January 11, 2024 at 12:35PM
Mandiant’s investigation of the takeover of its X account revealed a successful brute-force attack due to a change in two-factor authentication policy. The use of SMS-based 2FA was removed, leaving accounts vulnerable. The compromise led to a scam pushing CLICKSINK drainer-as-a-service, highlighting the rise of such attacks targeting valuable cryptocurrency assets.
Based on the meeting notes, the main takeaway is that a security breach occurred at X, likely due to the absence of two-factor authentication (2FA). This breach allowed attackers to fuel scams, particularly the CLICKSINK drainer-as-a-service (DaaS) toolkit, resulting in significant financial losses. The breach was attributed to a lack of adequate 2FA implementation and the prevalence of SMS-based 2FA methods, which were vulnerable to attacks like SIM swapping. Additionally, Mandiant expects such attacks to persist due to the attractive prospect of profiting from rapidly rising cryptocurrency values and the relatively low cost and high potential profit of drainer operations.