Cybersecurity experts at CloudSEK warn of a “Gold Rush” on the dark web as hackers target verified accounts on X, formerly Twitter, for extensive attacks. Compromised X accounts are sold on the dark web for up to $2,000 a piece.
Organizations on X purchase a Gold checkmark as part of the platform’s verification system. The system legitimizes a celebrity’s or high-profile organization’s account. Blue badges are also sold for premium subscribers, and gray badges are for government agencies or NGOs.
In a recent market analysis, experts from CloudSEK have reported an influx of posts advertising the sale of X Gold verification accounts on darknet marketplaces, Darknet forums, and Telegram channels.
Experts at CloudSEK say
“Such advertisements also allow multiple opportunities for cybercriminals to become a guarantor of the deals since large amounts are involved. Additionally, such accounts are resellable, enabling a whole reseller market behind compromised accounts,”
Hackers acquire verified X accounts using various methods, which include manually creating fake accounts, brute-forcing an existing account using generic passwords and usernames, and using malware to access an individual’s credentials, according to CloudSEK.
Cyber criminals also target unverified profiles with high followings, such as influencers or corporate accounts. X accounts that are dominant are particularly sought after by bad actors. These accounts are then upgraded to a verified status with a 30-day Gold subscription to increase the value.
This makes many differences, as in order to apply for a verified organisation with gold badges, there’s quite a process.
- Official Identification: This could be anything from a government-issued ID to a tax filing or your organization’s incorporation documents.
- An email address that matches your organization.
- Having a website that clearly shows your organization’s connection to the Twitter account you’re trying to verify is super important. It’s like showing Twitter a piece of your world.
- A Public Phone Number
- Depending on your organization type, you might need to show some public records that prove your existence and relevance.
- Follower Count: While Twitter doesn’t openly admit this, having a decent number of followers does help. It’s like showing that people are genuinely interested in what you have to say.
A compromised or hacked X account is generally exploited and used to mass spread phishing links, launch disinformation campaigns, and for financial scams. These compromised accounts, in turn, damage the reputation and image of the company.
The prices of compromised X accounts vary on the darknet. An inactive account starts at as little as $35, which can be converted into a Gold subscription. Gold-verified X accounts sell for up to $2,000, depending on the follower count and brand.
Hacking On X Becomes Standard
X’s Gold verification subscription was announced in December 2022, as part of Elon Musk structured changes. The first notable threat actors’ posts seeking to purchase Gold verified accounts have been traced to March 2023. In September 2023, Vitalik Buterin, co-founder of Ethereum, X account was hacked.
Hackers seized Vitalik’s account and exploited his large following by posting a tweet offering free non fungible tokens (NFTs). Unknowingly a malicious link embedded in the tweet, redirected users to a fake website that was designed to drain cryptocurrency from their wallets.
The falsified tweet was only active for approximately 20 minutes, in that time, hackers siphoned off $691,00 in digital assets before retracting their post. This wasn’t the first time hacker’s have targeted Twitter accounts of high-profiled individuals and organizations.
Back in 2020, the Twitter accounts of both crypto exchange Binance, the world’s leading crypto exchange in terms of volume, and its founder Changpeng Zhao were hacked by an anonymous group. Six other crypto exchanges and media outlets were also temporarily seized by the same hacker group.
The anonymous group of hackers seemingly attempted to benefit from gaining access to Binance’s official page and con its users with a cryptocurrency giveaway.
How Prevent X Account Takeover
The value of stolen credentials on the darknet continues to rise. The recent surge in compromised Gold X accounts places organizations and high-profile individuals at serious risk.
To protect themselves, CloudSEK says that organizations should “regularly monitor brand mentions on Twitter and implement strong password policies to protect against account compromise.”
Cybersecurity experts recommend using native password managers instead of saving passwords in a web browser. CloudSEK’s report indicates the main reason for stolen credentials from malware is due to the employee’s lack of best security practices.
Proper employee training with regards to best cybersecurity practices could protect an organization’s credentials from information-stealing malware. CloudSEK recommended “password policies should be updated, such as replenishing the account password regularly. Employees should be educated against the use of cracked software and its dangers.”