Case
CloudSEK highlighted a specific incident involving the co-founder of Ethereum, whose X account was stolen in a cyberattack. Before regaining control, the hackers utilized the account to post a link to a fake website offering free non-fungible tokens (NFTs), ultimately swindling $691,000 in cryptocurrency within 20 minutes.
To mitigate the risks associated with stolen accounts, CloudSEK recommends that users close and delete dormant X accounts, particularly if they possess a significant following.
Additionally, the research provides recommendations for organizations to protect against such campaigns, emphasizing the importance of closing inactive accounts and implementing robust password protection practices.
The study underscores the need for increased awareness and education among users regarding cybersecurity practices. Employees are encouraged to follow stringent password policies, update passwords regularly, avoid using cracked software, and use native password managers instead of saving passwords in web browsers.
Endpoint security software is also recommended to detect and counteract the presence of malicious software on employee devices, reducing the risk of falling victim to such cyber campaigns.
"With the steep rise in accounts being compromised and advertised daily on the dark web using different methodologies, it is evident that threat actors would not budge from such profit-making businesses anytime soon. Organizations must emphasize the importance of Brand monitoring in cybersecurity strategies to withstand the massive campaigns," the researchers recommend.
Related Article: Israel Watchdog Accuses Iranian Hackers of Deploying Phishing Attack, Posing as American Cybersecurity Firm
