Locked out: what's happening on YouTube right now

Locked out: what's happening on YouTube right now

Several content creators fall victim to hackers

In mid-April, one of Germany's best-known influencers briefly lost access to almost all his channels. Julien Bam, from Aachen, Germany, was the victim of a hacking attack. Julien Bam is one of the biggest names in YouTube Germany, his videos regularly break the million views mark, his posts on Instagram perform very well, the community is loyal and grows regularly despite the knowledge that only three videos will come on the main channel. The 32-year-old is also one of the advertising faces for Fanta. The sweet, yellow lemonade is regularly featured in his videos, some of them funny. And so, the surprise, or the shock was great, that instead of creative videos with millions of views, all channels were renamed, all videos deleted and instead livestreams were running on the topic of investing in cryptocurrencies. In the descriptions of the videos, links were given, which lead to platforms, where the blue is promised down from heaven. The reality is different and far scarier.

Systematics of the attack

The example of Julien Bam is a good way to explain how attackers proceed. Namely, strategically. The infection, which caused Bam to lose access to his channels and affected his own devices, took place much earlier and was probably more accidental in nature. Nevertheless, this Trojan was targeting something specific and that was the graphics cards in the devices. Now, before we get ahead of ourselves, Julien Bam, like most major influencers, works with a professional team that helps him with the videos. Unlike other content creators, he's also open about it. So, it's not surprising that all the devices on site at Julien Bam's office were affected by the Trojnaer. The Trojan was one of a special kind. Not only did it give the attackers access to Julien Bam's social media channels, but it also abused devices for mining crypto coins. This kind of malware is becoming more and more common. After Bam lost access to his accounts, one of his colleagues ran a virus scan across servers and devices, unearthing a considerable number of threats and infections to the IT system. These had gone unnoticed for days and then, from the attackers' point of view, came the coup: over the Easter weekend, the attackers then unleashed a full-scale attack. They took control of the channels, streamed livestreams and linked their pages. Although Julien Bam and his team were able to prevent the takeover of the Instagram account but had to watch helplessly afterwards as the attackers abused the painstakingly built platform for their malicious purposes.

The damage to the influencer and to their subscribers.

The first major damage was noticed in the numbers of subscribers, this fell in the first hours of the attack, on Easter Monday, by almost 60,000. Many users suspected a "promo move". These are not uncommon in YouTube Germany, and usually in such PR campaigns, all videos are set to private, also the communication on channels is set, and then a video appears at the end. Such actions usually cost subscribers, but not close to 60,000. Means, while Julien Bam and his colleagues tried to contact YouTube, he also had to defend himself against the accusations of his fans that this is an extremely shabby form of advertising. But YouTube was also running logs: People reported the livestreams, the platform reacted with a full-scale closure of the account and the account for advertising. So, a major source of revenue broke away within hours. The spit was over only after several days, then the channels were restored with all their content and normality returned.

The protection

But what is the consequence of this? Even though Julien Bam got off with a black eye, one must ask the question, how did such a momentous malware infection happen. Which website is responsible for it or was it a good phishing mail that slipped through the cracks where an attachment or link was clicked? Or maybe one of the YouTuber's employees was targeted, who also did not notice the infection and released the infected file via a USB stick, unnoticed, into the Sever. The possibilities are many and could only be determined through a digital forensic investigation. But what can you do in real time to protect yourself? The answer is not VPNs, which YouTubers love to promote, but HP Enterprise Sure Click. This means that files are executed in secured virtual machines, and if a virus should be executed as a result, the machine can simply be closed and thus dissolved, so that the virus cannot access the system. The file is thus sandboxed. HP Enterprise Sure Click can boast the following number in particular: 5,000,000,000. That's how many files have been opened and executed with the program without even causing any harm to users.

How do I determine if I have been hacked?

There are indicators that suggest that you have become a victim of hackers. For example, a clear indicator is when increased pop ups appear on your display or your computer is very slow, then you can assume that your device has fallen into the hands of an attacker. If you cannot access accounts or Task Manager anymore, you should shut down the computer and disconnect it from the power immediately. Because even if the malware is still present on the device, hackers cannot perform magic, which means that if the device is shut down and no longer gets power, the hacker also loses access to the computer.

But you don't have to be paranoid now, but especially if you are on the road in the digital world with your work devices. Because the data of a company, are the most asset of a company and must be protected with all means. We are happy to help you with this!

Do you have questions about HP Sure Click Enterprise, would you like to have your employees trained in the handling of data or would you like to receive detailed and professional advice? Then contact us today, we will be happy to assist you.




Contact us now