A reader pointed me towards a Platformer story that really shows you what’s going on inside Twitter and how Twitter is being destroyed from the inside. I strongly encourage you to read the story which you can find here. But let me cover two things that made my jaw hit the ground.
#1 – Elon Musk fired engineers at Twitter because engagement counts are dropping:
On Tuesday, Musk gathered a group of engineers and advisors into a room at Twitter’s headquarters looking for answers. Why are his engagement numbers tanking?
“This is ridiculous,” he said, according to multiple sources with direct knowledge of the meeting. “I have more than 100 million followers, and I’m only getting tens of thousands of impressions.”
One of the company’s two remaining principal engineers offered a possible explanation for Musk’s declining reach: just under a year after the Tesla CEO made his surprise offer to buy Twitter for $44 billion, public interest in his antics is waning.
Employees showed Musk internal data regarding engagement with his account, along with a Google Trends chart. Last April, they told him, Musk was at “peak” popularity in search rankings, indicated by a score of “100.” Today, he’s at a score of nine. Engineers had previously investigated whether Musk’s reach had somehow been artificially restricted, but found no evidence that the algorithm was biased against him.
Musk did not take the news well.
“You’re fired, you’re fired,” Musk told the engineer. (Platformer is withholding the engineer’s name in light of the harassment Musk has directed at former Twitter employees.)
That’s a sure sign that Elon’s ego rather than his head is running Twitter at the moment. No to be clear, I am not shocked by that. What I am shocked about his behaviour when he doesn’t get the answer that fits his world view. Or when someone speaks truth to power. That’s just abysmal leadership.
#2 -Twitter’s outage from earlier this week is part of a larger problem.
An even more obvious reason for the decline in engagement is Twitter’s increasingly glitchy product, which has baffled users with its disappearing mentions, shifting algorithmic priorities, and tweets inserted seemingly at random from accounts they don’t follow. On Wednesday, the company suffered one of its first major outages since Musk took over, with users being told, inexplicably, “You are over the daily limit for sending tweets.”
It turns out that an employee had inadvertently deleted data for an internal service that sets rate limits for using Twitter. The team that worked on that service left the company in November.
“As the adage goes, ‘you ship your org chart,’” said one current employee. “It’s chaos here right now, so we’re shipping chaos.”
Interviews with current Twitter employees paint a picture of a deeply troubled workplace, where Musk’s whim-based approach to product management leaves workers scrambling to implement new features even as the core service falls apart. The disarray makes it less likely that Musk will ever recoup the $44 billion he spent to buy Twitter, and may hasten its decline into insolvency.
“We haven’t seen much in the way of longer term, cogent strategy,” one employee said. “Most of our time is dedicated to three main areas: putting out fires (mostly caused by firing the wrong people and trying to recover from that), performing impossible tasks, and ‘improving efficiency’ without clear guidelines of what the expected end results are. We mostly move from dumpster fire to dumpster fire, from my perspective.”
That further explains this email from Elon trying to focus the team on making the platform stable ahead of the Super Bowl. And it highlights that the stability of Twitter is heading downhill fast. And part of this is driven by Elon’s rush to ship new features at any cost to drive revenue. Which of course has not worked. What surprises me is that not even in my wildest dreams did I think that the situation was as bad as it’s being described here.
Now you’re likely wondering why I am highlighting this report. The team at Platformer has been 100% accurate about what has been going on inside of Twitter since Elon took over. So it is beyond a safe bet that everything that you read in this article is fact. Which means that if you still have a Twitter account, you might want to make plans to be someplace else on social media as it’s crystal clear that Twitter with Elon Musk at the helm is living on borrowed time.
CISA Issues Warning About North Korea Hacking Health Care Facilities To Fund Other Cyberattacks
Posted in Commentary with tags Security on February 10, 2023 by itnerdYesterday, the CISA released a waring that North Korean government-backed hackers have conducted ransomware attacks on health care providers and other key sectors in the US and South Korea. Then they used the proceeds to fund further cyberattacks:
This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.
The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments— specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. The IOCs in this product should be useful to sectors previously targeted by DPRK cyber operations (e.g., U.S. government, Department of Defense, and Defense Industrial Base). The authoring agencies highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.
Sanjay Raja, VP, Product Marketing and Solutions at Gurucul had this comment:
“Healthcare institutions have already been a target for threat actor groups as they know they have constrained resources and budgets and maintain a wealth of personal and financial information on patients, and disruption can be catastrophic. North Korea’s use of common attacks indicates that these hospitals have neither managed to patch vulnerabilities nor have implemented monitoring solutions with a strong set of threat models to detect these common attacks. North Korean threat actor groups may have also developed variants that can evade solutions, like traditional SIEMs or XDR, that fail to implement trained machine learning in their analytical models that can adapt to new and unknown attack variants.
“Constrained security teams need solutions that focus on leveraging a unified set of advanced analytics, including those that can provide an early warning to known variants of attacks through behavioral analytics, such as UEBA. Identity analytics is also critical for security teams to leverage as stolen credentials is a common method of compromising healthcare systems. These two capabilities along with more traditional endpoint, network and cloud threat detection can help these hospitals with accelerating detection and eliminating manual tasks that burden security teams and waste time.”
Lovely. This is just the latest warning about North Korea and their hacking activities. Which means that given how prolific they are at hacking all the things, you should be paying attention to this and make adjustments to protect yourself.
UPDATE: Matt Marsden, VP, Technical Account Management at Tanium added this comment:
It is not surprising to see North Korean state actors using techniques generally attributed to cybercrime and ransomware gangs. We’ve seen that North Korea will seek to use whatever methods possible to fund weapons and cyber programs. This activity demonstrates the significance of shifting the focus of cybersecurity from traditional compliance to active defense.
A threat-informed approach to defense requires agility, comprehensive visibility, and control to properly assess the effectiveness of controls against attacks. In contrast, compliance programs seek to measure the implementation of static controls against an established baseline, which values consistency and static configuration. Attackers are creative and seek to exploit misconfigurations to identify gaps in a secure host baseline. They have the advantage of time and scale; and only need to be right once. On the flipside, defenders must be right every time and suffer the disadvantage of trying to predict their adversaries’ next move.
Cyber defenders need comprehensive awareness, and absolute control of what is happening in their environments; blind spots are unacceptable. Employing an active defense approach is critical, including protecting against known threats, scanning for indicators of compromise, performing real-time hunt activities, and preparing a response.
It is no longer a question of “will there be an attack” but “when will I be attacked?” With this sobering thought in mind, it is imperative to quickly identify the compromise, scope the incident, implement changes to stop the attacker and prevent lateral movement, and finally, quickly remediate at scale.
Leave a comment »