Hackers stole millions from Wisconsin Republican Party

Original Article By Scott Bauer
October 29, 2020
AP News

PHISHING ATTACK STOLE MONEY; NO DATA.

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident.

There have been more than 800 attempted phishing attacks for financial gain targeting the Wisconsin Democratic Party this campaign cycle, but none has been successful, said party spokeswoman Courtney Beyer. The Wisconsin Republican Party, however, was not so lucky.

Hackers manipulated invoices from four vendors who were being paid for direct mail for Trump’s reelection efforts as well as for pro-Trump material such as hats to be handed out to supporters. Invoices and other documents were altered so when the party paid them, the money went to the hackers instead of the vendors, Republican Party Chairman Andrew Hitt.

It appears the attack began as a phishing attempt and no data appears to have been stolen, said party spokesman Alec Zimmerman. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday after it was discovered that an invoice was generated that shouldn’t have been there.

The alleged hack was discovered less than two weeks before Election Day, as Trump and Democratic rival Joe Biden made their final push to win Wisconsin and its 10 electoral votes. Trump won the state by fewer than 23,000 votes in 2016 and was planning his third visit in seven days on Friday. Biden also planned to campaign in Wisconsin on Friday. Polls have consistently shown a tight race in the state, usually with Biden ahead by single digits and within the margin of error.

REALTIME CYBER SECURITY SOLUTIONS

The most dangerous attack is used to do everything from steal money to deploy malware; more than just compromising data. Our Chief Information Security Officer, Todd Swartzman, can meet with you personally and do a gap assessment on your business to see where you could use extra protection. Learn more now about our Cyber Defense program…

RealTime IT is located in Dothan, Alabama and services the entire Wiregrass area and across the U.S.

What is the Dark Web?

You’ve heard of the dark web…but what exactly is it? Here are some FAQs courtesy of DARKWEB ID.

The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.

Free download

Download the free DARKWEB FAQ sheet now!

Download a free FAQ sheet that explains how to protect yourself, what it means if your organization’s credentials have been exposed and much more…

Information courtesy of DarkWeb ID.

DIGITAL RISK PROTECTION ACTIVITY BOOK

This fun activity book teaches kids of all ages about Digital Risk Protection. In this book, three heroes work together to help people and businesses protect their information from being stolen by bad guys. Billy, Penny, and Danny work very hard to guard important Digital Data like passwords, files, banking documents, personal information, business secrets or anything else that is stored on a computer or in the cloud and keep it protected and safe!

DOWNLOAD NOW

This book is courtesy of www.idagent.com.

Do you know what password spraying means? In the guide below, you can learn about ways to help your business against COVID-19-related scams. Here is a COVID-19 Cyber Threat Exploitation guideline created by the Cybersecurity and Infrastructure Security Agency (CISA) and United Kingdom’s National Cyber Security Centre (NCSC). Please feel free to share as needed. For more information on the CISA or NCSC, visit www.cisa.gov/coronavirus.

RANSOMWARE PREVENTION

A TALE OF TWO SCHOOLS

Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans. 

The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.

School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier.  Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.

The University of Maastricht, The Netherlands

School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase. 

LESSONS LEARNED?

The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes. 

 TODD’S TAKE ON THE RECOVERY:

After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data. 

summary:

• Be sure to have a good backup in place;

• Cyber insurance is a great idea;

• Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting. 

 WANT TO TALK?

Want to talk to our Chief Information Security Officer about a better strategy for your business?

READ THE ARTICLE BY SC MAGAZINE NOW