Archive for July 5, 2023

Japanese Port Used By Toyota Pwned By LockBit

Posted in Commentary with tags on July 5, 2023 by itnerd

The largest port in Japan at Nagoya, which services Toyota Motor Corporation, is suffering a ransomware attack that has shut down operations of container terminals.

The Nagoya Port Unified Terminal System (NUTS) in Japan suffered a significant system outage on Tuesday that was attributed to a ransomware attack.

According to a notice (in Japanese) sent to customers, the attack disrupted container operations across all terminals within the port.

In particular, container import and export operations via trailer transportation have been temporarily halted at the terminals. Shipping companies responsible for the arrival and departure of container vessels are advised to consult with the primary carrier for instructions and updates regarding loading and unloading operations.

And:

The restoration of the system is targeted to be completed by 6.00pm JST today (July 5), followed by a planned resumption of operations starting at 8.30am JST on July 6 (Thursday).

That’s pretty quick. As for who is behind this, it is said that the LockBit ransomware gang is behind this.

Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “Critical infrastructure remains a key concern as the risk of business disruptions impacts millions of people and businesses dependent on goods shipped in and out of the Nagoya port daily. The Nagoya port is a good reminder that critical infrastructure is at constant risk and nations need to protect and apply the best of breed technologies to prevent, detect and quickly respond and, as in this case, instantly recover operations.”

This is another example of how disruptive that these sorts of attacks can be. After all, this one is affecting a port that services Toyota. Which means that there will still be ripple effects from this even after things are restored to normal.

UPDATE:

Carol Volk, EVP, BullWall added this: 

   “Ransomware attacks like the recent one on the Port of Nagoya have become inevitable. The expanding digital landscape provides more entry points for hackers, while the potential financial gains make these attacks lucrative. As a result, companies must prepare their cyber defenses, including ransomware containment. 

   “Such a system can detect and mitigate attacks early, minimizing damage and disruption. Organizations should also prioritize regular backups, strong security measures, employee training, and incident response plans. By acknowledging the inevitability of ransomware attacks and taking proactive measures, businesses can enhance their resilience and safeguard critical systems, before the attack comes for them.”


Leave a comment »

Pepsi Bottling Discloses 6+ Month Old Breach Of Staff Data…. WTF???

Posted in Commentary with tags on July 5, 2023 by itnerd

In a statement issued on July 3rd, Pepsi Bottling Ventures said that on January 10th it had learned that a breach of its internal systems dating back more than six months may have led to current and former employees and contractors’ data being stolen around December 23rd of last year.

The PepsiCo bottler said it had taken action to “contain the incident” but the incident may have led to the capture of employees’ data including:

  • First and last names
  • Parents’ maiden names
  • Home address
  • Email address
  • Financial account information
  • Passwords
  • PIN codes
  • Driver license #s
  • ID card #s
  • SSNs
  • Passport info
  • Digital signatures
  • Information related to benefits and employment
  • Limited medical history
  • Health and health insurance claims
  • Insurance policy numbers

“The safety of individual personal information is of the utmost importance to us. Pepsi Bottling Ventures promptly reported the incident to law enforcement, suspended all affected systems, and investigated to understand the scope and impact of the incident,” PBV said.  

I’ll bit my tongue for a moment. Instead, I will turn this over to Willy Leichter, PV of Marketing, Cyware for commentary:

   “Unfortunately, this type of long delay in discovering and acting upon a breach is all too common. But saying that they have “contained” the breach after not discovering it for six months stretches credulity. Indicators of compromise of breaches need to be discovered in hours or days for there to be any chance of limiting the damage.”

Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:

   “Unlike a credit card, username, password and other personally identifiable information (PII), an identity cannot be simply replaced and will be forever compromised and at risk. The highest paying intel on the dark web was and will continue to be PII and healthcare information. Identity data will therefore continue to be the number one target and the means which attackers leverage to compromise systems and organizations. “

Six months is a very long time to notify people of a data breach. That’s not cool. Pepsi Bottling Ventures needs to do much better on this front. And others should take note of how this was handled and not be Pepsi Bottling Ventures.

Leave a comment »

Twitter Explains Why It’s Limiting The Tweets That You Can See

Posted in Commentary with tags on July 5, 2023 by itnerd

Twitter and its owner Elon Musk has managed to piss off the entire Twitterverse by limiting how many Tweets that you can read. And the blowback has been epic as a result. I’m guessing that because of that, Twitter released this statement about why it’s doing this:

To ensure the authenticity of our user base we must take extreme measures to remove spam and bots from our platform. That’s why we temporarily limited usage so we could detect and eliminate bots and other bad actors that are harming the platform. Any advance notice on these actions would have allowed bad actors to alter their behavior to evade detection.

At a high level, we are working to prevent these accounts from 1) scraping people’s public Twitter data to build AI models and 2) manipulating people and conversation on the platform in various ways.

Currently, the restrictions affect a small percentage of people using the platform, and we will provide an update when the work is complete. As it relates to our customers, effects on advertising have been minimal.

While this work will never be done, we’re all deeply committed to making Twitter a better place for everyone.

At times, even for a brief moment, you must slow down to speed up.

We appreciate your patience.

This statement sticks to Elon’s talking points. Which are dubious at best. And it doesn’t give any sort of timeframe as to when things would go back to normal. If they ever do. And Twitter has pulled the “the restrictions affect a small percentage of people” card despite the fact that there’s ample evidence to the contrary. The bottom line is that this debacle has clearly hurt Twitter. Because if that were not the case, I seriously doubt that Twitter would have said anything. The question is if this is a fatal wound to Twitter.

Leave a comment »

Threads Won’t Launch In The EU Tomorrow

Posted in Commentary with tags on July 5, 2023 by itnerd

Earlier today, I posted this story about Meta’s Twitter competitor Threads launching tomorrow, and coming for your data. I said this in the story about Meta coming for your data:

n a way, I am not surprised. This is Meta we’re talking about. And this is a company that has a history of grabbing any and every piece of data that they can get their hands on so that they can make a buck off of it. But in a way I am surprised. Because with this now becoming public, this might actually make it hard for them to get sign ups for Threads. Sure existing Facebook and Instagram users won’t care. But for someone like me who doesn’t use Meta apps, there’s ZERO chance that I would ever sign up for Threads based on this. On top of that, Meta has been smacked down by people like the EU in cases like this or this so often that you would think that they would try not to do things that would draw attention to bad behaviour like the above.

Well, it seems that Meta is aware of the implications of trying to grab that much data in the EU. The Independent is reporting that Meta is not yet ready to have a European launch of threads:

Meta will not launch its new Twitter rival, Threads, in Ireland or the EU for the foreseeable future.

It is being released in the US and the UK on Thursday of this week as an alternative to Twitter.

A spokesperson for Ireland’s Data Protection Commission (DPC) said that the regulator had been in contact about the new service and that it would not be rolled out in the EU “at this point”.

However, it is understood that the DPC has not actively blocked the service. Instead, the tech giant has not yet prepared the service for a European launch outside the UK, which is not fully governed by GDPR or EU privacy rules.

Sources close to Meta said that the tech giant has refrained from rolling the service out in the EU because of what the company believes is a lack of clarity contained in the EU’s Digital Markets Act. Under the Act, companies such as Meta become “gatekeepers”, with restrictions on how they mingle users’ personal data. 

I think that tells you all you need to know about Threads. From Meta’s perspective, if they can’t get your data, they won’t enter a market. Because with Meta, you are the product if they’re offering something to you for free. It should also tell you that signing up to Threads may be a bad idea if you value your privacy.

1 Comment »

BlackFog Releases The June State Of Ransomware Report

Posted in Commentary with tags on July 5, 2023 by itnerd

BlackFog has released the June State of Ransomware Report.  

Dr Darren Williams, CEO of Blackfog, notes the following:  

“After an all-time record in May, June sees a continuation of this trend with the second highest number of ransomware attacks on record with 46 publicly disclosed, and a record 396 undisclosed attacks. This represents a ratio of 8.6:1 of unreported to reported attacks, or 860% going unreported, fuelled in part by the MOVEit attack and the CLOP ransomware variant.

This month education, healthcare and manufacturing dominated, with increases of 25%, 26% and 27% respectively. Government attacks showed one of the smallest increases of the year of only 12.5% but remains the third highest targeted sector.

In June, BlackCat and LockBit were the two dominant variants at 18.1% and 16.8% respectively. This closely mirrors the unreported attack variants, representing 50% of all successful attacks. With the sheer volume of attacks from CLOP we expect this to change over the coming months.

Finally, we saw illegal networks continue to dominate exfiltration techniques with 97% of all attacks. A large majority of ransomware is now originating and exfiltrating data to China 43% of the time, with Russia at 10%.”

You can read the report here.

Leave a comment »

Threads Allegedly Launches Tomorrow… And It’s Coming For All Your Data

Posted in Commentary with tags on July 5, 2023 by itnerd

Yesterday, I wrote about the fact that Meta was about to launch Threads which is a direct shot at Elon Musk’s Twitter. In that post, I said this:

To be frank, Twitter’s days have been numbered for some time. But Meta’s entry into this space may be the final nail in the coffin for Twitter. And what could make it very interesting is that rumours suggest that Threads will federate with Mastodon. Which could give it a lot more exposure and make it a viable alternative for users and advertisers.

Well, the app is about to become available tomorrow on the Apple App Store as evidenced by this screen shot:

But I would advise you to scroll down and read the not so fine print in terms of what data the app wants to have access to on your iPhone (and I assume that this applies to Android phones too):

So I have to ask. Why on God’s green Earth does a social networking app want to have access to my health & fitness data, my financial info, my purchases, browsing data, and sensitive info which is defined as follows:

Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data

In a way, I am not surprised. This is Meta we’re talking about. And this is a company that has a history of grabbing any and every piece of data that they can get their hands on so that they can make a buck off of it. But in a way I am surprised. Because with this now becoming public, this might actually make it hard for them to get sign ups for Threads. Sure existing Facebook and Instagram users won’t care. But for someone like me who doesn’t use Meta apps, there’s ZERO chance that I would ever sign up for Threads based on this. On top of that, Meta has been smacked down by people like the EU in cases like this or this so often that you would think that they would try not to do things that would draw attention to bad behaviour like the above.

I guess Mark Zuckerberg is using the logic of it’s only illegal if we get caught.

I was actually rooting for Threads to “end” Twitter. Not because I like Meta, but because I hate Twitter and Elon Musk. Now it still might “end” Twitter. But many people who may want to dump Twitter may think twice about joining Threads if they see what the app wants in terms of data.

UPDATE: Damir J Brescic, CISO, Inversion6 sent me this comment on Thread’s privacy issues:

The new Threads app is a messaging platform focused specifically on providing an environment for those who wish to communicate privately, such as friends and family, allowing them to share their locations with one another. However, there are still possible data privacy and cybersecurity risks that issues that I can see. An example of this would be that Threads does not encrypt messages providing an opportunity for hackers, and users are required to have a Facebook (Meta) account to use the platform.

Overall, the Threads app does not have a stated policy for informing its users about any security breaches, leading them vulnerable in the instance of an attack.  For the reasons denoted above, I would caution organizations to think carefully before allowing the use of the Threads app. I would recommend doing further research before downloading and using this app, to understand the possible impact and risk it could pose to your company from a data privacy standpoint.

2 Comments »