Archive for September 20, 2021

Darktrace AI Neutralizes IoT Attack That Threatened to Disrupt the Tokyo Olympics

Posted in Commentary with tags on September 20, 2021 by itnerd

I’ve posted a lot of bad news about companies and a variety of organizations getting pwned by hackers. But here’s a good news story for you.

As you know, one of the greatest issues in security is how to deal with high-stress scenarios when there is a significant breach – especially when it comes to a global sporting event attracting an audience in the millions. 

Threat actors often exploit the pressure of these events to cause disruption or extract hefty sums. Sporting occasions, especially Formula 1 races, the Super Bowl, and the Olympics, attract a huge deal of criminal interest.

Darktrace recently discovered a threat when a Raspberry Pi device was covertly implanted into a national sporting body directly involved in the Olympics, in an attempt to exfiltrate sensitive data. The events took place one week before the start of the Games, and a data breach at this time would have had significant ramifications for the reputation of the organization, the confidentiality of their plans, and potentially the safety of their athletes.    

Darktrace AI recognized this activity as malicious given its evolving understanding of ‘self’ for the organization, and Antigena – Darktrace’s autonomous response capability – took action at machine speed to interrupt the threat, affording the human security team the critical time they needed to catch up and neutralize the attack.  

If you’re interested, Darktrace has a blog post on how AI neutralized an IoT attack that threatened to disrupt the Tokyo Olympics. It’s a pretty interesting read.

OnStar Marks Its 25th Anniversary By Celebrating Their Local Advisors

Posted in Commentary with tags on September 20, 2021 by itnerd

This September marks the 25th anniversary of OnStar, and throughout that time, it’s been the name for vehicle safety. OnStar is the service known for providing in-vehicle security, emergency services, hands-free calling, turn-by-turn navigation, and remote diagnostics systems. And in these 25 years, OnStar has brought peace of mind to members by providing an Advisor who is available whenever you need them at the push of a button. OnStar Advisors act as local heroes helping Canadians in their time of need.

OnStar believes that no matter how far technology progresses, there’s no substitute for human connection. That’s why when you push the blue OnStar button, you’ll be connected with a live Advisor in your community who is ready to assist you. People are at the heart of everything OnStar does. OnStar Advisors help make driving easier, safer and better for members, as well as help save lives in emergency situations.

Here’s some examples of how OnStar Advisors have helped people:

James MacGregor, Emergency and Stolen Vehicle Assistance Advisor

James, a local Oshawa native, has been an OnStar Advisor for over four years. What motivates James is the fact that his job matters to people and makes a difference in their lives. From saving people’s lives, to being a virtual shoulder to cry on, James has heard it all and thrives on being able to help people.

James’ most rewarding call: James helped a woman find her husband who was going through a mental health crisis. She was on the other side of the country and didn’t know what to do. She called OnStar, and James got as much information as he could, and worked with local agencies to locate her husband, who was in his car. They found him and were able to bring him to safety.

Jessica Moore, Emergency and Stolen Vehicle Assistance Advisor

Jessica, hailing from Bailieboro, Ontario, has been an OnStar Advisor for over six years. She enjoys that her voice is there to help and calm a member when they need it the most. She feels it’s very rewarding knowing that they can make a big impact on someone’s life, possibly saving them. From her knowledge of CPR coming in handy in her own personal life, to helping people find protection in a deadly storm, Jessica loves being able to help people in a tough situation.

Jessica’s most rewarding call: Jessica helped a couple who found themselves stuck in a sudden deadly storm. The couple were injured badly by strong winds. With no phone access, they ran to a GM dealership, opened a car and hit the emergency button. Jessica was there to help them in their dire situation.

Jenna Stapley, Emergency Advisor

Jenna, from Oshawa, has been an OnStar Advisor for over seven years. She feels she’s making a difference in someone’s life by being an Advisor. Not every call is an emergency situation, although she has helped someone deliver a baby! Jenna takes pride in helping people along the way, knowing she’s doing everything possible to give the best possible outcome.

Jenna’s most rewarding call: Jenna helped deliver a baby over the phone with members in their own driveway! She was cool, calm and collected throughout the whole call. The baby was born safely and healthy. When they needed to tie off the umbilical cord, there was no string. Jenna improvised and instructed the callers to use the string from a face mask, which ended up doing the job just perfectly.

OnStar brings Members a host of services that can help them feel safer and more connected wherever they are. In-vehicle and app-based safety services let you and your loved ones travel knowing help is available 24/7.

  • Automatic Crash Response: If you’re in a crash, built-in sensors can automatically connect an OnStar Advisor to your vehicle — even if you aren’t able to call for help yourself.
  • Emergency Services: One push of the red Emergency button gives you a priority connection to an Emergency-certified Advisor who can direct emergency service providers to your location and offer critical assistance until help arrives.
  • Roadside Assistance: If you’re stranded, have a flat tire, run out of gas or need a tow, an OnStar Advisor can dispatch a local service provider to get you the help you need.
  • Crisis Assis: In the event of severe weather, a natural disaster or other crisis, OnStar Advisors can provide critical assistance, helping Members find their way to safety and stay in contact with loved ones.
  • Stolen Vehicle Assistance: If your vehicle is stolen, OnStar can help locate your vehicle and work with local authorities to help recover it.
  • Turn-By-Turn Navigation: Simple, safe and easily accessible Turn-by-Turn Navigation. Getting directions is as easy as pushing your blue OnStar button and telling an Advisor where you want to go.
  • OnStar Guardian App: With the OnStar Guardian app, key OnStar safety services can go anywhere that you or your loved ones go, in or out of any vehicle. Access all that the Guardian app has to offer — help in a crash, Roadside Assistance and a 24/7 connection to Emergency-Certified Advisors.

Alaska Says That It Suffered A Cyberattack On Their Health Service From A Nation State

Posted in Commentary with tags on September 20, 2021 by itnerd

A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week:

The attack, which is still being investigated, was discovered on May 2, earlier this year, by a security firm, which notified the agency. While the DHSS made the incident public on May 18 and published two updates in June and August, the agency did not reveal any details about the intrusion until last week, when it officially dispelled the rumor that this was a ransomware attack. Instead, the agency described the intruders as a “nation-state sponsored attacker” and “a highly sophisticated group known to conduct complex cyberattacks against organizations that include state governments and health care entities.”

You have to believe that the US Federal Government is involved in investigating this attack. And if they can prove that a nation state was behind this, the nation state in question is going to get a knock on the door. That combined with having strong cyberdefences are the only ways that this sort of thing stops.

I would stay tuned to this story as I suspect that this might get “interesting.”

BlackMatter Ransomware Gang Pwns Grain Cooperative

Posted in Commentary with tags on September 20, 2021 by itnerd

Iowa-based grain cooperative New Cooperative was struck by ransomware in recent days and has shut down its computer systems as it tries to mitigate the attack. And the threat actor is a ransomware group known as BlackMatter:

The attack occurred on or around Friday, according to Allan Liska, senior threat analyst at the cybersecurity firm Recorded Future. The ransomware gang, which goes by the name BlackMatter, is demanding a $5.9 million ransom, Liska said. New Cooperative confirmed that they had been attacked and said they had contacted law enforcement and were working with data security experts to investigate and remediate the situation. 

“New Cooperative recently identified a cybersecurity incident that is impacting some of our company’s devices and systems,” according to a statement from the cooperative. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained.” New Cooperative has communicated with its feed customers and is working to create workarounds to get feed to animals while its systems are down, a person familiar with the matter said.

BlackMatter is apparently the successor to the DarkSide group who were active and very “successful” earlier this year. What makes this attack really bad is that this is effectively an attack on America’s food supply. Which means that if this group is state sponsored, then this could be seen as an act of war. Thus it will be interesting to see what the White House does about this situation. In the meantime, if you don’t want to be the next company to get pwned, you should make sure your cyberdefenses are on point.

UPDATE: Marcus Fowler, Director of Strategic Threat at Darktrace had this to day:

The ransomware attack on Iowa-based grain cooperative New Cooperative is the fourth crippling and high-profile attack on U.S. critical infrastructure in recent months. We can no longer tolerate cybercriminals forcing our public authorities and essential public services to bring their systems to a grinding halt while they hold organizations to ransom – we urgently need to fix fundamental problems.

The Biden Administration can aspire for certain sectors to be off-limits from hackers, but our nation’s infrastructure and businesses are too interconnected, and cyber-attackers today are too sophisticated for this to ever be a reality. What’s more, if BlackMatter truly is DarkSide 2.0, then this is evidence that the President’s talks and warnings have had little impact.

Based on the details currently available, there are striking parallels between this attack and the recent campaigns against Colonial Pipeline and JBS. Just like in these instances, New Cooperative took their operational technology (OT) systems offline as a precautionary measure to an IT side attack. We still need to get better at securing OT. Ransomware moves incredibly quickly in locking down files and bringing down digital systems – regularly too fast for humans to respond. Too often, organizations’ backs are against the wall in having to shut down because they lack visibility into where the attack is spreading and are concerned for safety.

The good news is that artificial intelligence is making leaps and bounds in both fighting back against ransomware and securing OT (like industrial equipment). Organizations hit with ransomware need an alternative solution beyond complete shutdown and payments to stop ransomware before problems turn into crises. Thousands of organizations across the U.S. have turned to self-learning AI in response to the rise in ransomware attacks and use the technology to gain visibility over their entire infrastructure.