Source: Sander Sammy via Unsplash.com
Eli Lilly lost USD15 billion in market cap to a social engineering attack. The attack happened only days after Twitter announced a USD8 fee for the blue check mark verification last Wednesday. Following the social engineering attack, Twitter suspended the option.
Since Twitter first applied the option, parody accounts of known companies and individuals got the blue checkmark by paying the fee. But, few financial losses occurred during this short time, leading many to ignore the dangers fake accounts create. Now that Eli Lilly has lost billions, Twitter will have to take social engineering attacks (SEA) more seriously.
Interestingly, the attackers only managed to devalue Eli Lilly’s market cap rather than stealing its money.
Twitter must handle social engineering attacks to improve cybersecurity practices on the platform.
Over USD15 Billion in Market Cap Lost
On Thursday, November 10, a fake account @EliLillyandCo, displaying the blue checkmark, tweeted, “insulin is free now”. Eli Lilly is a major diabetes drug manufacturer in the United States.
The company responded to the tweet eight hours later. However, the original fake tweet was online for almost a day. During this time, Twitter users retweeted the fake tweet thousands of times, causing Eli Lilly (#LLY) to drop 10%, from USD368.36 to USD346.36, or a loss of over USD15 billion.
Over the weekend, the stock price adjusted. Yet, the growth has failed to recover to last month’s levels. In addition, this loss will reduce Eli Lilly’s 30% year-to-date growth.
Source: OxBEW Via Words.Yunt.Capital
Dawn of Meme Terrorism
Since 2016, tech and political experts have warned the public about online memes leading to misinformation.
Until recently, many separated social engineering attacks from cybersecurity. Few took them seriously in relation to cybersecurity.
For cybercriminals and political activists, social engineering attacks are a new attack vector. So, how can the public and companies defend against such attacks?
So far, social engineering attacks have targeted individuals only. During such an attack, cybercriminals blackmail or scam a person to share their private information and access their finances. Now, cybercriminals also target companies or groups by exploiting their audience.
Moreover, normal defenses against such attacks will not work. For example, companies can’t control where their audiences get information.
Twitter Blue Check Fails against Social Engineering Attacks
Social media platforms are ideal for social engineering attacks. Cybercriminals use social media messages and posts for malware propagation. Even certain groups, chats, and websites actively spread such attacks.
Mostly, cybercriminals manipulate internet users by appealing to their emotions to obtain valuable personal information.
Therefore, experts advise users to rely on verified sources. But, when anyone can buy the blue check for their Twitter handle, social engineering attacks will become easier.
Through verified checkmarks, anyone can pose as a celebrity, a company, or even Elon Musk, Twitter’s new CEO and owner. Before the social engineering attack on Eli Lilly, many experts denied that such attacks could be so damaging.
Now, future scams may use similar attacks to inflict losses on companies. Social media ransomware may also become an issue in 2023.
Source: Alexandra Gorn via Unsplash.com
Social Media Brand Affirmation—the Only Solution Right Now
Currently, brand affirmation is the only solution against similar attacks. Companies will have to keep their clients and partners informed about their business.
With brand affirmations, scammers will find it difficult to fool customers and investors. Transparency and direct communication are crucial for brand affirmation.
Additionally, every brand’s social media handles must be provided to customers. With customers already subscribed and informed, companies could prevent misinformation.
Both marketing and cybersecurity experts will need to work on cyber threat intelligence. With their efforts combined, it’ll be possible to identify and prevent these threats.
Though online fraud is hard to eradicate completely, a combined effort can reduce its damage.
Unethical Business Practices and Vigilante Criminals
The company’s self-advertised perception made the fake Eli Lilly tweet seem credible to the public. People quickly believed the announcement because Eli Lilly markets itself as a socially conscious company.
But, insulin is 10 to 20 times more expensive in Mexico, Canada, and Europe than in the US. Since 2008, the US cost per capita has increased by over USD6,000.
Thus, few criticized the Twitter scammers openly. Many consider Eli Lilly’s business practices unethical. Businesses involved in similar practices will be the first targets of criminal vigilante justice.
