Bitcoin remains a lucrative cryptocurrency and hackers are keen to cash in on it. And they’ve now scammed $180k in one day through hacking Twitter accounts.

With around 336 million active users, Twitter is one of the most popular social media sites and has attracted a number of authority figures in almost every niche you can think of. As a result, it’s fair to say that if your organization isn’t on Twitter then it needs to be on Twitter. It’s a fantastic marketing tool that can be used to engage customers, promote products and deliver instant marketing all over the world. However, it’s this level of interest in Twitter and the trust which users invest in official accounts that makes it susceptible to hackers.

Due to a recent hack of several major Twitter accounts, with large numbers of followers, hackers managed to deceive these followers by impersonating Elon Musk and requesting Bitcoin. Unbelievably, this approach was successful and the hackers managed to obtain around 28 Bitcoins valued at roughly $180,000. And this is all thanks to hacking successful Twitter accounts. As it’s likely that you run a Twitter account to support your business, we’re going to take a look at what happened and how you can protect your Twitter account.

What Did This Fake Elon Musk Do?

Elon Musk needs little introduction due to his fame which has been generated by co-founding PayPal and designing Tesla’s electric car range. Known as a man who can make money happen, he recently appeared on several major Twitter accounts such as Pantheon Books and UK clothing range Matalan. However, this wasn’t the real Elon Musk as these official Twitter accounts (complete with blue ticks) had simply had their user name changed and their profile picture replaced with a picture of Musk. These hacked accounts then promised that, as part of a Bitcoin giveaway, he would exchange a substantial amount of Bitcoin for a verification payment of anything from 0.1 to 3 Bitcoins.

The hackers were clever enough to even hack other Twitter accounts such as the National Disaster Management Authority of India and use these to send out fake ‘verification’ tweets that they had received multiple Bitcoins in exchange. Despite sounding too good to be true and requiring very little investigative work to discover that something wasn’t quite right, 392 transactions took place in just one day and allowed the hackers to make a small fortune very quickly. Although this behavior clearly violated Twitter’s guidelines, the anonymous nature of Bitcoin transactions means that there was relatively little risk for the hackers.

Protecting Your Twitter Account

It’s not known how the hackers behind the Elon Musk scam managed to breach so many official Twitter accounts, but it’s important that you ensure your Twitter account is secured. To help protect your organization’s Twitter account make sure you practice the following:

  • Keep your password secure through regular changes, long passwords and combination passwords
  • Twitter allows you to use two-factor authentication so that access is only granted to your account when a randomly generated code sent to a mobile device is entered
  • Try not to install third-party Twitter apps which request access to your Twitter account as it’s very difficult to monitor what they do with your data

If you can regularly follow these three steps then you’re going to significantly reduce the chances of losing control of your Twitter. And, remember, even if the hackers aren’t using your account to demand Bitcoin, losing control of your Twitter account, which is a crucial communication channel in modern business, could still be disastrous for your reputation and revenue.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


British Airways recently had 385,000 online transactions hacked due to a code weakness on their payment processing pages. And customers were not happy.

Reputation is important for any organization, so limiting bad news is crucial to ensure that consumers can trust your brand. British Airways, however, have experienced a significant blow to their public image due to a recent hack which ransacked their customers’ confidential data. The attack that took place was an example of cross-site scripting, a method of hacking which may not grab as many headlines as ransomware and malware but is still very dangerous.

Processing online payments is part and parcel of any business with a digital presence these days, so I think it’s important we take a look at what happened to British Airways.

Who Hacked British Airways?

It’s believed that Magecart are the hacking group behind the British Airways hack due to the similar techniques used to execute the attack. Magecart first emerged in early 2016 and was linked to numerous hacks that affected online shops and sought to steal credit card details during online payment processing. Previously, Magecart had targeted third party payment processors rather than payment systems embedded within websites. However, the attack on British Airways demonstrated that Magecart were now developing tailored code to attack their targets’ websites directly.

How Did Magecart Launch Their Attack?

Unlike ransomware and malware, there was no need for Magecart to dispatch an email containing a malicious payload. Instead, they targeted the code of British Airways’ website. By exploiting weaknesses in the website’s code, Magecart were able to ‘inject’ 22 new lines of code into the British Airway’s website. And it was this small amount of code which made the hack so devastating.

Lying silently in the background, this new code would log keystrokes from the payment processing section and, once the victim hit the ‘submit’ button, it would transmit these keystrokes to the attackers’ server. Not only were credit card details compromised, but also a significant amount of sensitive, personal data. To help reduce the chances of being detected, the hackers even loaded their own server with an SSL security certificate to make it appear genuine. Sadly, it was far from genuine. The attack managed to remain undetected for 15 days and, as a result, managed to infiltrate a huge number of online transactions.

The Dangers of Cross-Site Scripting

Combating cross-site scripting attacks is not easy due to the difficulty in spotting previously unknown vulnerabilities contained within website codes. However, progress is always being made and it’s now possible to employ automated tools that can identify when the code behind a website has been changed remotely. Alternatively, disabling scripts on your website is a guaranteed remedy, but that comes with the headache of reduced functionality which could easily eat into your revenue.

Regardless of whether your website’s code is secure or not, the activities of Magecart are proof that hackers are looking for new and cunning ways to breach your defenses. What’s most important is that you monitor all network activity and analyze any activity which is unusual otherwise you could find yourself with a huge number of unhappy customers at your door.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Defeating a particular strand of ransomware doesn’t mean it’s dead and buried; you only have to take a look at GandCrab to see how it can evolve.

GandCrab first emerged online at the start of 2018 and began to spread rapidly across the globe. Known as a Ransomware-as-a-Service (RaaS) attack, GandCrab has been able to continue causing chaos thanks to its code receiving regular updates. Now, as ransomware is such a pressing concern at the best of times, the realization that it can rapidly evolve is very troubling for anyone who heads online.

Due to the economic impact, not to mention the effect on productivity, that ransomware can cause to organizations, we’re going to take a close look at GandCrab to understand how and why it has evolved.

What is RaaS?

GandCrab is classed as a RaaS, but what exactly does this mean? Well, RaaS is built upon an attack where ransomware is written by cyber-criminals and then sold on to attackers who may not have the technical knowledge to write their own ransomware. Sometimes, however, the attackers may be perfectly capable of writing their own ransomware, but they don’t have the time and are just looking for a quick buck instead. Nonetheless, RaaS is highly popular due to the ease with which it can be deployed and the ready availability of the code. And this is exactly how GandCrab has been operating since the start of the year.

How Does GandCrab Operate?

Rather than concentrating on just one deployment method, GandCrab is particularly virulent thanks to its multifaceted approach which includes spam emails, exploit kits and malvertising. Once executed, GandCrab begins compiling information on the victim’s PC and scans for file extensions that it’s capable of encrypting. Early versions of GandCrab would encrypt files with a .CRAB extension, but the latest versions have begun encrypting files with 5 digit extensions that are randomly generated. GandCrab is also different to most other ransomware as it demands its ransom in Dash, a cryptocurrency which launched in 2015, rather than Bitcoin.

The Evolution of GandCrab

In total, there have been five versions of GandCrab released since its initial detection. Being a RaaS, the writers of GandCrab are keen to keep the money flowing in and this has fuelled their determination to update their product. Those who were infected by versions 1.0 and 1.1 were in luck early on as BitDefender managed to code a decryptor to retrieve files which had been compromised. However, this setback only served to inspire the hackers behind GandCrab to update the code significantly in GandCrab 2.0. Since then, less significant, but regular updates have allowed GandCrab to stay ahead of the security experts and keep their product bringing in its illicit income.

Can GandCrab be Defeated?

Despite the strength of GandCrab’s defenses, it appears that the security experts may be getting closer. Recent developments have seen BitDefender refining their decryptor software to unlock files encrypted by GandCrab versions 1, 4 and 5. Unfortunately, progress on decrypting files encrypted by versions 2 and 3 has been much slower and these files remain encrypted unless the victims are willing to pay the ransom. Ultimately, the best way for your organization to protect its data from the threat of ransomware such as GandCrab is by practicing best security practices and not having to decrypt any files whatsoever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


 

Cloud networks are the most important newcomers to storage and networking in a long, long time, but why are cloud networks at risk of being hacked in 2018?

With cloud network revenue set to hit $228 billion in 2019, it’s clear to see that cloud networks have become phenomenally successful and their popularity doesn’t appear to show any signs of slowing down. However, hackers are exceptionally interested in this new slice of digital real estate and, accordingly, are beginning to tailor attacks towards cloud providers. Naturally, new technology is prone to teething issues, but when there’s so much data at risk, it’s understandable that organizations may be a little concerned by the risk of cloud networks being hacked.

Let’s take a look at exactly why there’s a risk of your cloud network being hacked and having all its data compromised.

Hackers Like to Target Big and Sensitive Data

Cloud networks have been readily adopted by many organizations due to the vast benefits they offer, so it should come as no surprise that hackers have followed consumers to the cloud. Organizations are frequently storing entire databases packed full of confidential data which, to a hacker’s eyes, is the ultimate prize. Rather than embarking on time consuming hacking strategies which yield only one employee’s details, hackers are going to go straight to the cloud to obtain as much data as possible.

 

The Cloud Brings New Technology

While organizations are more than aware of firewalls and passwords, cloud networks bring a whole new range of technology that has shifted the goalposts of cyber-security. For example, the cloud is a virtual network rather than a physical network and, accordingly, can’t be treated in the same way as previous technology that organizations have used. New security tools are required to marshal data warehouses in the cloud and, at present, the level of knowledge is, even in many IT professionals, at a naive level.

Human Error is Always an Issue

Employees of any organization that accesses a cloud network are perhaps the biggest threat to cloud security. All it takes is one mistake for a hacker to gain access to your network and, if they access your cloud, this could have catastrophic effects for your organization’s data. As ever, the risk of falling for phishing scams puts the security of your cloud network at risk, but, as covered earlier, the new technology also brings a number of problems to the table such as configuration errors. Amazon, for example, exposed nearly 48 million data profiles earlier this year due to not configuring their cloud correctly.

The Danger of State Sponsored Attacks

Huge organizations that are integral to the running of the country have invested heavily in cloud networks to help store the vast amounts of data that they generate. The result of this is that hackers are continually searching for new and innovative ways to breach cloud security. While their main target may be major corporations, the knowledge that these hackers are gaining means that the ease with which cloud networks can be hacked is increasing. As this knowledge builds and builds, attacks on cloud networks will become easier to execute and more commonplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More