The Attack That Broke Twitter Is Hitting Dozens of Companies

An anonymous reader quotes a report from Wired:

Phone spear phishing" attacks have been on the rise since a bitcoin scam took over the social media platform in July. When law enforcement arrested three alleged young hackers in the US and the UK last month, the story of the worst-known hack of Twitter’s systems seemed to have drawn to a tidy close. But in fact, the technique that allowed hackers to take control of the accounts of Joe Biden, Jeff Bezos, Elon Musk, and dozens of others is still in use against a broad array of victims, in a series of attacks that began well before Twitter’s blowup, and in recent weeks has escalated into a full-blown crime wave.

But Twitter is hardly the only recent target of “phone spear phishing,” also sometimes known as “vishing,” for “voice phishing,” a form of social engineering. In just the past month since the Twitter hack unfolded, dozens of companies – including banks, cryptocurrency exchanges, and web hosting firms – have been targeted with the same hacking playbook, according to three investigators in a cybersecurity industry group that’s been working with victims and law enforcement to track the attacks. As in the Twitter hack, employees of those targets have received phone calls from hackers posing as IT staff to trick them into giving up their passwords to internal tools. Then the attackers have sold that access to others who have typically used it to target high-net-worth users of the company’s services – most often aiming to steal large amounts of cryptocurrency, but also sometimes targeting non-crypto accounts on traditional financial services. “Simultaneous with the Twitter hack and in the days that followed, we saw this big increase in this type of phishing, fanning out and targeting a bunch of different industries,” says Allison Nixon, who serves as chief research officer at cybersecurity firm Unit 221b and assisted the FBI in its investigation into the Twitter hack. “I’ve seen some unsettling stuff in the past couple of weeks, companies getting broken into that you wouldn’t think are soft targets. And it’s happening repeatedly, like the companies can’t keep them out.”

While the perpetrators don’t appear to be state-sponsored hackers or foreign cybercrime organizations, it may be only a matter of time until they’re adopted by these foreign groups who contract out the phone calls to English-speaking phone phishers.