No stranger to volatility, Bitcoin lost $50B in market cap last week because of a false message from the SEC’s X (formerly Twitter) account that had been compromised. It followed closely on the heels of the compromise of Mandiant’s X account by cryptocurrency thieves. Following investigations, Both X and Mandiant issued statements that in both cases, the recommendation of two factor authentication (2FA) was not being followed at the time of compromise.
The situation would seem cut and dry, except for a number of factors regarding the security dynamics at X – from whistleblower accusations to changes in security options and policies – since its acquisition by Elon Musk. Even Mandiant’s statement includes a vague reference that, “...due to some team transitions and a change in X's 2FA policy, we were not adequately protected…"
While many are debating the imperative for, and implementation of 2FA we thought we’d take a step back and ask our Red Team Practice Director Trevin Edgeworth how Red Teamers view security programs in flux. Whether intentional changes such as M&A or leadership transition, to general uncertainty and confusion brought on by technology failures or adjacent breaches, how could an attacker prey on the confusion, miscommunication, or general lack of clarity. Additionally, where are the weakest points in the shared security responsibility between service providers and customers that need to be addressed?