Colonial Pipeline paid hackers a ransom of $4.4 million in bitcoin soon after discovering a cybersecurity hack on its systems that began on May 6.  The company’s acknowledgement comes after days of speculation about whether a ransom was paid to the hackers.  The company’s CEO defended the “difficult” decision to pay the ransom, maintaining he was trying to avoid widespread fuel shortages for the East Coast. Even with the ransom payment, Colonial’s pipeline was shut down  for days, resulting in price spikes and shortages at gasoline stations in the Southeastern U.S. In addition to the ransom payment, Colonial also revealed it would be spending tens of millions of dollars over the next several months to restore its systems.

Meanwhile, the hacker, identified by the FBI as Darkside, a group out of Eastern Europe, lost access to its IT infrastructure and cryptocurrency funds.  Many believe that law enforcement seized the group’s assets, given that it occurred on the same day President Biden announced the U.S. would “pursue a measure to disrupt” Darkside.

There are no mandatory federal cybersecurity requirements for U.S. critical infrastructure, including the energy sector. To date, federal government agencies have issued cybersecurity guidelines for the energy sector, but since most operations are privately owned, they are not obligated to follow them.  President Biden is trying to provide funding to harden security systems in U.S. critical infrastructure.  His proposed American Jobs Plan includes $20 billion for cities and towns to strengthen energy cybersecurity and $2 billion in grants for energy grids in high-risk areas. In the interim, Biden’s recently issued Executive Order on Improving the Nation’s Cybersecurity controls how security incidents are managed and how hardware and software is used by federal government agencies. For vendors and developers who want to do business with the federal government, this means focusing on improving product security in order to win new contracts from a very large customer.

Oh, if I had just bought that Bitcoin when I first thought about it a decade ago…I might risk a flight to Fiji right now, which is on my bucket list, even in the midst of the pandemic. Alas, I didn’t, because I assessed the risk first and made my own decision. Yes, I lost out on tremendous profits, but hey, I love my job and Fiji will be there for me, and it was the right decision for me.

The urge to purchase cryptocurrency is strong right now as the value has skyrocketed. Nonetheless, before purchasing any type of cryptocurrency, there are a couple of things you may wish to consider.

My mantra these days is “Yes, you, me, and all of us collectively are being targeted by state sponsored hackers”–mostly from Russia, China and North Korea. Their methods are similar and sinister, and their goals the same—profit, power and domination.

North Korea is stealing cryptocurrency at an alarming rate, the goal of which is to fund its nuclear and ballistic missile programs in the face of tough international sanctions. It is estimated by the United Nations (U.N.) that North Korean state-sponsored hackers stole approximately $316.4M in virtual assets from digital currency exchanges between 2019 and November of 2020. U.N. monitors report that North Korea has generated approximately $2 billion to steal funds from banks and cryptocurrency exchanges using sophisticated cyberattacks.

One of the largest thefts that North Korea is believed to be behind was against cryptocurrency exchange KuCoin, which reported the theft of $281 million in bitcoin and other crypto tokens in September of 2020. (This has not been confirmed by KuCoin, but KuCoin has publicly stated that it is working with law enforcement to confirm who was behind the incident). It is reported that KuCoin was able to recover 80 percent of the stolen funds through cooperation with other exchanges that froze the funds that the hackers were attempting to launder.

Some things to consider before jumping into the cryptocurrency frenzy:

  • Cryptocurrency exchanges are not regulated like other financial institutions.
  • The United States Federal Reserve does not back any loss of funds in cryptocurrency exchanges.
  • If you pass away and have assets in cryptocurrency, or lose your password to your crypto wallet, those funds could be lost; treat the account like any other and protect it should you pass away, just as you would with any other account—planning is really important here.
  • Just because you have invested in digital assets, they are still considered assets by the IRS, so be aware of tax laws applicable to cryptocurrency.
  • Cryptocurrency exchanges have gone out of business with no recourse for investors, so researching them like any other investment, including their, is prudent.
  • Be aware that state-sponsored attackers, particularly North Korea, are fervently and successfully targeting cryptocurrency exchanges to fund their nuclear capabilities against adverse nations, including the United States, which affects our national security.

Following the recent report by U.N. monitors in relation to the current hype of Bitcoin, these are just a few considerations before investing in cryptocurrency.  Enter that market slowly and research risk while contemplating reward.

As the holiday shopping season comes to end, consumers should still be aware that hackers are sending fake delivery notifications appearing to come from companies like FedEx and UPS, especially as the last few days of package arrivals pass by. The hackers’ messages prompt consumers to enter their personal information like credit card information to resolve an issue with package delivery or immediately launch malware or ransomware upon clicking a link. According to a recent CNBC report on this ‘shipageddeon’ launched by hackers, one consumer received an email message appearing to be from UPS informing him that his package could not be delivered. Once he clicked the link provided to solve the issue, his screen started flashing and his computer was encrypted with ransomware requesting 150 bitcoins (or about $66,000). Upon the consumer’s refusal, his computer was wiped clean.

According to the CNBC report, fraudulent delivery messages rose by 440 percent from October to November, according to data from cybersecurity firm Check Point Software Technologies. Overall, fraudulent shipping messages overall rose 72 percent since November 2019. Don’t fall victim to these scams -at a minimum before clicking on a provided link or offering up your personal information make sure that the messages include correct spelling and company logos.

Binary Check Ad Blocker Security News

You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a 17-year-old along with his accomplices. The hackers took over the accounts of well-known individuals including Barack Obama, Kim Kardashian West, Kanye West, Bill Gates, Elon Musk and many others, and tweeted a “double your bitcoin scam” from these Twitter accounts directing people to send bitcoin to fraudulent accounts.

The New York Department of Financial Services (NYDFS) issued a detailed report last week regarding this hack into the social media giant. The report found that “the Twitter Hack happened in three phases: (1) social engineering attacks to gain access to Twitter’s network; (2) taking over accounts with desirable usernames (or “handles”) and selling access to them; and (3) taking over dozens of high-profile Twitter accounts and trying to trick people into sending the Hackers bitcoin. All this happened in roughly 24 hours.”

How did the hackers do it? According to the report, the first phase of the attack started with the hackers stealing credentials of Twitter employees the old-fashioned way by using social engineering. The hackers posed as Twitter IT employees and contacted several Twitter employees claiming there was a problem with Twitter’s Virtual Private Network (VPN). The report stated that the “hackers claimed they were responding to a reported problem the employee was having with Twitter’s Virtual Private Network (VPN). Since switching to remote working, VPN problems were common at Twitter. The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain. As the employee entered their credentials into the phishing website, the Hackers would simultaneously enter the information into the real Twitter website. This false log-in generated an MFA [multi-factor authentication] notification requesting that the employees authenticate themselves, which some of the employees did.”

The hackers then went surfing within the Twitter system looking for employees with access to internal tools to take over accounts. This led to the second phase of the attack: taking over and selling access to original gangster (OG) Twitter accounts. According to the report, an OG Twitter account refers to accounts  designated by a single word, letter, or number and adopted by Twitter’s early users. The hackers discussed taking over and selling the OG accounts in various online chat messages. On July 15, the hackers “ hijacked multiple OG Twitter accounts and tweeted screenshots of one of the internal tools from some of the accounts to the accounts’ respective followers.

The final phase of the hack involved  taking over various cryptocurrency company accounts and directing users to a link to a scam bitcoin address. According to a tweet sent out by Twitter on July 16, approximately 130 accounts of high-profile verified users (those Twitter accounts that you see with the blue check mark) were taken over by the hackers with tweets asking people to send bitcoin, with the promise that the high-profile user would double the amount to be given to a charity. The bitcoin address was fraudulent, the tweets were not sent by the actual users, and the hackers were able to collect more than $118,000 in bitcoin.

The NYDFS began its investigation because the cryptocurrency companies are regulated entities. According to the report, the department instructed the cryptocurrency companies to block the hackers’ bitcoin addresses if they hadn’t already done so. This move prevented over a million dollars’ worth of fraudulent bitcoin transfers.

We write all the time about the critical importance of cybersecurity practices and protocols such as multifactor authentication, employee training regarding phishing, and using secure passwords. The general consensus appears to be that the Twitter hack was not a sophisticated one, but that the hackers knew what they were after and knew how to accomplish their goal. The NYDFS report stated that “the Twitter Hack is a cautionary tale about the extraordinary damage that can be caused even by unsophisticated cybercriminals. The Hackers’ success was due in large part to weaknesses in Twitter’s internal cybersecurity protocols.”