Hackers stole millions from Wisconsin Republican Party

Original Article By Scott Bauer
October 29, 2020
AP News

PHISHING ATTACK STOLE MONEY; NO DATA.

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident.

There have been more than 800 attempted phishing attacks for financial gain targeting the Wisconsin Democratic Party this campaign cycle, but none has been successful, said party spokeswoman Courtney Beyer. The Wisconsin Republican Party, however, was not so lucky.

Hackers manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats to be handed out to supporters. Invoices and other documents were altered so when the party paid them, the money went to the hackers instead of the vendors, Republican Party Chairman Andrew Hitt.

It appears the attack began as a phishing attempt and no data appears to have been stolen, said party spokesman Alec Zimmerman. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday after it was discovered that an invoice was generated that shouldn’t have been there.

The alleged hack was discovered less than two weeks before Election Day, as Trump and Democratic rival Joe Biden made their final push to win Wisconsin and its 10 electoral votes. Trump won the state by fewer than 23,000 votes in 2016 and was planning his third visit in seven days on Friday. Biden also planned to campaign in Wisconsin on Friday. Polls have consistently shown a tight race in the state, usually with Biden ahead by single digits and within the margin of error.

REALTIME CYBER SECURITY SOLUTIONS

The most dangerous attack is used to do everything from steal money to deploy malware; more than just compromising data. Our Chief Information Security Officer, Todd Swartzman, can meet with you personally and do a gap assessment on your business to see where you could use extra protection. Learn more now about our Cyber Defense program…

RealTime IT is located in Dothan, Alabama and services the entire Wiregrass area and across the U.S.

By Nancy Bilyeau | https://thecrimereport.com

Microsoft took legal action on Monday to disrupt a botnet called Trickbot, “one of the world’s most infamous botnets and prolific distributors of ransomware,” which many  feared was preparing to cast doubt on the results of the U.S. presidential election.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” said Microsoft in a statement.

The company obtained an order from a federal judge in the Eastern District of Virginia that gave Microsoft control of the Trickbot botnet, a global network it describes as the largest in the world. Botnets are networks of computers secretly infected by malware that can be controlled remotely.

CONTINUE READING

HOW EASILY CAN YOU BE FOOLED BY AN EMAIL?

Credential harvesting websites are dangerous and sneaky!

Phishing emails seem to be getting harder to spot! Recently, several employees received a phishing email from a legitimate sender! The “senders” Office 365 mailbox was breached the same morning this email was sent.

If you hover over the links in the email asking you to “Click Here” or “More Info”, they would lead you to this page (screenshot is pictured). This is a credential harvesting website that has the intention of trying to get you to fill it out… providing your email credentials!

If you (the recipient) opened this link in Chrome, it would warn you that this may be a deceptive site - but you cannot count on that always being the case with these threats.

The link checker built into email protection didn’t see this as a threat because it came from a known user, and web filters and DNS filter didn’t see a problem either. So, this threat bypassed four layers of protection! Scary!

THE HUMAN FIREWALL SAVED THE DAY!

As always, people are the last line of defense for threats like this one! The employee at this company used reasoning and noted the url (see the top that says “Whackinggrowers.com/CD/out/) was not a Microsoft location and was phishing. This person immediately notified our Chief Information Security Officer (CISO) about the email, which was the right thing to do! They saved their business from allowing potential bad actors to steal their information. Humans are the last line of defense for threats like this one! Even though systems are smart and can catch most suspicious emails; our common sense, risk awareness, and responsiveness will ultimately save your company from disaster!

Japan-based business technology giant Konica Minolta was hit by a new ransomware strain, which brought its services down for almost a week.

On July 30, customers reported not being able to access the company’s product supply and support site, met instead with a “service temporarily unavailable” message. Soon after, the company’s printers also started displaying a “Service Notification Failed” error.

The company itself remained quiet on the matter, to the extent that customers “could not get a straight answer as to what was causing the outage”, according to Bleeping Computer.

READ THE FULL ARTICLE NOW

As Hurricane Laura makes its way towards Florida and the Southeast U.S., now is the time to take action and be prepared to protect your computers, printers, files and data.

1. ENSURE YOU HAVE A BACKUP

• Don't wait until the day before a hurricane to backup your files! It's good practice to frequently backup your data files. We recommend a hybrid-cloud image-based backup that can be used to restore data and applications even if your server is destroyed, and that can restore data from different points in time.

• Print a copy of your important/emergency contacts and take them with you if you do not have access to them from your phone or computer, you'll have them available to use via a landline.

• RealTime Clients: Everyone who is on our Business Continuity Service – Your servers are backed up and replicated offsite daily. If there is a problem, we correct that as part of the service. As hurricanes approach your physical location, we’ll be talking with you and confirm things are backed up and replicated prior to you shutting your operations down as part of your storm prep.

2. SECURE YOUR EQUIPMENT

• COMPUTERS

  • Shutdown the operating system.

  • If connected to a surge protector or UPS - unplug from the wall outlet (or unplug power cables from the surge protector or UPS if wall outlet isn't accessible).

  • Unplug Ethernet cable from the back of computer or docking station.

• PRINTERS

  • Power off the printer.

  • If connected to a surge protector - unplug as described above.

  • Unplug the Ethernet cable from the back of the printer.

  • Unplug the phone cable from the back of the printer (if a fax line is connected).

• SERVERS AND NETWORK EQUIPMENT

  • Perform a normal shutdown of the servers. RealTime clients: Please coordinate with RealTime service desk. 

  • Unplug all connections - Take photos to document how things were prior to the event. 

  • Firewalls, Switches, Access Points - unplug them from power. Unplug the firewall from the internet connection as well. Ideally, unplug all the network connections (surges can travel through the network cabling).

  • Battery backups - power these off and then unplug them.

  • Phone systems - Check with your vendor to see what steps you can take to protect it.
     

3. PROTECT FROM WATER/WIND

When a major storm is predicted, elevate your CPUs, printers, servers, and other network devices, as well as other electrical appliances like space heaters, off of the floor.  For high winds, move computers away from windows.  If there is a possibility of water leakage, cover computer equipment with plastic.

4. CONTINUING OPERATIONS AFTER THE STORM

•  If you are in the path, power and internet connectivity may be hard to come by for a few days. Generators can provide enough power to run your critical computer equipment – just be sure you are connecting up to something that can deal w/ the power fluctuations many generators have. Please ask RealTime before connecting things up to generators as they can damage sensitive equipment. Modern battery backups may have the capability to condition the power off of a generator – check with the manufacturer to confirm before trying this.

• 4G USB modems or Mifi can get you connected in an emergency. Everything you do may not work, but basic web browsing.

• Forward your phones – If the office is expected to be out a few days, most phone service providers have a way for you to forward calls to your business to a cell phone or alternate number. Get the steps now, before you need them.

5. BE PREPARED

Knowing what steps to take ahead of time will help you be prepared in the worst-case scenario. RealTime is committed to ensuring our clients are prepared with the proper technology to meet their current/future needs as well as advising them about safeguarding their business from weather-related, cyber and other disasters. 

If you would like further information about RealTime managing Information Technology for your business, contact us at info@realtime-it.com.