Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

News Insights: Does X Mark a Target? with Trevin Edgeworth, Director of Red Team

In light of the recent security breaches involving Bitcoin and SEC’s X account, our Red Team Practice Director, Trevin Edgeworth, analyzes the role of fluctuating security programs in these incidents. He discusses how attackers exploit confusion, communication gaps, and vague policies, and identifies weak points in shared security responsibility.

No stranger to volatility, Bitcoin lost $50B in market cap last week because of a false message from the SEC’s X (formerly Twitter) account that had been compromised. It followed closely on the heels of the compromise of Mandiant’s X account by cryptocurrency thieves. Following investigations, Both X and Mandiant issued statements that in both cases, the recommendation of two factor authentication (2FA) was not being followed at the time of compromise.

The situation would seem cut and dry, except for a number of factors regarding the security dynamics at X – from whistleblower accusations to changes in security options and policies – since its acquisition by Elon Musk. Even Mandiant’s statement includes a vague reference that, “...due to some team transitions and a change in X's 2FA policy, we were not adequately protected…"

While many are debating the imperative for, and implementation of 2FA we thought we’d take a step back and ask our Red Team Practice Director Trevin Edgeworth how Red Teamers view security programs in flux. Whether intentional changes such as M&A or leadership transition, to general uncertainty and confusion brought on by technology failures or adjacent breaches, how could an attacker prey on the confusion, miscommunication, or general lack of clarity. Additionally, where are the weakest points in the shared security responsibility between service providers and customers that need to be addressed?


Session Summary

In this timely analysis, Bishop Fox's Red Team Practice Director Trevin Edgeworth examines how organizational changes create security vulnerabilities that sophisticated attackers readily exploit. Drawing from recent incidents including the SEC's X account compromise and Bitcoin-related breaches, Edgeworth demonstrates that security incidents often correlate with periods of significant organizational or technological transition.The presentation highlights three critical scenarios where organizations become particularly vulnerable: mergers and acquisitions, organizational restructuring, and major technology migrations. During these periods, security personnel are frequently diverted to transition-related tasks while maintaining their regular responsibilities, creating attention gaps that attackers can exploit. Communication channels become flooded with unfamiliar requests and new contacts, making social engineering attacks significantly more effective. Edgeworth shares a compelling example from a recent engagement where his team successfully compromised a merging organization by impersonating IT staff conducting migration-related activities.Perhaps most concerning is how attackers gather intelligence about organizational changes through publicly available information. Job postings revealing technology migrations, press releases announcing mergers, and leadership changes all provide attackers with valuable context for crafting believable pretexts. Edgeworth concludes with practical recommendations for maintaining security during periods of change: increasing security awareness communications during transitions, factoring temporary security gaps into risk management decisions, and being more strategic about public disclosures of organizational and technological changes. By understanding how attackers exploit these windows of opportunity, security teams can better prepare for and mitigate these heightened risks during periods of transformation.

Key Takeaways

  1. Organizational change creates security blind spots - Mergers, acquisitions, technology migrations, and leadership transitions all create periods of increased vulnerability that attackers actively target.
  2. Social engineering thrives during transitions - During periods of change, employees are more likely to accept unusual requests or unfamiliar contacts, making social engineering attacks significantly more effective.
  3. Standard security controls may be bypassed during transitions - Authentication procedures, access reviews, and security monitoring often operate irregularly during organizational changes, creating opportunities for attackers.
  4. Public information telegraphs vulnerability - Job postings, press releases, and social media announcements about organizational changes provide attackers with valuable intelligence for crafting targeted attacks.
  5. Communication gaps between service providers and customers create risk - The shared security responsibility model becomes particularly vulnerable during transitions when assumptions about who manages specific controls may be incorrect.
  6. Security awareness needs heightened emphasis during changes - Organizations should increase security communications during transitions to counterbalance the natural tendency toward reduced vigilance during periods of flux.

Who Should Watch

This video is essential viewing for:

  • Security leaders and executives responsible for maintaining security posture during organizational transitions
  • Social media and communications teams managing accounts with significant business impact
  • IT and security professionals implementing authentication policies across multiple platforms
  • Merger and acquisition integration teams working to harmonize security practices
  • Risk management professionals assessing how organizational change affects security posture
  • Incident response teams preparing for scenarios that exploit transitional vulnerabilities

The session is particularly valuable for organizations experiencing or planning significant changes—whether technology migrations, leadership transitions, acquisitions, or restructuring—as these periods create unique security vulnerabilities that sophisticated attackers actively target.


Trevin Edgeworth

About the speaker, Trevin Edgeworth

Red Team Practice Director

Trevin Edgeworth is the Red Team Practice Director at Bishop Fox, where he focuses on building and leading best-in-class adversary emulation services to help customers of all sizes and industries strengthen their defenses against current and emerging threats.

Trevin has over 20 years of security experience; he has built and overseen red team programs for several Fortune 500 companies, including American Express, Capital One Financial, and Symantec Corporation. Other accomplishments include leading a security organization as Chief Security Officer (CSO) for a major security company. Trevin has led a variety of security functions in his career, including cyber threat intelligence, hunt, deception, insider threat, and others.

Trevin is an active member of the security community. He has presented at several industry conferences and been interviewed by leading publications on topics such as red teaming and threat intelligence.

More by Trevin

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.