Anyone paying attention to the news lately likely knows about the large-scale hack of Twitter. It was the largest attack in the platform’s history and compromised over 130 prominent accounts[1].

It wasn’t the only recent high-profile hack, however. Two other large companies suffered major incidents as well. While they may not have been as headline-grabbing, the bandits in these cases made off with millions of dollars.

The day Bill Gates tried to scam you

No, that’s not a reference to Windows Phone. On July 15th, many public figures had their Twitter accounts hacked, including Gates, Joe Biden, Barack Obama, Warren Buffet, Kanye West, and others. These accounts were all made to tweet out a Bitcoin donation scam. By the time the attack was dealt with, the scammers got away with nearly $120,000 in BTC.

Since then, the alleged perpetrators have been identified. According to authorities, the “mastermind” behind the scheme was a 17-year old from Florida, Graham Ivan Clark. Whereas most 17-year old boys are concerned about who they’ll take to prom, Graham allegedly spent his time concocting an increasingly-complex list of digital scams. What started as trolling Minecraft players for small-time sums ended with Clark amassing over $3 million in Bitcoin[2], including the $118,000 Twitter heist.

While it has not been verified, the leading theory as to how the hackers carried out their plan is as follows:

  • They targeted employees with administrative privileges at Twitter with phone-based spear phishing attacks. Spear phishing is a social engineering method where the malicious agent attempts to convince an employee of the company to reveal sensitive information. In this case, Clark allegedly posed as a co-worker in the Twitter IT department.
  • This gave them access to powerful internal tools capable of managing high-profile accounts.
  • The agents then used these tools to change associated emails and reset passwords of the targeted accounts.
  • With full access, they were able to tweet out the Bitcoin scam.

You can imagine why this story has received much traction. It has potentially far-reaching implications beyond a moderate heist. If bad actors were able to gain access to such prominent accounts and use them for even more devious purposes, chaos could ensue. This is one reason why the FBI took a leading role in the investigation of the crime[3].

The CWT hack

The travel management firm CWT has also been in the news lately due to a cybercrime incident. Although the potential consequences of this attack are less sweeping than the Twitter incident, it is still an amazing case.

On July 27th, it was found the company paid $4.5 in Bitcoin to hackers who had infected up to 30,000 of their computers with the ransomware known as Ragnar Locker.

Ransomware is a common type of malware. The variety used in this attack encrypted data on the compromised computers. This encrypted data could not be accessed until ransom demands were met. Upon this, the hackers provided decryption keys.

Ragnar Locker is specific ransomware discovered in December 2019. Attackers employing this program have been known to use especially tricky methods to escape detection. They hide it within a virtual machine image. This image is installed in secret and then maps out all connected drives on the target’s network. Since the malware is running in a VM, it is concealed from security software. This makes it very difficult to prevent or quarantine.

The CWT case is interesting because the chat room logs of conversations between the hackers and CWT management leaked. Typically, companies faced with a hack discuss terms in private and the public is unaware of the specifics of the deal. Here, it is known that the attackers initially asked for over double the amount they ended up receiving in ransom. Still, it is amazing to think that a 49kB malware file hidden in a 282MB virtual image could net these attackers $4.5 million.

Garmin pays out

Garmin, most known for its GPS-related products and smartwatches, fell victim to ransomware on July 23rd. The attack has been tied to a notorious, Russian/Ukrainian-based hacker group known as Evil Corp.

What is there to know about this group? For one, they’re likely fans of the television show Mr. Robot. More than that, though, they are an extremely proficient group of cyber thieves. It is estimated their attacks have netted them well over $100 million in ill-gotten gains[4]. This gang is so prolific, it has received official sanctions from the United States government.

The ransomware used in the Garmin attack is called WastedLocker. Like Ragnar Locker, it also has a novel method of concealment.

Anti-ransomware programs monitor a computer’s file systems to see if a large number of files are being opened and modified sequentially. When security software detects this, it kills the process, limiting the damage done to a small number of files. WastedLocker bypasses this by opening a file into the Windows Cache Manager which is stored in the system’s RAM. It then closes the original file and encrypts it in the cache manager. Due to how Windows Cache Manager operates, the newly-encrypted file is then written back over the top of the original file in the file system.

Although it isn’t known exactly how much Garmin paid out to decrypt their files, we do know the company has retrieved their data. With an alleged demand of $10 million, it’s nearly guaranteed that Evil Corp received millions of dollars.

Leveraging the security of blockchain

At first glance, it may seem counterintuitive to use blockchain technology to stop cybercriminals. After all, the thieves typically receive their ransom payments in blockchain-powered cryptocurrency to remain as anonymous as possible. There are useful applications of the technology for cybersecurity, however.

Consider the underlying strengths of blockchain technology:

  • Data stored within the blockchain can’t be altered without being noticed immediately.
  • Data is not stored on a small number of centralized servers. The blockchain is distributed among all nodes within it, which often number in the thousands or more.

These strengths show why the tech is suited so well for data security. If a hacker were to infiltrate a node on the blockchain and alter information, it would conflict with the data on the other nodes in the blockchain, and subsequent blocks are rendered invalid. The infected nodes could be removed from the system and their data restored to a valid state before reintegration.

Databases built from blockchain technology are the future for cybersecurity. Malicious attacks of ransomware can be stopped in their tracks without significant downtime or data loss.

Securing data at rest and in motion

Axel is committed to this vision. That’s why blockchain encryption is the backbone of our Axel Go filesharing platform. Axel Go ensures your files are secure, private, and accessible from anywhere. In the age of multimillion-dollar hacker organizations, you can trust that your sensitive data is safe with us. Download it today and try it out for yourself. We’re securing data at rest and in motion.

 

 

[1] Michael Liedtke, “Biden, Gates, other Twitter accounts hacked in Bitcoin scam”, AP News, Jul. 15 2020, https://apnews.com/95f55c9846e880f23791845f5d0c3f38

[2] Josh Solomon, “Bail in Twitter hack: $725,000. Tampa tee’s assets: $3 million in Bitcoin”, Tampa Bay Times, Aug. 2 2020, https://www.tampabay.com/news/crime/2020/08/01/twitter-teen-makes-first-court-appearance-in-tampa/

[3] Robert McMillan, Dustin Volz, “FBI investigates Twitter Hack Amid Broader Concerns About Platform’s Security”, The Wall Street Journal, Jul. 17 2020, https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537

[4] Andrew Roth, “US Charges Russian ‘Evil Corp’ hackers with $100m banking scheme”, The Guardian, Dec. 5 2019, https://www.theguardian.com/technology/2019/dec/05/evil-corp-hack-us-feds-charge-russian-hackers