RSS Feed LinkedIn Instagram Twitter Facebook
FMG Law Blog Line

Posts Tagged ‘Hack’

Estimated 30,000 U.S. Organizations and Businesses Hacked Through Microsoft Exchange Server “Zero-Day” Vulnerabilities

Posted on: March 10th, 2021

By: John Ghose

State-sponsored hackers have accessed the Microsoft email environments of an estimated 30,000 U.S. organizations – including many small and medium-sized companies, universities, and government agencies.  This hack is nearly twice the size of the recent SolarWinds hack, and immediate action is needed to determine if your organization has been compromised. Below we explain how to assess whether your organization has been affected, and what to do if your data has been compromised.    

On Wednesday, March 3, 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to businesses and organizations running Microsoft Exchange on-premises products. The emergency directive was prompted by a blog post written by Microsoft a day earlier that described successful efforts by a Chinese state-sponsored hacking group to exploit previously unknown “zero day” vulnerabilities of its MS Exchange product.  Volexity, the security firm that first discovered the zero-day vulnerabilities, said in this article that hackers have been using these vulnerabilities to access victims’ email environments as far back as January 6, 2021.

According to guidance from Microsoft and CISA, if your organization uses MS Exchange on-premises (not cloud) servers, you should take the following steps immediately:

  • Run the free script and deploy security updates provided by Microsoft to assess your exposure and patch your system;
  • If these initial assessments reveal indicators of compromise, your organization should activate its incident response plan and contact your cyber insurance carrier, if you have one, which can assist you with retaining a law firm and forensics vendor for guidance and advice.
  • Finally, your organization should back-up network data immediatelyAs reported by Brian Krebs, the security community fears that hackers could later exploit the web shell “back doors” installed as part of this hack by conducting a mass ransomware attack campaign to disrupt the American economy.  Backing-up data mitigates this ransomware risk.

If you need help with any of these steps, FMG’s Data Protection, Privacy, and Technology practice section is available and already advising several clients who have been affected by this breach.  In addition, we are partnering with Tracepoint, a leading cyber incident response firm, to provide clients with a zero-cost initial consultation to help them determine what actions are needed because of this hack.  Please contact co-chairs David Cole and John Ghose for further information.

Twitter Hack and the Lessons it Leaves Behind

Posted on: July 21st, 2020

By: Courtney Mazzio

Twitter fell victim to a major cyber attack on Wednesday, July 15, when the accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. The first public signs of the intrusion came around 3 PM EST, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Shortly after that, similar tweets went out from the accounts of other cryptocurrency exchanges, and from the Twitter accounts for certain politicians and celebrities including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple. In immediate response, Twitter blocked new tweets from every verified user, whether compromised or not, and they locked all compromised accounts.

In order to gain access to the user accounts, the attackers targeted certain Twitter employees through a social engineering scheme. In this attack, the attackers successfully manipulated a small number of Twitter employees and used their credentials to access Twitter’s internal systems. As of July 18, Twitter knew that the bad actors accessed tools only available to their internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send the tweets. Twitter’s also reporting that for up to eight of the accounts involved (none were verified accounts), the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity, meaning that information such as private conversations and personal information on those accounts could have been accessed by the attackers.

Though the identities of the hackers are not yet known, there are strong indications that the attack was perpetuated by individuals who specialize in hijacking social media accounts via “SIM swapping,” an increasingly popular form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. It’s estimated that the bad actors collected over $100,000 through this Twitter scam.

This incident demonstrates that even tech companies with technically sophisticated employees can still fall victim to phishing attacks. Twitter has said it will conduct additional company-wide training to guard against social engineering tactics in order to supplement the training its employees already receive during onboarding, and that employees will receive ongoing phishing exercises throughout the year as well. Training of that type is important not just for companies like Twitter, but really for companies of all sizes and in all industries. Employees continue to be a front line of defense in cybersecurity and no amount of technical safeguards on your computer network can protect against an employee being tricked into disclosing his or her credentials in a social engineering scam. So the moral of the story is: train early, train often, and talk about social engineering and cybersecurity in your workplace.

If you have questions or would like more information, please contact Courtney Mazzio at [email protected].