As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.

Please reset your password to access the new
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

[wpmem_form login]

Create new account
(it's completely free). Subscribe

In July, 45 high-profile Twitter accounts tweeted variations of the same offer: Send me any amount of Bitcoin, and I’ll send you back double its value. The messages were sent by hackers who had used stolen credentials from a Twitter employee’s account to gain access to powerful internal administrative tools. They then used that access to take over 130 Twitter accounts.

For hours, Twitter’s security team worked to regain control of the accounts and delete the fraudulent tweets. Unfortunately, hundreds of Twitter users were defrauded. By the time the ringleaders were arrested weeks later, they had amassed more than $180,000 in Bitcoin from the scam.

Unfortunately, this may only be a taste of what’s to come. Attacks that use an organization’s internal administrative tools against it are extremely powerful and of high value to bad actors. And if you don’t build the strong, layered defenses necessary to block such attacks, your organization could be at risk.

Access to administrative tools helps fraudsters scale

Attacks that use internal administrative tools are attractive to hackers because they’re relatively easy to scale. A cybercriminal only has to obtain a single employee’s credentials to gain access to powerful administrative interfaces and sensitive tools.

In most cases, bad actors start by using phishing emails or malware to steal employee credentials. Rogue employees may also sell access to their accounts, similar to how some telecom employees facilitate SIM swap attacks for pay. If your company only verifies users based on credentials and basic information like IP address or device IDs, you’ll be unable to spot such incursions on your network.

From there, attackers may gain access to dozens or even hundreds of customer accounts with very little extra work. In many cases, they can even bypass authentication technologies like one-time passwords (OTPs) and biometric authentication deployed on customers’ accounts.

Often, the purpose of these attacks is to change access settings and contact information, giving the attacker control over customer accounts. Access to those accounts can be sold on the black market or leveraged in schemes like the Twitter hackers’ Bitcoin scam. Once attackers have access, they can take any action a legitimate user can take. Their imaginations and the capabilities of the administrative tools they control are the only limits on what they can do.

Four steps to protect your high-value administrative tools

If you want to avoid falling victim to a hack like the one that affected Twitter, it is important that you layer multiple security approaches to thwart different instances of this type of attack. In particular, you should ensure proper security around account-level changes such as changing the email address associated with an account, resetting passwords or making changes to multi-factor authentication. 

  1. Protect access to administrative tools. Important administrative tools shouldn’t be directly accessible via the internet. Protect them on internal or corporate networks, and only allow remote access through a secure tool such as a VPN. Strong authentication protections such as multi-factor authentication are also a must for access to these tools.
  2. Require approvals. For high-risk, account-level changes, supervisor reviews and approvals should be built into workflows. This can both stop malicious actions and reduce errors that could lock an employee out of their account.
  3. Deploy real-time anomaly detection. A real-time anomaly detection system automatically flags unusual high-risk activity, like resetting passwords in bulk, enabling security teams to address a potential compromise of employee credentials quickly.
  4. Continuously validate identity. In addition to traditional authentication methods such as multi-factor authentication, deploy technologies like behavioral analytics and passive biometrics to continuously validate users’ identities. Behavioral analytics look at patterns of behavior like the location from which a user usually logs on, while passive biometrics look at unconscious behaviors like how they type or hold a device. By combining these capabilities, you can distinguish between the employee who is authorized to use a particular set of credentials and someone who just happens to be using those credentials (e.g., an attacker).

The importance of layered defenses

It’s always unsettling when a large, established tech company like Twitter is hacked or breached. If they can’t defend themselves, what hope is there for others?

There’s no one tool you can rely on to eliminate cybersecurity risk entirely. However, by layering solutions that address different gaps or vulnerabilities, you can build robust defenses that significantly reduce your risk. Think of your home’s front door: It probably has a strong lock that’s hard to pick, but you also make sure the hinges are sturdy enough to make it hard to kick down. Like your front door, your cyber defenses should protect you against multiple types of attack using multiple strategies.

Over time, a layered approach will do more than keep you safe from a particular attack. By making employee credentials less useful to hackers, you’ll also reduce their incentive to execute credential-stealing phishing, malware and social engineering attacks — so you could have fewer attacks to defend against in the long run.


February 3, 2021 – Using Mass Notification to Accomplish Your 2021 Business Continuity Goals


February 17, 2021 – Is your BIA effective? Or are you using it ineffectively? How 2020 Changed My View on “Traditional” Business Continuity


February 24, 2021 – Evolving Employee Safety for the Anywhere Worker



Robert Capps

Robert Capps is NuData Security’s vice president of marketplace innovation. He is an industry-recognized technologist, thought leader, and advisor with more than 25 years of experience in retail, payments, financial services, and cybercrime investigation and prosecution. Capps brings his industry insight and vision to drive market-leading products and services for NuData Security and is the public spokesperson for the organization. Capps is passionate about bringing safety to the digital world in the shape of cutting-edge technologies, so companies and end users don’t have to worry about risks from cybercrime.

Successful Disaster Recovery Relies on Fast-Deploying Communication
Nature will always be an unprecedented force to be reckoned with, despite the preparations that governments, enterprises, and non-governmental (NGO)...
The State of Disaster Recovery Preparedness 2020
Forrester Research and Disaster Recovery Journal have partnered to field a number of market studies in business continuity (BC) and...
An Industry at Siege: What Every Healthcare Leader Should Know About Kwampirs Trojan Cyberattacks
The cybercriminal group known as Orangeworm is once again targeting healthcare organizations, often acting through connected medical devices. The FBI...
Managing Complex Object Stores
Object stores have found a home in the cloud and in data centers, becoming the repository for long-lived and high-value...