Details of The Story
The uptick in cyber-attacks on prominent social media profiles, particularly those certified as official business or government entities by X (the platform known before as Twitter), has raised concerns over the past few weeks. Verified profiles, distinguished by ‘gold’ and ‘grey’ checkmarks, have been increasingly exploited to disseminate fraudulent cryptocurrency schemes and phishing operations.
In a concerning incident, the X account of the cyber threat intelligence firm Mandiant, now a part of Google, was compromised to broadcast a deceptive cryptocurrency airdrop, leading to the theft of funds from digital wallets. This incident has caused alarm, especially since it occurred despite the account having two-factor authentication enabled.
Accounts marked with a gold checkmark signify an official company or organization, while a grey badge is used for government organizations. Both require meeting stringent criteria, unlike the blue checkmarks that are available to any paying X Premium subscriber. The inherent trust associated with these ‘gold’ and ‘grey’ badges makes the content shared through such accounts seem credible, inadvertently assisting malicious actors when these accounts are misused.
Despite measures intended to make impersonation harder on X, these verified accounts have become a lucrative target for cybercriminals, as reported by CloudSEK. The cybersecurity firm’s report uncovered an underground market where access to compromised ‘gold’ and ‘grey’ accounts is traded, with prices ranging between $1,200 and $2,000. Furthermore, there are services offering to affiliate scam accounts with these verified accounts for a fee, bypassing the stringent verification processes.
Cybercriminals are also reportedly exploiting inactive corporate accounts, rebranding them with a ‘gold’ status for resale. CloudSEK’s findings include transactions of such accounts, one of which, dormant since 2016 and with a follower count of 28,000, was listed for $2,500.
To safeguard against such security breaches, experts advise organizations to deactivate any dormant accounts and rigorously audit their security settings, including two-factor authentication. Regular reviews of connected applications and active session logs on different devices are also recommended as preventative measures against unauthorized access.
