To keep up with the firehose of news and press releases, we’ve decided to deliver some extra news to you on the side every Monday and Thursday morning. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought of sharing with you. We’re doing a similar thing at Channel Daily News – check it out here. Today’s briefing is delivered by ITWC editorial director Alex Coop.
What you need to know, right now
It’s what you need to know right now – ’nuff said.
That escalated quickly. We went from a few odd posts from Bill Gates and Elon Musk to what is likely the most catastrophic security breach in Twitter’s history. Here’s what we know:
- On Wednesday afternoon, dozens of high profile Twitter accounts (as far as we can tell, they were all verified accounts) were compromised in one of the most widespread hacks the platform has ever seen. Strangely, the attack promoted a bitcoin scam that as of right now, has helped the hacker(s) rack up more than $200,000.
- Tweets that were deleted by the account owners appeared to be put back almost as fast. Twitter eventually prevented all verified accounts from tweeting at all. Those accounts have since been unlocked.
- Coindesk reported that some of the compromised accounts had multi-factor authentication enabled.
- After nearly two hours of silence, Twitter finally acknowledged the issue at 5:45 pm EST. They said they were on it.
- At 10:38 pm EST Twitter posted this thread:
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Twitter Support (@TwitterSupport) July 16, 2020
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
— Twitter Support (@TwitterSupport) July 16, 2020
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
— Twitter Support (@TwitterSupport) July 16, 2020
In an email, Terry Cutler, a certified ethical hacker and the founder of Cyology Labs, a cyber defence firm in Montreal, told IT World Canada that he suspects hackers got access through third-party apps that connect via an API into Twitter. “For example, applications like Hootsuite or Tweetdeck are popular tools for managing multiple Twitter accounts. Via their system, they can push your Tweet or scheduled post into Twitter through an API.” Third-party apps, he added, bypass the two-step verification that Twitter Verified apps must-have. They plug directly into Twitter’s back end.
We’ll provide you with more details as they become available.
Talking the digital office and corporate responsibility with ServiceNow’s Chris Pope
Executives don’t have to worry about a permanent workforce in sweatpants, but we’re never going back to the way things were, says Chris Pope, the global vice-president of innovation at ServiceNow. Even legal firms – *legal*, one of the most paper-bound industries on the planet – are rapidly modernizing to accommodate a workforce that isn’t very technically literate.
“I was talking to a CIO and they were struggling to remain connected,” Pope explained. Technical literacy wasn’t high on the agenda for this legal firm, and they were looking to reduce support costs as well. “They’ve gone on to deploy MacBooks, leading to a 30 per cent reduction in support calls. They were used to their iPhones, but historically, they weren’t attracted to Apple at all. But the support infrastructure became appealing.”
Gartner says 75 per cent of CIOs expect at least 5 per cent of their workforce to work remotely permanently. And even as the discussion recently in the corporate world has shifted to how we can safely get back to the office, Pope says it’s never going to be the way it was. Vendors and channel partners should be prepared to serve a market that’s permanently been altered by the pandemic. No more “banging people over the head with 70 per cent discounts,” he said.
Confidence in their product alone doesn’t get them through the door automatically anymore, either. ServiceNow’s flagship software is near-mission-critical in several organizations. Zoom even recently announced a new Hardware-as-a- Service offering that will run on the ServiceNow platform But it was roughly 18 months ago when Pope began noticing RFPs seeking more information about applicant’s hiring practices and supported social causes. “If you’re not a socially responsible organization you will suffer brand damage.”
Provisioning equipment for remote workers remains a challenge, and supply chain shortages continue to complicate purchases. Moving forward, the challenges will begin to take form elsewhere, as more and more businesses try to install or enhance e-commerce tools to establish contactless payments. Returning to the brick and mortar store has to be an employee-led decision, Pope emphasized, and that still doesn’t remove the need for an online storefront that not only works, but customers will want to come back to.
In case you missed it
The recent news that we maybe didn’t get to yet, or it’s the news we’ve reported on and feel is worth resurfacing. Sometimes we’ll also feature awesome stories from other publications.
Yesterday, Minister of Small Business, Export Promotion and International Trade, Mary Ng, together with Shopify launched Go Digital Canada. The program is available at shopify.ca/canada, and is a central resource hub designed to make it easier for Canadian business-owners to get online. It also provides access to a suite of free resources and other goodies offered by Shopify and its ecosystem of partners and experts.
====
Google has announced three new online certificate programs in data analytics, project management and user experience design. The certifications are taught by Google employees and do not require a college degree. The courses can be completed in three to six months and are offered through the online learning platform Coursera. The 100,000 need-based scholarships will be for individuals enrolled in any three of these certificate programs.
====
IBM is touting its reduction in CO2 submissions. IBM announced that its operational CO2 emissions have been reduced by nearly 40 per cent since 2005, according to the 30th annual IBM and the Environment Report. The achievement, according to IBM, puts itself well ahead of schedule in reaching its current goal of a 40 per cent reduction in CO2 emissions by 2025.
====
Digital Transformation Week 2020 – Day 2 recap [FULL STORY]
Day 2 of ITWC’s Digital Transformation Week was dedicated to navigating the complicated waters of AI and machine learning while highlighting some real-life applications of AI in business.
====
Digital Transformation Week 2020 – Day 1 recap [FULL STORY]
ITWC’s annual summer conference has become a week-long affair with four 60-minute sessions. The virtual conference’s first 60-minute session Monday was about digital workspaces and kickstarted by ServiceNow’s Chris Pope, the session couldn’t have been more topical.
====
From IT World Canada – Average number of breaches in Canadian firms may be dropping, Carbon Black survey says [FULL STORY]
Canadian organizations are paying more attention than ever to cybersecurity, and if a recent survey is representative they may have something to show for it. However, all of the respondents in the most recent survey said they had suffered at least one breach of security controls in the previous 12 months. That’s the highest number in the three-year history of the survey — and a leap from the 88 per cent who said they had been breached in the previous survey done in October 2019.
====
From IT World Canada – AMD launches Ryzen Threadripper Pro 3000WX series workstation processors [FULL STORY]
This week, AMD released its Ryzen Threadripper Pro 3000WX series workstation processors for enterprise computing environments.
Bookmarks of the week
A few bookmarked Tweets that we think are worth sharing with you. Today’s mostly have to do with that nasty Twitter hack
Some early insight from Trend Micro’s vice-president of cloud research Mark Nunnikhoven.
information is still coming out but all current indicators are the accounts #hacked on @twitter were as a result of a system level attack, not user accounts
this is going to be very interesting…
1/?
— Mark Nunnikhoven (@marknca) July 16, 2020
====
A valid question.
how can you be smart enough to hack an API to access accounts of the most powerful people but dumb enough to ask for bitcoin
— Della (@blackqueentech) July 15, 2020
====
Some words from Twitter CEO Jack Dorsey.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
====
Cybersecurity writer Davey Winder having a little bit of fun with the situation.
What would have saved #twitter? Wrong answers only.#infosec #twitterhacked
— Davey Winder (@happygeek) July 16, 2020
====
We’ll wrap things up here.
It’s been this sort of day. pic.twitter.com/N4ewndS5mE
— R.J. Lehmann (@raylehmann) July 15, 2020