OpSec is hard. Lessons learned from the Twitter hack arrests.

Industry News, Tech news
As many of you may already know, social media platform Twitter was attacked on 15 July 2020 and 130 high-profile accounts were taken over and used in a scam to collect Bitcoin. During the attack, there was a lot of discussion and marvel at the scope and complexity of the attack and a $1 million bounty was offered to "those who successfully track down and provide evidence for bringing to justice the hackers / people" [behind the attack]. Coverage of the attack and 'buzz' on social media continued for a couple of days. Fast forward to this morning and one of the first things in my news feed was an article that the 17 year old alleged mastermind of the attack was arrested after authorities tracked him down using a…
Read More
Beware, fake ransomware attacks are making the rounds again.

Beware, fake ransomware attacks are making the rounds again.

CTC NEWS, Industry News, Tech news
Don't get me wrong, there are still tons of legitimate ransomware attacks circulating about but the fake ones seem to ebb and flow as well. Below is an email that we received this morning. The domain is one that's legitimately ours but a) it's unused and b) there's no database there. So, it's a complete farce but it's an excellent opportunity to highlight some key things to watch out for to protect yourself. If you get a similar email (these tend to be pretty boilerplate), know that it's likely false. Another popular pretext is that some random attacker has caught you in 'compromising positions' or watching 'illicit material'. The email is regarding an unused domain.Since the domain name is unused, there's no database there for the attackers to have download.The…
Read More