Cybercriminals using Twitter Gold to for spreading disinformation: CloudSEK

A surge in compromised Twitter (x.com) account sales with the coveted 'Gold' verification badge has been observed on dark web marketplaces and forums, according to a report released on Thursday by cybersecurity firm CloudSEK.

'The ease of obtaining Twitter Gold has attracted malicious actors who are purchasing and compromising accounts to further their nefarious activities,' read an official release from CloudSEK.

Twitter Gold verified accounts, when targeted by threat actors, pose a huge risk for organisations and individuals, as they can be used to spread disinformation, launch phishing attacks, and steal sensitive information of users.

Twitter Gold is a recently introduced paid feature, which grants accounts a gold badge alongside the blue and grey tick, signifying legitimacy and brand recognition.

 

The research found out that dark web platforms are flooded with such accounts which are available for sale at prices ranging from $35 for a basic account to $2,000 for accounts with large followings.

Threat actors are using methods such as brute-forcing passwords and stealing credentials to access these accounts. The accounts once acquired are then used for different malicious purposes including phishing, scams, and impersonation of legitimate accounts.

'When an unused and inactive account is replaced with threat actors' data, the primary user is locked out from recovering the account. Once a complete account takeover occurs, the threat actor subscribes to the Twitter Gold package for 30 days,' says the detailed report.

'The service package offered by the threat actors ensures that the buyer has no hassles with the account for 30 days, and in the meanwhile, the scam campaign has achieved its goal through that account,' it further states.

The report has attached multiple screenshots of such accounts put on sale on the dark web platforms.

The study also advised some steps to mitigate the risks within an organisation. It recommends training and education of employees on workplace cybersecurity practices.

Further, it says that password policies should be updated, such as replenishing the account passwords regularly, and employees should be educated against the use of cracked software and its dangers.