Archive for June 8, 2021

FBI Seizes Cryptocurrency Used To Pay The Hackers From The Colonial Pipeline Cyberattack

Posted in Commentary with tags on June 8, 2021 by itnerd

This is a first. The FBI announced yesterday that they have seized cryptocurrency that is valued at $2.3 million that apparently came from the ransom paid to the hackers behind the Colonial pipeline cyberattack:

US investigators have recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department announced Monday. 

The announcement confirms CNN’s earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question. 

Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year. 

The ransom recovery, which is the first seizure undertaken by the recently created DOJ digital extortion taskforce, is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

And:

“Following the money remains one of the most basic, yet powerful, tools we have,” Deputy Attorney General Lisa Monaco said Monday during the DOJ announcement, which followed CNN’s reporting about the recovery operation. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”

The seizure warrant was authorized through the US Attorney’s Office for the Northern District of California.”The extortionists will never see this money,” acting US Attorney Stephanie Hinds for the Northern District of California said at the news conference at the Justice Department Monday. “New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hardworking Americans.”

I have to applaud the FBI here as I have never heard of law enforcement being able to pull off something like this. Perhaps that should serve as a warning to the scumbags behind these cyberattacks that they may not get paid. That still should not stop companies to doing their level best to stop these attacks by having their IT security on point.

TELUS Health Mobile Clinics Are Helping To Vaccinate Ontario’s More Vulnerable Residents

Posted in Commentary with tags on June 8, 2021 by itnerd

Today, TELUS announced that through its innovative Health for Good program – in partnership with Waterloo’s Sanguen Health Centre, Toronto’s Parkdale Queen West Community Health Centre, and Ottawa’s Inner City Health – COVID-19 vaccinations are being provided to at-risk and vulnerable residents of Ontario from its mobile health clinics, powered by TELUS Health. These specially-equipped clinics on wheels have been providing essential primary health and harm reduction services directly to individuals in the communities they serve since they launched in 2020. Operations have recently expanded to offer COVID-19 testing and vaccinations, following the provincial public health guidelines. 

Through relationships with local community centres, homeless shelters, and congregate housing facilities, the clinics have administered more than 1,500 doses of the vaccine to at-risk Ontarians, conducted 15,400 COVID-19 tests/assessments, and have supported nearly 30,000 patient interventions to-date. 

Backed by a $10 million commitment from TELUS, the Health for Good program is active from coast to coast with 13 state-of-the-art mobile health clinics operating in communities where frontline care is urgently needed.

These mobile health clinics are equipped with TELUS LTE Wi-Fi, TELUS Mobility services, and TELUS Health electronic medical record (EMR) technology. The TELUS Health EMR enables clinic staff to collect and store health data, examine results over time, and provide better continuity of care to patients who previously had undocumented medical histories. 

Beyond pivoting its Health for Good program to aid in Canada’s response to the health crisis and in addition to giving $85 million to charitable partners in 2020, representing five per cent of its profits, TELUS collectively contributed more than $150 million to support COVID-19 related initiatives across the country. For more information about TELUS Health for Good, visit telus.com/healthforgood.

Sonos Radio HD Now Available In Canada

Posted in Commentary with tags on June 8, 2021 by itnerd

Today, Sonos debuts Sonos Radio HD in Canada, giving millions of Canadian listeners access to the ad-free, high-definition streaming tier with skips, repeats and an expanded catalogue of exclusive programming. The premium service is available on Sonos’ S2 app for $7.99 CAD per month after a free 30-day trial.

Canada subscribers to Sonos Radio HD will now be able to access and enjoy even more incredible content and exclusive programming, including:

  • Artist-curated stations that go beyond the playlist to offer commentary and interviews heard nowhere else, including Brian Eno’s The Lighthouse – an exclusive new station available on Sonos Radio HD today, featuring hundreds of tracks spanning over 50 years of Brian Eno’s illustrious career. Listeners are also encouraged to share their feedback on the station: if you hear a track that you’d like to use in a film, you think you may have contributed to, or even one that particularly moves you – please get in touch at thelighthouse@sonos.com

Subscribers can also tune in to Dolly Parton’s Songteller Radio, Ghostface Killah’s Blue & Cream, FKA twigs’ Main Squeeze and more. 

  • Deeper exploration into genres and music scenes with the help of curators and hosts including Ann Powers with Nashville Now and Americana Ramble and Kenny Gamble’s The Sound of Philadelphia. 
  • Soundtracks for life at home that promote mindfulness, productivity and relaxation including The Inner NowChill Beats and Mellow Morning, along with six sleep stations for any preference – white noise, pink noise, brown noise, rain, rainforest and piano – all mastered and tuned specifically for Sonos speakers for the most natural, calming sounds for a better night’s sleep.

Atlas VPN Releases A New Security Tool For Monitoring Data Breaches

Posted in Commentary with tags on June 8, 2021 by itnerd

This month virtual network service provider Atlas VPN released a new security feature called Data Breach Monitor. The new feature, currently available on iOS and Android platforms, helps its users check if their personal information has been leaked online. 

First, users are prompted to scan their email addresses with Data Breach Monitor. The tool then searches through leaked databases to check whether the data there matches the user’s information. 

If matching information is found, the user is presented with a list of past and current security breaches associated with their online accounts. In addition, the list includes information about when and where the breach occurred and what type of information was leaked. 

The leaked data can include anything from credentials such as email address, username, and password to social security numbers or other types of personal information. 

The tool also notifies users of new leaks affecting their personal data so they can take immediate action and stop malicious actors from exploiting their online accounts.

While all Atlas VPN users can take advantage of the Data Breach monitor to boost their online security, Premium users get full access to the feature. It means they can connect multiple email addresses to the tool to safeguard all their online accounts.

Many Major Websites Down Or Impaired Due To An Issue With A Content Delivery Network Provider

Posted in Commentary on June 8, 2021 by itnerd

If you were trying to get to Reddit, The New York Times, Spotify, CNN, or many other major websites this morning, you might be seeing “Error 503 – Service Unavailable”. That’s because the Fastly CDN or content delivery network is down and took many websites down with it.

A content delivery network caches data in localized regional servers, allowing websites to serve content to you much faster. Big websites rely on these content delivery networks to make sure that their websites are accessible by a large amount of people. Thus when one of these networks fail, it’s a big deal.

On the Fastly Status page, the company says it is implementing a fix and service should be resuming to those websites shortly. But I am pretty sure that any website that was affected is going to be asking a lot of questions of Fastly as to what happened, and how they can make sure that it will never happen again. In the meantime, you should be seeing your favorite website come on line shortly, if it hasn’t already.

Scammers Access 50% Of Compromised Accounts Within 12 Hours: Agari

Posted in Commentary with tags on June 8, 2021 by itnerd

Agari by HelpSystems, the market share leader in phishing defense for the enterprise, unveiled today the results of an investigation into the anatomy of compromised email accounts. The threat intelligence brief, titled Anatomy of a Compromised Account, is the first research of its kind, showcasing how threat actors use credential phishing sites to gather passwords, and what they do with them post-compromise.

The Agari Cyber Intelligence Division (ACID) completed a six-month investigation by seeding more than 8,000 phishing sites mimicking Microsoft Account, Microsoft Office 365, and Adobe Document Cloud login screens. After successfully submitting credentials, the team linked individual phishing attacks to specific actors and their post-compromise actions in order to better understand the lifecycle of the compromised account.

Specific stats uncovered in the extensive research include:

  • 91% of all accounts were manually accessed by threat actors within the first week
  • Half of compromised accounts were accessed within the first 12 hours 
  • 23% of phishing sites used automated account validation techniques
  • Threat actors were located in 44 countries worldwide, with 47% in Nigeria

According to Agari, once attackers gained access to the compromised accounts, it became apparent that they wanted to identify high-value targets who have access to a company’s financial information or payment system so that they could send vendor email compromise scams more effectively. The accounts were also used for other purposes, including sending malicious emails and using the accounts to register for additional software from which to run their scams.

In one instance, a threat actor used their compromised account to upload two financial documents to the associated OneDrive account—a rental balance sheet and wire instructions for their bank account. Based on the content of these documents, it’s likely that they were intended to be used as part of a BEC attack, presumably one impersonating the real estate investment trust and targeting the senior living community operator, trying to trick them into paying more than $200,000 in outstanding rent.

In another example, cybercriminals targeted employees at real estate or title companies in the U.S. with an email that appeared to come from an U.S.-based financial services company that offers title insurance for real estate transactions. When targets opened the email, they were encouraged to view a secure message, which sent them to a webpage mimicking the company’s actual homepage. From there, they were encouraged to view additional documents and enter their account information—leading to the compromise. This shows the self-fulfilling growth cycle where credential phishing attacks lead to compromised accounts, which lead to more credential phishing attacks and more compromised accounts, and so on.

To view a complete copy of the research findings, download the threat intelligence brief.

Additional Resources