Blog Posts for From the Experts

Cryptocurrency is all the rage right now. With amateurs getting in on the hype to learn how to trade it and watching the market escalate day to day, it can be a very exciting endeavor. But what happens when those with huge social media accounts, including Elon Musk and even Mr. Bitcoin himself, are hacked and then advertising bitcoin scams on their platforms? Absolute mayhem, that’s what.

This exact circumstance became Twitter’s worst nightmare last July, and for good reason. Approximately 130 accounts were affected and 45 were actually used to tweet scam messages, and most of the accounts that were accessed in the scam had at least a million followers. The scammers are believed to have received about 400 payments in bitcoin valued at $120,000.

The real kicker is, the “hacker” was not a professional by any means. In fact, he was just shy of becoming a legal adult – which is lucky for him and his impending jail sentence. All of this is to say that it does not take a professional team of adult hackers to take down not only one of the largest social media platforms in the world, but also some of the most influential politicians and celebrities, who we hope would have higher security than us regular civilians.

So, let’s break down the hack to understand how this happened, and talk about how businesses can put measures in their security strategy to ensure it does not happen to them. This “elaborate” plan – put in quotes because while it was elaborate in that it was successful, it was also not difficult at all for this teen to execute it because it was a social engineering scam that happens so often. Social engineering is essentially an attack where the victims are tricked into providing confidential information through very convincing scams.

An example of what the posting on Twitter looked like is below, and as you can see, it came from our former president, Mr. Barack Obama. So you can only imagine how influential and real it felt for the average Twitter user who happened to be scrolling through and is already excited around the hysteria of bitcoin.

Some of the other high profile accounts included Jeff Bezos, Michael Bloomberg, Joe Biden, Bill Gates, Kanye West, Wiz Khalifa, Elon Musk and Kim Kardashian. All 130 of the accounts that were compromised were to promote the same bitcoin scam. The tweets were flying in at such a rapid rate the bitcoin hashtag went viral, again making it seem as though it was even more real than it was.

Just fewer than 400 people fell for the scam, which was less than 13 bitcoins, but the real victim here was Twitter. Thanks to the hack, Twitter’s share value dropped immediately by four percent. Obviously the most detrimental consequences of a hack are the victims that fall for it and lose their hard earned dollars. But businesses really suffer when things like this happen.

In this case, the attacker gained access to the admin tools that Twitter was using in order to recover and reset accounts. Think about when you forget your password on any site – an email is sent to the admin of the site, and a reset password code is sent to your email. That tool at Twitter was the main victim of this crime, because the hacker was then able to go into the most prestigious accounts and change their passwords so he could take full control of what they posted.

But how did he get that far? Well, there could have been a few vulnerabilities at play that gave him the advantage of getting in. Because so many employees were working remotely, some of them were allowed to run internal admin functions from their locations, which were likely not to be the most protected of places. And for many of these employees, they could have been permitted to even run these functions on their own devices, which without the proper security in place, could mean a multitude of vulnerable access points.

According to the Information Systems Audit and Control Association (ISACA), the process by which this teenage mastermind achieved inner access could have been by:

• Pretending to be an internal Twitter support service representative using non-standard authentication due to an email outage.
• Instructing a number of staff to perform certain actions, with those staff granting remote access to their devices – which could be used to either scrape administrative access credentials or simply pivot admin tool access from those devices.
• Rogue access to the internal Twitter tool used to reset and administer Twitter accounts*

While we may not feel pity for Twitter because of their massive presence, any business is just as susceptible to a social engineering hack of this kind. Imagine a small-to-medium-sized business, where employees wear multiple hats and everyone is working their hardest. A person in accounts payable could receive a very convincing email about a wire transfer that appears to come directly from their CEO, which isn’t uncommon in a smaller sized company. Since it appears real, and this employee has a lot on their plate, they proceed with the transfer and within minutes the hackers are in. This has significant implications to the business’ data.

How can any business, regardless of their size, ensure that this will not happen to them?

An end-to-end security approach is a great place to start when it comes to protecting your business. This way, every “end,” or vulnerable place where a hacker could potentially get in is protected.

Security Awareness Training is a great way to educate employees to be on the lookout for phishing emails or anything suspicious for that matter. Security Monitoring ensures that your business is being watched 24/7, 365 days a year, and will make you aware of anything potentially hazardous to your data. And Vulnerability Management is ideal to classify and potentially remediate any threats. Lastly, any access point in your office can create vulnerability, but with MFP protection, you have another added layer of security. No matter what your security needs are, document and data protection, video security, or cyber security, this all-encompassing blueprint was designed to ensure you have security today for stability tomorrow. 😉

*https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/the-twitter-hack-how-did-they-do-it

COVID-19 catapulted the world into the future almost overnight. Firms that had a “wait and see” attitude when it came to deciding to take the plunge into new innovations in technology or to ensure they were not vulnerable to security breaches, had a rude awakening in store. There is a distinct concept that sums up how firms unknowingly prepared for the pandemic versus those who were considering a future preparedness plan: strategic partnerships. (more…)

If I had to describe myself in three words, they would be: planner, optimistic and persistent. They also happen to be three essential qualities to be a successful event organizer, especially in light of recent challenges our area of the business is facing. (more…)

After 135 years in business, fourth-generation owner John Hummel had seen numerous advances in technology benefit his family’s company, Hummel Integrated Marketing Solutions. But he never could have predicted how revolutionary the Konica Minolta AccurioJet KM-1 UV inkjet press would be. “I had been operating my digital shop with toner-based digital presses from another vendor,” Hummel told us, “but became increasingly dissatisfied with both performance and pricing model. I’ve had my eye on the AccurioJet KM-1 since it first came to market and felt that the time was now right to make the switch to UV-curable inkjet.”

(more…)

For the last 2 years, it’s been all over the news. There has been a lot of activity within our current White House administration that impacts our national – and global – economy. While much of this activity may be a source for more news articles and debates at the dinner table, it is important to understand how these changes have a direct impact on your own businesses and your income. For any business in the United States, there are two major changes that are happening now that business decision makers should understand:

1. Tariffs against Chinese imports
2. Upcoming changes to corporate income tax

By understanding the implications of these two government policy changes, businesses can take advantage to minimize costs and maximize their bottom line. (more…)

Do you remember your very first mentor? The first person you looked up to, the first person you idolized. My first mentor was my fifth-grade teacher, Ms. Netervala. She played basketball with us at recess. (more…)

When Hiring a vISO, It All Starts with a Relationship

When I was consulting I knew the best relationships I had because they would call me at any hour with random questions where they needed an immediate response. They valued the opinion and the intellectual capital supporting it. They were not embarrassed to ask and were always curious to learn. With this type of working relationship the client contact was comfortable putting me in front of the board of directors, because they were confident that I would interact with the board in the same capacity that they would.

(more…)

In 2010, Konica Minolta implemented a vertical marketing strategy and hired individuals like myself who were not from the office technology arena but whose expertise was in fields such as legal, healthcare, government, education, among others. Since that time, we have seen many of our dealers follow suit with vertical markets for their business. (more…)

Konica Minolta has been expanding and transforming its business by building off our strong imaging legacy. This transformation includes everything from offering IT services to helping reshape workspaces and most recently with our Workplace of the Future™ solutions. It’s a mighty undertaking, so it’s very satisfying when a third-party comes along and acknowledges just how successful our transformation has been. I’m very pleased to say that this occurred last week when we won multiple awards in the government security sector from American Security Today (AST). (more…)

I’m excited to be joined by Peter Wallqvist, Vice President of Strategy at iManage, for the second of a two-part blog series on legal document management solutions. Konica Minolta and All Covered — the IT Services Division of Konica Minolta — have a strategic partnership with iManage, which provides cutting-edge legal document management solutions. iManage recently acquired RAVN Systems, a UK-based company that developed an artificial intelligence (AI) platform that can organize, discover and summarize relevant information from large volumes of documents and unstructured data. (more…)