• Categories
  • Recent Posts
  • Popular Posts
  • Popular Tags

  • How to avoid falling for that ‘too good to be true’ offer

    The day we learned that hackers come in all shapes, sizes and ages

    , Marketing Specialist

    Cryptocurrency is all the rage right now. With amateurs getting in on the hype to learn how to trade it and watching the market escalate day to day, it can be a very exciting endeavor. But what happens when those with huge social media accounts, including Elon Musk and even Mr. Bitcoin himself, are hacked and then advertising bitcoin scams on their platforms? Absolute mayhem, that’s what.

    This exact circumstance became Twitter’s worst nightmare last July, and for good reason. Approximately 130 accounts were affected and 45 were actually used to tweet scam messages, and most of the accounts that were accessed in the scam had at least a million followers. The scammers are believed to have received about 400 payments in bitcoin valued at $120,000.

    The real kicker is, the “hacker” was not a professional by any means. In fact, he was just shy of becoming a legal adult – which is lucky for him and his impending jail sentence. All of this is to say that it does not take a professional team of adult hackers to take down not only one of the largest social media platforms in the world, but also some of the most influential politicians and celebrities, who we hope would have higher security than us regular civilians.

    So, let’s break down the hack to understand how this happened, and talk about how businesses can put measures in their security strategy to ensure it does not happen to them. This “elaborate” plan – put in quotes because while it was elaborate in that it was successful, it was also not difficult at all for this teen to execute it because it was a social engineering scam that happens so often. Social engineering is essentially an attack where the victims are tricked into providing confidential information through very convincing scams.

    An example of what the posting on Twitter looked like is below, and as you can see, it came from our former president, Mr. Barack Obama. So you can only imagine how influential and real it felt for the average Twitter user who happened to be scrolling through and is already excited around the hysteria of bitcoin.

    Some of the other high profile accounts included Jeff Bezos, Michael Bloomberg, Joe Biden, Bill Gates, Kanye West, Wiz Khalifa, Elon Musk and Kim Kardashian. All 130 of the accounts that were compromised were to promote the same bitcoin scam. The tweets were flying in at such a rapid rate the bitcoin hashtag went viral, again making it seem as though it was even more real than it was.

    Just fewer than 400 people fell for the scam, which was less than 13 bitcoins, but the real victim here was Twitter. Thanks to the hack, Twitter’s share value dropped immediately by four percent. Obviously the most detrimental consequences of a hack are the victims that fall for it and lose their hard earned dollars. But businesses really suffer when things like this happen.

    In this case, the attacker gained access to the admin tools that Twitter was using in order to recover and reset accounts. Think about when you forget your password on any site – an email is sent to the admin of the site, and a reset password code is sent to your email. That tool at Twitter was the main victim of this crime, because the hacker was then able to go into the most prestigious accounts and change their passwords so he could take full control of what they posted.

    But how did he get that far? Well, there could have been a few vulnerabilities at play that gave him the advantage of getting in. Because so many employees were working remotely, some of them were allowed to run internal admin functions from their locations, which were likely not to be the most protected of places. And for many of these employees, they could have been permitted to even run these functions on their own devices, which without the proper security in place, could mean a multitude of vulnerable access points.

    According to the Information Systems Audit and Control Association (ISACA), the process by which this teenage mastermind achieved inner access could have been by:

    • Pretending to be an internal Twitter support service representative using non-standard authentication due to an email outage.
    • Instructing a number of staff to perform certain actions, with those staff granting remote access to their devices – which could be used to either scrape administrative access credentials or simply pivot admin tool access from those devices.
    • Rogue access to the internal Twitter tool used to reset and administer Twitter accounts*

    While we may not feel pity for Twitter because of their massive presence, any business is just as susceptible to a social engineering hack of this kind. Imagine a small-to-medium-sized business, where employees wear multiple hats and everyone is working their hardest. A person in accounts payable could receive a very convincing email about a wire transfer that appears to come directly from their CEO, which isn’t uncommon in a smaller sized company. Since it appears real, and this employee has a lot on their plate, they proceed with the transfer and within minutes the hackers are in. This has significant implications to the business’ data.

    How can any business, regardless of their size, ensure that this will not happen to them?

    An end-to-end security approach is a great place to start when it comes to protecting your business. This way, every “end,” or vulnerable place where a hacker could potentially get in is protected.

    Security Awareness Training is a great way to educate employees to be on the lookout for phishing emails or anything suspicious for that matter. Security Monitoring ensures that your business is being watched 24/7, 365 days a year, and will make you aware of anything potentially hazardous to your data. And Vulnerability Management is ideal to classify and potentially remediate any threats. Lastly, any access point in your office can create vulnerability, but with MFP protection, you have another added layer of security. No matter what your security needs are, document and data protection, video security, or cyber security, this all-encompassing blueprint was designed to ensure you have security today for stability tomorrow. 😉

    *https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/the-twitter-hack-how-did-they-do-it

    From the Experts

    As we quickly transition into a new year, I think back on 2017 and the rash of cyber security stories that made national and international news. Ransomware like WannaCry and NotPetya, the Equifax breach, SMBv1 and SSL vulnerabilities, etc. Even a global phishing scam used a fake Konica Minolta C224e scan to email message as bait.

    Most noteworthy in the printer industry were the major campaigns launched by various MFP and print providers. As it turned out, one of the most prolific printer security campaigns actually backfired when it was discovered that the very printer vulnerabilities described in the campaign were actually discovered on their own portfolio of enterprise printers. You couldn’t make it up if you tried. (more…)

    Content Management, From Our Experts, Security, Solutions, Technology

    , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

    Konica Minolta Wins American Security Today Awards

    , Manager, Government and Education Solutions

    Konica Minolta has been expanding and transforming its business by building off our strong imaging legacy. This transformation includes everything from offering IT services to helping reshape workspaces and most recently with our Workplace of the Future™ solutions. It’s a mighty undertaking, so it’s very satisfying when a third-party comes along and acknowledges just how successful our transformation has been. I’m very pleased to say that this occurred last week when we won multiple awards in the government security sector from American Security Today (AST). (more…)

    Content Management, From the Experts, Security, Solutions, Technology

    , , , , , , , , , , , , , , ,

    Why Cyber Security Should Be Your Top Priority

    , Director of Integrated Marketing, All Covered

    eBookAs more and more core parts of our clients’ business have moved online or into the cloud, they have become increasingly concerned with cyber security. Malware, vulnerabilities and hacking have become part of their most pressing concerns, not something they’re content to simply leave to the IT guys.

    This rapidly evolving  security threat environment calls for a more comprehensive information security approach that goes beyond systems management to active protection. Thus, we’ve evolved our managed IT services and tweaked the name to go with the change: we’re now All Covered Care – Secure and Protect. (more…)

    Cloud, Content Management, From Our Experts, Security, Solutions, Strategy, Technology

    , , , , , , , ,

    Blog-bizhubSecureYou may have heard about recent reports of network hackers gaining access to multifunction printers, causing headaches for IT and cyber security personnel. These stories in the news are creating a lot of noise in the industry, overstating the risks of having a printer or MFP installed within an organization’s network. Although the vulnerabilities could be a cause for concern, multifunction printer hacks are relatively harmless, causing incidents such as an MFP to “lock up” using denial of service and brute force attacks. This type of action would require an exceptional, concerted effort by a person within the firewall of an organization to attack a specific multifunction printer. Typically, a person who wanted to do cyber harm within a corporation wouldn’t spend this type of effort to attack a printing device.

    It is important to understand that these perceived network vulnerabilities can only be taken advantage of from within a company’s network environment. This means that the network hacker would need to be a company or organizational employee with private network access. The devices are not vulnerable from outside the firewall or from the Internet – unless the network is vulnerable to external attacks. If that is the case, the multifunction printer should be the least of an organization’s worries. Obviously, the first course of action must always be to secure the network.

    (more…)

    From Our Experts, Security

    , , , , , , , ,

    10 Technologies Driving the Workplace of the Future™

    , Director of Integrated Marketing, All Covered

    WotF eBookWorking for a company that provides technology solutions means that it’s important for me to keep on top of technology trends. One clear way to do this is to look at current All Covered clients to see what challenges have been top of mind over the last year and to determine what services have been paramount to ongoing operations. The other valuable way is to look to industry leaders, such as Gartner.

    I recently wrote the eBook (along with some very talented people here in the Konica Minolta marketing department), 10 Technologies Driving the Workplace of the Future™, and I knew I had to streamline intelligence from these various sources in order to make this eBook both accurate and interesting. In writing it, here are some of the most interesting developments I noticed:

    Businesses want (and need) processes to be increasingly “smart.” From a simple profit standpoint, this makes total sense. Businesses want to assure that their resources – from employees to computers and servers – are being utilized efficiently. Companies also want to receive the best data they can on what is and isn’t working for them. That’s why I knew it was important to talk about both customer relationship management and business intelligence as well as digital ecosystems as technologies driving the Workplace of the Future. It’s clear that information gathering and sharing can empower a business if done properly – through solutions like robust, custom CRM solutions – as well as encouraging a connection between your products and services and your employees – allowing for smart decision-making. (more…)

    Cloud, From Our Experts, Solutions, Technology

    , , , , , , , ,

    ‘Get On The Bus’ for Total Value Proposition

    , VP/GM, Industrial Print and Graphic Communications

    service-bus

    Creating a differentiated value in graphic communications is not easy. Anyone can find a partner with the latest technology, solving the latest problems and, of course, all promising savings and revenue for customers.

    (more…)

    Content Management, From Our Experts, Solutions, Strategy, Technology

    , , , , , , , ,

    Print

    Security should be a driving force and not an afterthought for senior executives and their boards.

    It is important that senior executives require that their organization formally establish a credible cyber security program. It starts with setting strategic security objectives that must be achieved by December 31, 2016, and December 31, 2017. Think near-term, and think far! The organization must address security and compliance as a life-cycle, as a process. It will lower business risk! (more…)

    Content Management, From the Experts, Security, Strategy, Technology

    , , , , , ,

    How ECM Simplifies Company Security

    , Director, Enterprise Content Management

    Image1_216x250_ACsecurity

    I can remember the day that I got a house key from my father.  This was so exciting – since I was now responsible enough to come and go without an adult at home. (And I was responsible enough not to lose the key.)

    For my parents, giving me that key was not only a responsibility issue, but a security issue.  Security was a hot topic at the AIIM (Association Information and Image Management) 2016 conference that we recently attended.  That’s not a surprise, since one of the business concerns that we always have to overcome when selling enterprise content management to a customer is overcoming risks: security of the data.

    At AIIM, speaker Mark Brousseau, president of Brousseau and Associates, tackled the security topic asking the simple question:  Think Your Scanned Images Are Safe? Think Again.

    (more…)

    Content Management, From Our Experts

    , , , ,

    The future of business process is the future of ECM

    , Executive Vice President, Sales and Business Development

    Enterprise Content Management is hot right now. And for good reason.

    As more and more companies realize they have to pay greater attention to information management, security and compliance of data, the realm of ECM is poised for exponential growth. Legacy paper-based systems provide limited value and clearly do not meet the stringent security requirements necessary in today’s workplace.

    (more…)

    Content Management, Leadership, Strategy, Technology, Thought Leaders

    , , , , , ,