Joe Biden, Bill Gates, Elon Musk, Apple, Uber Twitter Accounts Hacked and Used in Bitcoin Scam

/in ,
Yesterday between the hours of 4 and 7 pm, the Twitter accounts of several prominent people, including Elon Musk, Bill Gates, Apple, Kanye Kest, and Barack Obama, were hacked. Each account tweeted about the bitcoin scam, calling it a charitable act. The tweet sent from Bill Gates’s account said, “I am giving back to the community. All the bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.” 

Twitter blocked several tweets as they became aware of them, but in some cases, the hacker group was able to publish more tweets with the same message because they remained in control of the accounts. To regain control, Twitter eventually had to disable large amounts of its services, including the ability for verified accounts to tweet, for several hours following the breach. During those 3 hours that the hackers remained in control of the accounts, the bitcoin wallets from the tweets received 300 transactions totaling $118,000.

Anonymous sources told Vice’s Motherboard that the hacker paid off an inside source to obtain access to the twitter internal system. However, in a tweet thread on Twitter’s support account providing updates to Twitter’s investigation of the incident, it was reported that Twitter detected what seemed to be a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

In a later tweet, they stated that they didn’t believe any passwords had been compromised and that resetting passwords was unnecessary. 

While this is the first reported incident that hackers were able to get access to Twitter’s internal accounts and accounts of verified users, this is one of many incidents of social engineering attacks that were successful. 

So how can you prevent this from happening to you? 

As your business’ weakest link, your employees should be able to recognize a social engineering attack and know how to react. This bitcoin scam is especially interesting because of the social engineering that happened on two levels; On one level, the 300 people who fell for the bitcoin scam could have prevented the loss of their savings by educating themselves about basic social engineering tactics. On another level, Twitter’s employees (if it was truly a phishing incident) may have been able to prevent this whole debacle if they had been better equipped to identify phishing attacks.

T-Mobile DDoS Attack Was Just a Network Issue

/in ,

A tweet meant to spread misinformation sent much of the U.S. into a panic on Monday. A countrywide T-Mobile network outage was mistaken for a Distributed-Denial-of-Service attack when the Twitter account @YourAnonCentral claiming to be Anonymous affiliated tweeted Monday about a major DDoS attack on the U.S. Included in the tweet was a world map claiming to show proof of the large DDoS attack on the U.S.

Marcus Hutchins, a former black hat hacker turned white hat and cyber researcher responsible for stopping the WannaCry ransomware attacks in 2017, along with other cyber researchers, proved these tweets false that same day. About the map, Hutchins said it “show[s] a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day).”

https://twitter.com/MalwareTechBlog/status/1272647109833940992

Other false reports of major outages with other services added to the confusion. The popular site for detecting outages Downdectector did detect outages for other major cellular carriers (Verizon, AT&T, Metro, Sprint, Consumer Cellular, US Cellular). However, Verizon assured DCD that its network was performing well: “We’re aware that another carrier is having network issues. Calls to and from that carrier may receive an error message. We understand Downdetector is falsely reporting Verizon network issues.”

AT&T also reported that its network was working properly.

https://twitter.com/ATTNEWS/status/1272642265056522242

Additional popular services were reported to be under attack, but researchers believe that this may be in consequence of T-Mobile users not being able to reach those services. Among those reported to be having problems were internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), gaming services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), Banks (Chase Bank, Bank of America), and other major services (Doordash, Google, Zoom).

https://twitter.com/MalwareTechBlog/status/1272656800400044032

T-Mobile was able to fix what turned out to be a routing issue by 11 pm Monday evening. T-Mobile’s President of Technology Neville Ray tweeted an apology, with a promise that improvements were made to prevent future events like this.

Even though the panic of Twitter users turned out to be for nothing, this false alarm seems to beg the question, what would have happened if such a large scale DDoS attack had been real?

Many of the reported issues were with services that have become staples to businesses and individuals during this pandemic. Without telecommunication and technology services available, would people know how to survive? Events like this should be a wakeup call to organizations, to review and update their disaster recovery plans, or to create one if they don’t have an existing plan. On this blog, we have focused mainly on ransomware and how to recover from a ransomware attack, but a disaster recovery plan should cover all types of cyber threats, including DDoS attacks.

If your company does not have a disaster recovery plan for DDoS attacks (whether pointed at your organization or the services you use), try asking yourselves questions similar to these: Does your organization have a plan in place if you were to lose cell or internet service? What are your organization’s next steps in the event of a DDoS attack to get your services back up? Have you talked to your service providers about services or tools that can help? Do you have locally backed-up copies of mission-critical data? While creating a disaster recovery plan is time consuming, it will always be worth it.

I’ve Been Hit by Ransomware… What Now?

/in ,

In an article titled “Best practices to remediate a ransomware attack” published through Business & Finance, Filip Verloy, Field CTO EMEA of Rubrik says, “As the use of remote working rises, so do potential threats and vulnerabilities, especially within a smaller business which might not have stringent home working security measures in place. People have been forced to adopt new ways of working at an accelerated pace.” Verloy states the importance of protecting your company from cyberattacks that could come as a result of remote working. He advises every company to “create a ‘work from home guide’ for employees, explain which tools are ok, what basic security measures are expected, and who is responsible for implementing them.”

The FBI has estimated that ransomware will be a $1 billion market in 2021. If a company or organization is not prepared, they may feel that paying the ransom is their only option. The recovery process can be very difficult because it is both expensive, and there is no guarantee you’ll get all your files back. Waiting until you fall victim to a cyberattack in order to develop a data recovery plan is not effective and can be detrimental to your business. It is important to decide now on a backup and recovery solution to ensure your data is secure.

Business & Finance published “Best practices to remediate a ransomware attack” to help you develop your ransomware remediation plan just in case an attack occurs.

You Have Been Hit by Ransomware – What Now?

1. Isolate the infected station from the network.

This is done to prevent the infection from spreading to other devices. Disconnect the network cable, WiFi, USB’s, etc. and turn the power off the affected devices to try and contain the damage.

2. Ensure backups have not been compromised.

Be sure backup data is not in read/write mode because it can be manipulated or deleted by the attacker.

3. Identify the infection.

Ask yourself the following questions: What kind of ransomware are you facing? How did it enter your system? Phishing scam? Stolen user credentials?

4. Determine your options.

There are several options available as you try to recover from an attack: pay the ransom, try to remove the malware, and recover from backups. Unfortunately, paying a ransom does not guarantee the recovery of all your data, and may encourage the attacker further because their attack was successful. Trying to remove the malware has become increasingly difficult as ransomware has become more sophisticated and mutates frequently. If you have a robust backup system, you should be able to restore all data from the most recent backup without paying the ransom.

After you have taken these steps, be sure to notify your team, discover which files are corrupted, restore your files, and inform law enforcement, customers, and other authorities. 

How to Prepare

One of the best ways to prepare for a ransomware attack is to make sure your data is backed up in multiple places. Joel Witts with Expert Insights said, “In the event of a ransomware attack, backing up data means you will be able to mitigate the loss of any encrypted files and regain functionality of systems.”

Trinsio offers full-featured, Rubrik-powered data management with global searchability, instant recovery, and data immutability. We also offer local and cloud data replication to be sure your data is secure. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust.

The Top Cybersecurity Concerns for the Upcoming Elections

/in

2020 has not been our year. We won’t air out its dirty laundry, but we all can remember the events that had plagued these first 6 months, with the Coronavirus Pandemic taking the cake. Across the internet, users are wondering “What is coming next?” The Coronavirus seems to have ruined all of our 2020 plans, including future plans, like large wedding celebrations, summer vacations, and now the 2020 elections. 

Heightened Security Concerns with 2020 Elections

Election officials are concerned about the cybersecurity of the upcoming elections, given the entirely new and unplanned circumstances we’ve found ourselves in. Close to 1 billion dollars have been poured into improving security measures for the elections after the 2016 elections were affected by Russian hackers. However, despite the large sums of money that have been put into the increased security, new concerns have arisen that weren’t originally addressed in the security upgrade because of the pandemic. For example, there are many new costs associated with voting facilities because of the pandemic, namely, hand sanitizer and hand-washing stations, as well as the shortage of space needed in current voting facilities to appropriately distance voters and poll workers, as well as an increase in the number of mail-in ballots. These extra costs are coming at the same time when budgets are imploding, and state and local governments do not have extra money available to fund these extra costs. 

Additionally, officials are concerned about the security (or lack thereof) for new online registration portals, which many states have hastily built to help voters social distance. During the 2016 presidential elections, Russian military intelligence conducted cyberattacks against at least one U.S. voting software supplier and spear phished over 100 local election officials. Concerns are that these registration portals could contain security vulnerabilities because of the speed at which they were built. 

Increased Risk in Government Employees Being Spearphished

The Coronavirus has also increased the possibility of local voting officials falling victim to spearphishing attacks because of the number of government employees working from home. While working from home, employees do not have access to all of the safeguards provided at their offices. Beyond secure networks, less physical interaction with coworkers means less communication and more confusion, leaving them more vulnerable to mistaking spearphishing emails as legitimate. 

Misinformation Campaigns on Social Media

Social Media also presents similar security issues with the upcoming elections. Social media became an essential source of information for the 2016 elections and has become an even more central source of election news and information now because of the pandemic. Experts are saying that they expect to see (and have seen) misinformation campaigns closer to elections, set on confusing and swaying voters with incorrect information. 

Most recently, famous blogger Marcus Hutchins reported on his twitter account, MalwareTech, a case where an “Anonymous” group created a fake K-pop giveaway account to gain followers, only to change the profile and start tweeting about the Black Lives Matter movement. This is a great example of one of the ways that incorrect information can be spread over social media. 

While Election Officials and Security Experts do have security concerns, as voters and citizens, we can educate ourselves about these issues. By educating ourselves, we are minimizing the chances of ourselves being defrauded by a well-crafted spearphishing attack and other cyber threats. The best defense is being aware and ready for attacks in the recent future.

Durham City Wins The Battle Against Ransomware

/in , ,

On Friday, March 6th, the City of Durham and Durham County governments fell victim to a ransomware attack. A statement released on Sunday described the attack in more detail explaining that it originated from a malicious email attachment and then was spread across network servers. The effects of this attack could have been detrimental because there is very sensitive information held on their servers. Durham City responded to this attack as quickly as they could, taking networks and phones offline, in an effort to minimize the damage done because of this attack. 

Ransomware attacks on governments in the US rose 28% in 2018 from the previous year. This number is predicted to continue to rise. Not only have the number of ransomware attacks continued to increase, but also the ransom amount. In Riviera Beach, ransomers demanded $600,000, and less than two weeks earlier, $500,000 from Lake City, Florida. According to Nathaniel Popper, “security experts said that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.” The importance of having a plan in place to protect your data from malware cannot be overstated.

Luckily, Durham City had installed Rubrik technology and were prepared for this kind of attack. Leaders of the city say that they are hoping to have all their systems completely up and running in several days. Kerry Goode, the CEO and Director of Technology Solutions said Rubrik technology, “is one of the leading backup systems you can purchase” and they decided they needed to have it because “it was a backup system that could not be consumed by ransomware”

Trinsio offers great protection including immutability for ransomware and end-to-end encryption. We know how critical your data and network are to you and your citizens because we are your citizens. That is why we partner with Rubrik, to bring stability and security to your organization so you can rest easy, despite the odds.

The Coronavirus + Your Business

/in ,

As the number of infected by the Coronavirus grows in the US, more local governments and businesses are taking action to prevent contracting the virus. Eight states, including Utah, have declared a state of emergency. Governor Herbert said about declaring a state of emergency: “Making this declaration simply opens up resources for Utahns and allows us in government to focus as seriously as possible on being prepared.”

Meanwhile Individuals are taking to the internet, preparing by doing their own research and watching Contagion (it’s okay, we did it, too) and buying face masks (even though the CDC says only the sick need to wear them). But what are businesses doing to prepare for the virus and how will it affect them?

Quarantined Consumers Versus the Internet

For businesses, the effect of the virus goes beyond employees asking for sick leave or working from home. Some companies such as Twitter, LinkedIn, and Microsoft (all together 75,000 employees working from home in the US) have already asked employees to work from home. Meetings and conferences are already being cancelled or delayed until the summer, like Rubrik Forward, which just made the decision to cancel all physical events and instead to make the conference digital. 

However, a more drastic change for businesses will be customer preferences as their customers work from home. As more customers begin to use services from home, they will be more reliant on internet services, and connectivity will become more important to them. Security incidents will be harshly critiqued, and loss of service, even for short periods of time, will be enough to convince customers to look for more stable options. 

“Businesses who are inadequately prepared won’t be able to live through cyber breaches as consumers become more dependant on reliable internet services while working from home,” says Lane Livingston, CTO of Trinsio. “Businesses need to prepare now for the shift in consumer preferences forced by the Coronavirus.”

And to add an extra challenge, as customers become more intolerant of service interruptions, scammers and spammers are taking advantage of the ignorance, misinformation, and fear of citizens. The internet has seen an increase in scams related to the Coronavirus, asking people to donate, buy supplies, or click on links to see updated lists of infected cities, etc., some even impersonating the CDC to add legitimacy to their messages. So while your customers are on you for service interruptions, malware operators are working double time to wreak havoc on your business and provide your customers with more reasons to leave. 

Steps Your Business Should Take

While problems seem to be coming at you from both sides, what can you be doing to protect your business from the consequences? Here’s five things you can do now to keep your consumers happy and the hackers at bay. 

1. Use a good spam filter. A good spam filter will prevent a lot of the malicious mail from even getting to your mailbox, giving you a lower chance of clicking on something malicious. 

2. Train employees. A spam filter will not catch everything, so it is important that employees are aware of what to look for in malicious email. 

3. Set up antivirus software and a firewall. In information security, the more layers between your company’s information and the hacker, the better. 

4. Keep software and hardware up to date. Updated software and hardware will have the least amount of known bugs, giving hackers less opportunities to worm their way into your systems. 

5. Back up, Back up, Back up. Having a good backup system is a crucial part of any IT infrastructure, so that when the other parts of your system fail, your business has something to lean back on. And with customer tolerances of down time decreasing, it is also crucial to have a backup system that you can recover from quickly, preventing unnecessary down time. 

To learn how you can try a state-of-the-art backup solution for free, visit our website, or call (385) 283 – 1810.

Education Sector at High Risk of Ransomware Attacks

/in ,

According to CBS news, in January, a Michigan school district became one of the victims of a ransomware attack. Hackers seized control of its computer system, demanding $10,000 in bitcoin in order to release it. This attack “affected telephones, copiers and classroom technology.” As a result of the attack, several schools in the district were closed for a week so employees could attempt to resolve the problem. The Richmond Community Schools Superintendent explained that recovery of the data is a difficult process and they do not intend to pay the ransom. “There’s no guarantee we’ll get [the server files] back, and we don’t know if that’s $10,000 for each file or each server that they’ve taken.”

Education is one of the most targeted sectors for ransomware. One reason educational organizations are at such high risk is because of the valuable information they store. They have social security numbers, banking information, credit card numbers, birthdates, and other personal information. In addition, this information does not just stem from students, but from all employees and parents. Another reason the education sector is targeted is because typically their IT equipment is not always state of the art. The school districts have budgetary constraints that make it difficult to fund IT security investments. 

According to a study done by Emsisoft Malware Lab, in 2019, the United States was hit by a myriad of ransomware attacks “that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.” That number is astounding. Of these attacks, 89 were educational sectors which potentially affected 1,233 individual schools. These numbers demonstrate the severity of the issue and reiterate the need for a data backup and recovery plan. 

Trinsio knows how valuable your data is to the success of your organizations, and we are dedicated to helping you conquer the odds against you. That is why we partner with Rubrik, to bring to you the best in cloud data management.

US Natural Gas Facility Hit with Ransomware

/in ,

Unsurprisingly, we have another ransomware attack on the books. Yesterday, a malicious link was sent to staff at a US natural gas facility. As a result, staff was forced to shut down the entire pipeline asset for two days.

Facility Inadequately Prepared

This organization was simply not prepared for this sort of an attack. CISA stated, regarding the issue, “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.” CISA encourages all organizations to have a plan that considers the effects of these attacks. Companies should see this as a warning of the ways that ransomware can affect operations.

What is ransomware?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim in exchange for access to the data. This kind of malware can be devastating to an organization, and recovery has proven to be a very difficult process. Some victims pay the ransom in an effort to recover the files, but even then, there are no guarantees victims will get their files back.

Ransomware Doesn’t Have to End in Disaster

In contrast to the incident at the natural gas facility, Kern Medical Center, a large Level II trauma healthcare organization in Bakersfield, California experienced a ransomware attack in June that penetrated their system, deeming it unusable. An attack on a healthcare facility obviously raises significant concerns because the systems need to be readily available at all times to ensure patient survival. Kern Medical Center had a data recovery plan in place, and as a result, they were able to get their systems up and running quickly while recovering 100% of their data. What could have been a devastating event, ended up being a situation completely under control.

Craig Witmer, CTO of Kerns Medical Center claims that “With our legacy system, restores could take hours— even if we had the necessary tapes onsite. Rubrik allows us to restore in seconds.” He also noted that an important feature of the technology, is the at-a-glance view. With Rubrik, they are able to check all their systems in just a few minutes.

The difference in the preparedness of these two organizations is significant. Ransomware attacks are becoming more and more deliberate. It would be highly beneficial for every company to have a plan in place in an effort to keep their data safe.

Ransom Demands Double While Ransomware Victims Bankroll Hackers

/in ,

Alarming numbers from the last quarter of 2019 show that ransom demand payments doubled compared to the previous quarter, with the average ransom payment rising 104 percent from the previous quarter to $84,116 (Coveware), wrapping up a successful year for ransomware operators. From there, the numbers just get scarier. Coveware reported that organizations hit with ransomware suffered an average of 16.2 days in downtime which is an increase of over four days from the third quarter. 

Coveware’s CEO and co-founder Bill Siegel commented on the huge increase in ransom payments, stating, “The doubling of the amount was surprising. I think we expected it to rise, but had not expected the impact of large enterprise attacks to pull the average up as much as it did.”

Coveware’s reports also indicated that attackers’ techniques are changing, with increases in ransomware attacks which include data exfiltration and exposure techniques. Data exfiltration — the practice of exfiltrating data before encrypting it and threatening to leak it to the public unless the demand is paid — became a trend in summer 2019.

Why is this such a successful market for hackers right now?

Seigel explained that cybercrime is a business, and just like any other business, when costs are low and profits are high, business is booming. Nearly 60 percent of attacks last quarter used stolen Remote Desktop Protocol credentials, which are available on the darkweb for less than $100. Coveware estimated that hackers using ransomware only needed to get returns on about 2 percent of their attacks to make a hefty profit. “This will continue until the profit margins go down for these cheap and simple attacks,” says Seigel. “As of right now, the margins are great for cybercrime, so it marches on.”

But low costs aren’t the only things enticing cybercriminals to use ransomware. Reports show that victims are increasingly more willing to bargain with hackers. A recent survey of 600 security professions by Proofpoint suggests that a little more than half of the affected organizations in 2019 decided to pay the ransom. However, the survey also found that of those who paid, 22 percent were still unable to access their data, and 9 percent were hit with more demands.

What Can You Do to Avoid Paying the Ransom?

A secure infrastructure has multiple layers of security with working backups in place underneath it all. Seigel explained that the companies that agree to pay the ransom payments are usually the ones with compromised backups or without any backups in place. “Those who think paying a ransom will help them recover faster are incredibly mistaken,” he said. “In our experience that is absolutely false, and in practice it does not happen. Once companies realize the extent of the remediation work necessary just to cleanse their production network, such that you could safely decrypt it, they realize that on a risk and time adjusted basis, restoring from backups is always a better option.” Learn more about Trinsio’s fast and secure backups here.

Caucus Complications: Data Backup and Recovery

/in

A new smartphone app, “Shadow”, was recently introduced as a way to collect the results of the Democratic Party caucus in Iowa. As Tuesday afternoon rolled around, results were still not reported due to a problem with the app. According to Alexis Madrigal from the Atlantic, “The shadow app struggled at the final step of the results-reporting process… while the app was recording data accurately, it was reporting out only partial data”. Shadow Inc. later confirmed this on twitter, “As the Iowa Democratic Party has confirmed, the underlying data and collection process via Shadow’s mobile caucus app was sound and accurate, but our process to transmit the caucus results data generated via the app to the IDP was not.” Although the technology issues caused a setback, “because of the required paper documentation, we have been able to verify that the data recorded in the app and used to calculate State Delegate Equivalents is valid and accurate”. Although the voting closed on Monday night, the party was not able to release the results until after 5:00 pm on Tuesday.

Shadow was unable to recover the data completely, and as a result, Iowa Democratic Party officials had to manually verify the data. The process of verification was both frustrating and tedious. Although the data backup and recovery technology differ, similar situations could occur in your own businesses. Consider your plan for data backup and recovery. Do you have a secure way to store your data? If disaster does occur, is there a quick and easy way for you to recover your data? This situation with Shadow has reiterated the need for data backup and recovery.

Trinsio powered by Rubrik offers a “set it and forget it approach” which simplifies the process of data backup and recovery. With near-zero recovery time and an easy-to-use cloud backup software, you can be sure your data is protected and easily accessible. One way that Rubrik technology makes your data easily accessible is the at-a-glance view that displays detailed reports and notifications about the data.