Archive for May, 2021

Where’s The Beef? The World’s Largest Meat Processing Company Pwned In Cyberattack That Has Shut Down Operations Globally

Posted in Commentary with tags on May 31, 2021 by itnerd

Here’s a cyberattack that has world wide ramifications. JBS Foods has fallen victim to a cyberattack that have shut down production around the world:

The world’s largest meat processing company, JBS Foods, has fallen victim to cyber attacks that have shut down production around the world, including in Australia.

The company’s information systems were targeted, chief executive Brent Eastwood confirmed to Beef Central on Monday.

JBS has 47 facilities across Australia and operates the largest network of production facilities and feedlots in the country.

The company also has meat processing facilities in North and South America, Brazil and Canada.

A spokesperson refused to comment on the cyber attacks.

It isn’t clear what type of cyberattack this is. But seeing as it is global in scope, this has the potential to become a major problem and affect a whole lot of us.

As usual, law enforcement and the like have been informed. But as usual, this is way too late as the pwnage has already happened and now this company is in damage control mode. Thus highlighting that a ounce of prevention is worth more than a pound of cure.

UPDATE: I have some commentary from David Masson, Director of Enterprise Security of Darktrace:  

Just weeks after the Colonial Pipeline was shut down and Ireland’s national health service was knocked out, the JBS breach serves as another example of the vulnerabilities of critical national infrastructure in the wake of destructive cyber-attacks. 

The details of the breach hint that this too was a ransomware attack, the target this time being national food supply chains. Once again, the notion that ransomware is a national security threat is ringing true – and we need a fundamentally different approach to security without throwing more humans into the mix. 

As our world becomes increasingly hyperconnected, the barriers to attack become lower – and many more points of entry open up for hackers to exploit. Traditional security tools and human teams are struggling to contain attacks, and the result is often blunt and heavy-handed responses that stop the spread of the attack, but cause major operational disruption. Organizations need an alternative way out – one which can thwart attacks before they have a chance to spread. This is why thousands of organizations are turning to technologies like autonomous response to fight fire with fire – and contain attacks before the damage is done. 

Review: Ekster Aluminum Cardholder

Posted in Products with tags on May 29, 2021 by itnerd

Father’s Day is coming up and a very common gift is a new wallet. But instead of giving Dad yet another wallet that looks the same as his last wallet, how about serving up something with a bit of style and tech? To that end, let me introduce to you the Ekster Aluminum Cardholder:

This is a 6061-T6 aluminumaluminum wallet built for quick access of all your cards via two compartments. It’s also capable of carrying cash in the form of bills as well.

The expandable metal backplate allows you to carry a pair of cards that you frequently access (credit cards for example) while keeping a slim profile. There a notch at the bottom center of this section that helps you to push them out so that you can get to them.

The main section of cardholder fans out your cards at the click of a button. This is where you store your less frequently used cards. The cardholder holds a maximum of 6 non-embossed cards, or a combination of 4 – 5 embossed/non-embossed cards (depending on the thickness of each card).

One handy thing that this cardholder offers is RFID protection

There’s one more trick that this cardholder has:

You can get an optional Tracker Card so that you can track down this wallet if you lose it. The tracker card is powered by powered by Chipolo technology and is recharged by sunlight. It takes 3 hours of charge and lasts 2-3 months on a charge. That allows you to find the wallet via Bluetooth LE 4.0 from up to 200 feet away. Using the Chipolo app you can ring the tracker card so that you can play a game of “Marco Polo” to find it, or see it’s last location that it was near your phone if you do lose it. From the party tricks department, you can use the card to ring your phone if you misplace that, or you can use Google Assistant, Alexa and Siri to help you find the wallet. Of course there’s also the Chipolo network that can help you to find your cardholder should you use it. Based on this map their network seems to be concentrated on the East Coast of the US, the West Coast of the US, the Mid-West, Central Canada, Western Europe, Japan and South Korea. Which means that if you live in those areas, your odds of finding this carholder improves significantly.

Now, I was planning to test this out, but my wife got her hands on it before I did and immediately wanted to test it out herself as she keeps her various cards loose in her purse, which means she has a habit of misplacing them. For example, she misplaced her health insurance card when we needed it to book our COVID shots. Based on the fact that she said her cards went “flying everywhere” inside the car when she went to pay for something at a drive thru, I searched the car for 10 minutes and eventually found it under a seat in a very hard to get to place. So I acquiesced and let her try this out for a few days. Here’s her feedback:

  • She likes the RFID protection that this cardholder offers.
  • It keeps all her daily essential cards.
  • From a woman’s perspective, it really helps to keep everything organized and makes it easy to go from purse to purse.
  • It is super slim so you can leave your purse at home and simply take the card holder with you with everything you need.
  • It is solid and it has some weight to it. But it’s functional weight so that’s fine.
  • It is easy to organize your cards so that you have easy access to whatever you need at the click of a button or a push in the notch of the backplate.
  • You can still carry cash if you need to.

Though I never got the card holder back from my wife, and I am apparently not going to because she likes it so much, I can say from a male perspective, that having everything in such a slim packages would be a win for me. Which means I will have to get one of these for myself. If I got one of these as a gift, I’d be very happy.

The Ekster Aluminum Cardholder goes for $63 USD direct from Ekster and has 8 color options. The Tracker Card is optional and goes for $39 USD (down from $49 USD). This is a really cool cardholder that doesn’t add any bulk and I also should say looks cool and modern. It makes a great gift for Dad, and apparently works well for women too.

HP Serves Up Gifts Fit For The No. 1 Dad In Your Life

Posted in Commentary with tags on May 28, 2021 by itnerd

Being a working parent has always been difficult, but this has never more true than this past year when school, work daycare, and home are all under the same roof. With Father’s Day around the corner, it’s time to start thinking about gifts to say thank you to the father-figure in your life. I wanted to share a list of unique HP gift ideas for your consideration if you have a story/round up piece on the go.

For the Dad trying to get his best KDR – HP OMEN 15 ($1,799.99)

  • With gaming and e-sports on the rise, it’s no wonder many Dads are flocking to the newest platforms and game offerings. With the HP OMEN you can ensure that Dad never misses a beat when getting his next high score. This laptop has desktop-class graphics performance, immersion, and upgradability. With the OMEN 15, Dad can game anywhere and anytime.

For the Dad who likes the finer things in life – HP SPECTRE ($1,999.99)

  • The HP Spectre is for the Dad who likes to treat himself. This premium laptop seamlessly transitions from work to play and means that Dad can experience a little bit of luxury every day.

For the Dad with all the answers – HP ENVY ($1,199.99)

  • The HP Envy is the perfect laptop for the Dad who does it all. Whether he is near or far, the ENVY means better connection for the whole family. Plus if you’re living away from your dad, the wide vision HD camera makes it easy to chat with the entire family in crystal clear detail.

Canadian Construction Managers Are Estimated To Save 4.5 Hours A Week & Companies CAD$446K A Year Through Access To Real-Time Data: Procore

Posted in Commentary with tags on May 27, 2021 by itnerd

Procore Technologies, Inc., a leading provider of construction management software, today published the results of a new survey that found Canadian construction managers who can access real-time insights into performance are estimated to be saving 4.5 hours each week.

The study, What Gets Measured Gets Managed, focuses on the Canadian results of a survey that also included results from organizations in the United Kingdom and Ireland, France, Germany, the Netherlands and the United Arab Emirates.The research explores the impact of construction companies having real-time insights into their project management processes — or visibility of performance — through cloud-based software compared to traditional manual processes that can be more difficult to assess. 

It found a correlation with having visibility of performance and time and money savings. Canadians surveyed estimated a time saving of 4.5 hours each week due to performance visibility (216 hours a year*). Weighted to the sizes of the companies and their labour costs, the results suggest an average annual savings of CAD$446,000 per business from having on-demand access to visibility of performance to avoid delays, rework and other performance gaps. 

Visibility Making an Impact Seventy-five per cent of Canadian respondents said their company’s level of visibility of performance is very high (21 per cent) or high (54 per cent). A quarter (25 per cent) said it’s moderate or worse. Visibility of performance is related to the tools commonly deployed. 
Many Canadian respondents said they use manual tools such as spreadsheets (65 per cent), and experience challenges such as incomplete insights (34 per cent), duplicated insights (31 per cent) and incorrect insights (29 per cent). 

Among those who have visibility of performance, half (50 per cent) have seen an increase in overall efficiency and productivity in the way their projects are run — the highest of any country surveyed; 51 per cent noticed fewer defects in projects. Almost half (48 per cent) claimed better safety records. 
The survey also found Canadian organizations report different levels of performance visibility throughout the construction life cycle:

  • Almost three quarters (72 per cent) of Canadian firms with visibility of performance said this particularly applied to the build stage of projects (helping determine optimal cost or phasing, or reduce defects).
  • A similar proportion (69 per cent) said they gained insights during the preconstruction stage (including better estimates of their project costs). 
  • However, only 46 per cent said they have performance visibility during the operate phase, in which companies schedule maintenance activities and monitor the performance of assets.

Half of Canadian respondents using artificial intelligence or machine learningThe results also show Canadians are looking ahead to new technologies and processes for better efficiencies and performance.

Artificial intelligence (AI) or machine learning is used by just over half of Canadian respondents (52 per cent) to assist with visibility of performance. Four out of five of those not using AI or machine learning said they would “definitely” (16 per cent) or “potentially” (64 per cent) consider using them to help achieve visibility of performance. 
Additionally, nine in 10 (90 per cent) of Canadian organizations have shared information or insights with their supply chain to improve project performance. The top two benefits are better management of the supply chain and tracking progress of records needed to consider safety plans complete (both 40 per cent).

The report, What Gets Measured Gets Managed, can be downloaded here: https://www.procore.com/en-ca/ebooks/what-gets-measured-gets-managed

Methodology

The survey was conducted online by Sapio Research on behalf of Procore in January 2021 among 820 middle managers and above, working for construction companies with 100 people or more in Canada, UK and Ireland, France, Germany, the Netherlands and the UAE. There were 154 Canadian respondents, representing the commercial, industrial, homebuilding/residential, fit-out and civil engineering sectors.

Review: iHome iSP6X Smart Plug

Posted in Products on May 27, 2021 by itnerd

Since I have been writing about a number of HomeKit devices this week, I decided to toss in a HomeKit smart Plug into the mix. Meet the iHome iSP6X Smart Plug:

This is a smart plug that allows you to turn a device such as a light on and off using your phone or the smart assistant of your choice. It does support the following smart assistants:

  • Siri
  • Google Assistant
  • Amazon Alexa

It also supports:

  • Wink
  • Samsung SmartThings
  • Nest
  • Apple HomeKit

This review will focus on usage with Apple HomeKit and Siri.

The cool thing about this HomeKit smart plug is that you can have two of these stacked on top of each other. That’s great if you want to control two devices that would normally occupy that space.

On the side, you will get a physical on/off switch, an indicator for WiFi (Green for connected to WiFi, Red if it isn’t, and blinking if it is looking for WiFi), and an indicator for whether it is providing power to a device. Speaking of WiFi, it supports 2.4GHz WiFi. Which is fine because it isn’t as if you’re going to be pushing the volume of data that a HomeKit camera would.

Setup is easy:

  • Download and open the iHome Control app from the Apple App Store.
  • Plug the smart plug into a desired outlet. The LED will start blinking to indicate it is ready for setup. (TOP TIP: There is a number on the bottom of the device, write that down before plugging it in).
  • Tap Add Device in the Devices tab and follow the on-screen directions to complete setup.
  • When prompted, scan the number at the bottom of the device or type the Accessory Setup Code which you wrote down earlier.
  • Follow the directions to add the plug to HomeKit

Once set up, there’s really not much to this smart plug. You can turn the device that is attached to it on and off using Siri or the Home app. During my testing it was quick to respond and I didn’t have a problem with it. One thing that I should note is that as far as I can tell, it is impossible to add this smart plug to HomeKit without using the iHome app. But the good news is that as far as I can tell, you don’t need to keep the iHome app on your phone other than to update the firmware if required. Finally, during my testing, I found no evidence that the iHome iSP6X Smart Plug connected to any third party servers. That implies to me that unless I find any other evidence, these smart plugs aren’t a potential privacy risk for your network. I did note that the iHome Control app does access your HomeKit data (with your permission) on your iPhone and does not require you to create an account to use it. Which is good. But there’s none of the privacy and data usage info that Apple requires for iOS apps in the App Store as this app hasn’t been updated in a while. Which is bad. iHome would do well to update this information so that consumers are fully informed about what their app does or doesn’t do. Not to mention updating the app as well.

I found the iHome iSP6X Smart Plug on Amazon for $35 CDN which is a good price for this smart plug. While it would be great to have the ability to directly add this switch to HomeKit, and the questions about what their apps do from a privacy perspective, there’s really no other downsides. Check it out if you need a HomeKit compatible smart plug.

Guest Post: Americans Projected To Lose Over $5 Billion To Internet Crime In 2021 Says Atlas VPN

Posted in Commentary with tags on May 27, 2021 by itnerd

Cybercriminals in America are getting richer. According to the Atlas VPN team’s analysis, Americans are estimated to lose $5.6 billion to internet crime by the end of 2021. 

Cybercrime losses are expected to grow by nearly a third (32%) in 2021 from 4.2 billion in 2020. Compared to 2012, when cybercrime losses were 525.4 million, they are predicted to grow tenfold and reach record levels.  By the end of this year, Americans will have lost 22.1 billion to cybercriminals since 2012. 

The average growth rate of losses to internet crime in the US was estimated based on historical data from 2012 to 2020 provided by the FBI’s Internet Crime Complaint Center. 

Why losses to internet crime are rising

One of the main reasons behind the rise in cybercrime losses is the growing number of internet users in the United States. The more people spend their time online, the more potential targets cybercriminals have.

In 2020, there were 284.05 million internet users in the US, which is about 86% of the country’s population. Based on Statista’s estimates, the number of internet users in the US will increase by over 1% to 286.98 million in 2021. Therefore, a higher number of potential victims is expected. 

According to Ruth Cizynski, a cybersecurity researcher and author at Atlas VPN, “Ever-evolving cyber threats, the emergence of schemes that exploit the Covid-19 pandemic, and smaller cybersecurity budgets are just a few more factors contributing to the rise in monetary losses due to cybercrime in 2021.”

To read the full article, head over to: https://atlasvpn.com/blog/americans-projected-to-lose-over-5-billion-to-internet-crime-in-2021

Canada Post Pwned… Data On 950,000+ Customers Has Been Compromised

Posted in Commentary with tags on May 26, 2021 by itnerd

Thanks to a malware attack on one of its suppliers, Canada Post has been pwned by hackers. Canada’s postal carrier put out a release on this today:

Canada Post has informed 44 of its large business customers of a data breach caused by a malware attack on one of our suppliers, Commport Communications. The supplier notified Canada Post late last week (on May 19) that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised.

Commport Communications is an electronic data interchange (EDI) solution supplier used by Canada Post to manage the shipping manifest data of large parcel business customers. Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it.

After a detailed forensic investigation, there is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers. After a thorough review of the shipping manifest files, we’ve determined the following:

  • The information is from July 2016 to March 2019
  • The vast majority (97%) contained the name and address of the receiving customer 
  • The remainder (3%) contained an email address and/or phone number

Here’s the problem with this. It’s 2021 and the data is from 2016 to 2019. And the planet is only finding out about this today. That’s a #fail. Sure Canada Post notes that it will engage external cybersecurity experts to conduct additional forensic work and that the Office of the Privacy Commissioner has been notified. But that’s not good enough given how much info and the timeframe that this info spans. Hopefully the Privacy Commissioner slaps Canada post silly over this as this is not acceptable.

And I have to wonder if the 950,000 customers will be notified? Based on the Canada Post press release, I don’t think so. But they are free to surprise me.

UPDATE: I have a comment on this hack from David Masson, Director of Enterprise Security for Darktrace: 

This attack follows the rising trend of hackers infiltrating organizations via the supply chain. From the SolarWinds Orion campaign to the recent attack on Centreon software, we can be in little doubt complex digital supply chains are a hacker’s paradise. 

Canada Post are just the latest victim in what is a new era of cyber-threat, one where attackers exploit supply chain vulnerabilities to launch mass attacks with maximum return on their investment. The volume of data breached indicates that malicious activity had been going on for some time unnoticed, with hackers lurking on systems with their finger on the trigger.  

These silent and stealthy attacks are virtually impossible to detect with traditional security tools and companies today must adopt a zero-trust policy when it comes to third-party suppliers. Perimeter defences won’t work – these attacks come from the inside. That’s why thousands of organizations today rely on cutting-edge technology like AI to identify the subtle indicators of this malicious activity wherever it emerges, and thwart it before damage is done. 

New ‘Interactive’ Monument to Tour U.S. As Tribute To African American History & The Ongoing Fight For Racial Justice

Posted in Commentary on May 26, 2021 by itnerd

At a pivotal time for racial justice in America, a new interactive art installation will tour the country seeking to inspire “Hope for a New America.” Acclaimed Ghanaian artist Kwame Akoto-Bamfo will unveil his latest work, a powerful and thought-provoking interactive sculpture titled Blank Slate: Hope for a New America, during a summer tour of major cities across the South and Midwest. Traveling on a flatbed truck, the mobile art installation aims to engage Americans in a conversation on hope and healing, including an interactive “Blank Slate” component. Visitors will be encouraged to share their opinions in real time on the fight for racial justice, and their words will be displayed anonymously onto the slate.  For more information on the monument, tour dates and events, please visitwww.blankslatemonument.com. 

Created as a bold counterpoint and challenge to the more than 1,800 Confederate monuments and symbols still on display in public spaces across the U.S., Akoto-Bamfo’s mission behind the statue and tour is to use art to forward the racial and social justice movements, help inspire the healing of the nation, and elevate the voices of the silenced and oppressed by giving people a platform to let themselves be heard. 

The statue will be unveiled in Louisville, Kentucky on June 2nd, and travel to locations including Chicago, SelmaBirmingham, and more. In each city, the statue will be available to the public for several days for observation, reflection, and participation in the conversation through the interactive Blank Slate screen. The tour will also include events with local elected officials, activists, arts & cultural figures, and local students, including a series of town halls.  The town halls will create an open dialogue among community members on different aspects of racial injustice: community safety, health disparities, voting rights, the criminal legal system, education, and more. 

Each city on the tour has its own historical and painful legacy of racial injustice. Akoto-Bamfo, best known for his outdoor “Nkyinkyim Installation” sculpture dedicated to the memory of the victims of the Transatlantic slave trade displayed at the National Memorial for Peace and Justice in Montgomery, Alabama, created the Blank Slate statue to challenge the overwhelming prevalence of this legacy by raising awareness of the entrenched issues in each city and inspire a dialogue for a more hopeful future. The statue is unapologetic in its representation of American history in the midst of today’s racial crisis and is a visual representation of the evolution of the African American experience and struggle— from the millions of enslaved men and women who were crucial to the foundation of the U.S., to the Black soldiers who died fighting in the Civil War, to the more recent lives of George Floyd, Trayvon Martin, Breonna Taylor, Duante Wright, and innumerable others. 

The Blank Slate statue features four figures that symbolize the generational struggles in the African American experience: a slave ancestor, a lynched union soldier martyr, a struggling mother activist, and a baby representing the next generation. 

Whereas Confederate heroes are typically depicted standing atop “pedestals of privilege”, the figures in Blank Slate are standing on top of the only thing they have—each other— a powerful representation of how only through generations of determined cooperation can the underprivileged elevate each other enough to have a voice to speak truth to power. 

The monument culminates in an interactive protest sign held by the mother figure at the top, a literal blank slate symbolizing the unwritten future of hope and healing, that will serve to amplify the voices of the public and share their thoughts and hopes to the world in real time. Through a dedicated WiFi system, the public can share on the screen their ideas and hopes for creating positive change in this country. The blank slate will be integrated with a #BlankSlateHope social campaign.  

The Blank Slate statue will remain on display in Birmingham, Alabama until March 2022 when it is moved to a permanent location, determined by a multi-city bidding process.  

For more information, visit www.blankslatemonument.com

Nearly 50% Of Canadian SOC Teams Emotionally Overwhelmed By Security Alert Volume: Trend Micro

Posted in Commentary with tags on May 26, 2021 by itnerd

Trend Micro Incorporated today released results from a new study that reveals SOC and IT security teams are suffering from high levels of stress outside of the working day—with alert overload a prime culprit.

According to the study, which polled 2,303 IT security and SOC decision makers across companies of all sizes and verticals, 101 of those were Canadian, 70 per cent of global respondents say their home lives are being emotionally impacted by their work managing IT threat alerts. Nearly half (46 per cent) of Canadian SOT/IT security teams are overwhelmed by the volume of security alerts and 52 per cent admit that they aren’t entirely confident in their ability to prioritize and respond to them. It’s no wonder therefore that teams are spending as much as 25% of their time dealing with false positives.

These finding are corroborated by a recent Forrester study, which found that “security teams are heavily understaffed when it comes to incident response, even as they face more attacks. Security operations centers (SOCs) need a more-effective method of detection and response; thus, XDR takes a dramatically different approach to other tools on the market today.”

Outside of work, the high volumes of alerts leave many Canadian SOC managers unable to switch off or relax, and irritable with friends and family. Inside work, they cause individuals to turn off alerts (30% do so occasionally or frequently), walk away from their computer (46%), hope another team member will step in (46%), or ignore what is coming in entirely (36%).

With a staggering 65% of Canadian respondents, and 74% globally, already dealing with a breach or expecting one within the year, and the estimated average cost per breach USD$235,000, the consequences of such actions could be disastrous.

Trend Micro Vision One is the company’s answer to the struggles of SOC teams. Prioritized, correlated alerts using data from the entire IT environment help teams spend their time more wisely. Fewer alerts and stronger intelligence allow teams to regain balance in their work life and ease the emotional toll of security.

Research methodology

The survey was conducted among 2303 IT security decision makers in 21 regions. In Canada, 101 IT security decision makers were surveyed through online interviews by Sapio Research in April 2020 using an email invitation and an online survey. At an overall level results are accurate to ± 9.8% at 95% confidence limits assuming a result of 50%.

Ransomware Now Top Use Case For Autonomous Cybersecurity Technology: Darktrace

Posted in Commentary with tags on May 26, 2021 by itnerd

Darktrace today announced that ransomware is the top use case of its market-leading Autonomous Response technology, as organizations face the increased threat of machine-speed attacks. 

As sophisticated ransomware attacks continue to pose an existential risk to organizations in all sectors, Darktrace Antigena allows customers to take proportionate action to thwart all strains of ransomware, both known and unknown, in real time, avoiding costly shutdowns and business disruption. 

Powered by self-learning Cyber AI, Autonomous Response is a world-first technology that rapidly neutralizes a range of novel cyber-attacks by taking highly targeted actions, while allowing normal business operations to continue as usual. Its self-learning technology isolates only the unusual data encryption activity associated with ransomware. 

In addition, Darktrace has also announced that it has extended its Autonomous Response capability to enhance coverage of servers, allowing the AI to fight back against all forms of fast-moving attacks. 

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides comprehensive, enterprise-wide cyber defense to over 4,700 organizations in over 100 countries, protecting the cloudemail, IoT, traditional networks, endpoints and industrial systemsA self-learning technology, Darktrace AI autonomously detects, investigates and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss and supply chain vulnerabilities. The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI detects a cyber-threat, preventing it from causing damage.