Posted in Commentary with tags Hacked on June 21, 2024 by itnerd
According to local media, forklift manufacturer Crown Equipment confirmed Wednesday that it suffered a cyberattack on June 8th that disrupted manufacturing at its plants.
Crown is one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide.
Since the attack, all IT systems have been shut down and employees have been unable to clock in their hours, access service manuals, or deliver machinery in some cases. Employees have been told not to accept MFA requests and to be cautious of phishing emails.
“We determined that many of the security measures Crown had in place were effective in limiting the amount of data the criminals were able to access. We also learned that the hackers gained entry into our system because an employee failed to adhere to our data security policies by allowing unauthorized access to their device,” Crown said in an email sent to employees yesterday.
It is believed that the breach occurred after an employee fell for a social engineering attack and allowed a threat actor to install remote access software on their computer.
Ted Miracco, CEO, Approov Mobile Security had this to say:
“The recent cyberattack on forklift manufacturer Crown Equipment highlights the critical need for comprehensive zero-trust solutions that extend beyond the corporate network to include edge devices, such as mobile phones and personal devices. This breach is believed to have occurred after an employee fell for a social engineering attack, allowing a threat actor to install remote access software on their device. This incident underscores the vulnerability of edge devices, which are often more susceptible to social attacks like phishing. To enhance security, it’s crucial that zero-trust principles encompass all devices, including personal and mobile ones. Mobile apps should also incorporate security measures that attest to the integrity of the device, verifying whether it has been compromised. This can prevent unauthorized access and ensure that only secure devices interact with corporate systems.”
On top of what Mr. Miracco said, defences have to be layered so that attacks don’t work at all, or are limited in scope as the threat actor would not be able to get very far into a network. Otherwise you get this situation.
Posted in Commentary with tags Reddit on June 20, 2024 by itnerd
Reddit who is currently at Cannes unveiled their latest research into changing search behaviors, particularly among Gen Z, via a panel discussion with industry experts from Kraft Heinz, EMARKETER and Brandwatch.
The research explores how Gen Z is leading the charge towards curated recommendations and personalized shopping experiences, and the role of crowd-sourced advice from community-verified information in the way people discover, share, engage with, and take action on content.
You can have a look at their blog post for more information including links to the full research reports.
Posted in Commentary with tags Scam on June 20, 2024 by itnerd
A couple of days ago I was working on site with a client when I get an email saying that a home client of mine had been “seriously” hacked. I dropped what I was doing and tried to phone them. But there was no response. I also responded to the email with some contact info. No response. An hour later, my client called me back in a complete panic. But by that point, I had already made arrangements to return to Toronto as I was out of town to assist with this.
When I arrived later that day she handed me her MacBook Pro, and I saw this:
Now if you’re wondering why I left the IP address visible, Bell rotates those IP addresses so often, that it simply doesn’t matter if it’s displayed or not. In any case the client told me that she was surfing the Internet and this screen appeared. It was making lots of noise and she couldn’t close it. So in a panic she phoned the number. That response isn’t a surprise because this is a pop up scam. The pop up makes you think you have some sort of critical issue with your computer, and they often play noises like sirens which when added to the text on the screen makes you more likely to call the number. And if you’re wondering how the pop up gets onto someone’s computer, scammers plant these all over the Internet using a variety of means that I won’t get into here. From there it’s just the law of averages in terms of if you hit one of these by browsing to a legitimate website that has for lack of a better word been “boobytrapped” with a pop up like this one.
Pro Tip: The way you deal with this is to try and close the pop up. If you can’t close it, press and hold the power button to turn off the computer. Then turn it on again. If the pop up returns after that, call a computer professional for assistance. But under no circumstances should you call the number that’s on the screen.
Unfortunately in this client’s case, she called the number. And according to her, the scammers at the other end of the line who were pretending to be Apple Support convinced her that her bank account and “all her personal information” had been hacked as he could see it right on his screen. They asked her what kind of computer she had, and when she replied that she had a Mac, they surprisingly didn’t try to connect to it (I confirmed that this was the case when I examined the computer). But instead launched into executing the scam. The fake Apple Support rep then got another person on the line who pretended to be her bank to help her to “secure her account.”
Now there’s three things about this interaction that I should point out. First, Apple would never, ever connect you to your bank because they don’t have the ability to do that. Second, at no point was she asked about which bank she dealt with. Which means that it would have been impossible for this fake Apple Support rep to again connect her to the right bank even if they did have the ability to do that. Nor would it have been possible for them to see on their screens that her bank account was hacked. But the reason why she was falling for it was that they were weaving a story that was convincing to someone who was under a lot of stress. And the stress was created by them via the pop up and what they have said to this point. Scammers do that because it stops you from critically thinking. Which means you’re more likely to make less rational decisions and fall for the scam.
Now let me cover the part about the scammers not connecting to her computer as that was unusual. The typical scammer behaviour is that they want to connect to your computer using a tool like AnyDesk or TeamViewer. But once connected they will often use a piece of software called ConnectWise Control which operates in the background without your knowledge and allows the scammers to come and go from your computer as they please. Which put another way means that they are always watching you and can steal personal information at will. The other reason why they do this is that they will use this to watch you while you log into your bank account so that they can steal money right from your bank account if they can, or figure out how much they can get you to withdraw from it so that you can send it to them. My only thought as to why they did not connect to her computer is that they either didn’t know how to do all of that with a Mac (which is ironic as they were pretending to be Apple Support), or they didn’t want to deal with trying to talk her into installing the software that they would need to pull this off as that would have requires an admin password that she may or may not know. Thus they went right to executing the scam.
At this point the fake bank employee started to add to this story that someone at the bank branch that she went to was stealing money from people’s accounts, and they needed her to “secure her account” so that she could avoid being the next victim. Thus they needed her to take out as much money as possible and then put them into “secure encrypted cards” in order to protect her funds. Now I am going to assume the scammers were using the term “secure encrypted cards” to cover up the fact that she was going to be told to buy gift cards so that the scammers could get the money easily.
Let’s dissect this. Major banks don’t need your help to hunt down bad actors who work for them. So if you hear this sort of thing from anyone claiming to be a bank employee, they are lying. Next, no bank on this planet would ever require you to “secure your account”. If there was some sort of fraud issue caused by a bad actor inside a bank, it would be dealt with by the bank. And no bank, government agency, law enforcement, etc. would require you to buy gift cards for any reason.
The final part of this scam was that she was also told that her entire network was hacked and she shouldn’t tell anyone about what was going on. And any attempt by anyone to do things like email for help or make a phone call would be seen by the hackers that they claim were hacking her. This is an attempt by the scammers to stop the victim from calling for help as that would disrupt the scam and result in the scammers not getting paid.
Back to the scam, all of this would have worked out for the scammers as this client had completely bought in. But unfortunately for the scammers, the client’s daughter in law came home and upon hearing what was going on, quickly put an end to the scam by making the client hang up the phone. So the client didn’t lose any money. But even though she got lucky and had a good outcome, if there is any such thing in a situation like this, she was really freaked out. Which is understandable.
By the time that I arrived, she had gone to her bank who confirmed that she had not lost any money. Thus all I had to do was examine her computer to make sure that it was not compromised and reassure her that everything would be fine. And that’s the thing that really bothers me about what these scumbags do. They leave people in a state where they are shaken, upset, and not trusting of anything and anyone. That is part of the reason why I turned over all the information about these scumbag scammers, and the story behind it to the Scambaiting community. Essentially Scambaiters are digital vigilantes who take this sort of information and use it to collect intelligence about scammers that are passed on to others in the community, and they use that intelligence to disrupt the scammers operations. Because I want the scumbags behind this to pay some sort of price. Ideally that price should be jail, but since the Indian authorities (The scammers had significant Indian accents, so it’s a safe bet that they are Indian), are known for not seriously going after scammers unless forced to, then vigilante justice is the next best thing.
I have it in my calendar to follow up next week to make sure all is well with this client. But frankly, we should not be living in a world where scammers can operate as freely as they do. Scammers should be treated like cockroaches, and exterminated from the face of the Earth. And I will do my part to make sure that they get what’s coming to them.
Posted in Commentary with tags CISA on June 19, 2024 by itnerd
Last week, the CISA announced it’s putting together a comprehensive framework to unify government, industry and global partners in their response to significant security incidents involving AI just after conducting the first-ever AI security incident tabletop exercise.
The four-hour event held at Microsoft’s Virginia offices brought together over 50 AI experts and was intended to support the development of the AI Security Incident Collaboration playbook that is expected to be released later this year.
Participants in the event included the FBI, the NSA, the Office of the Director of National Intelligence and the Defense and Justice departments as well as AI and software developers including, but not limited to:
OpenAI
Microsoft
IBM
Cisco
Amazon Web Services
The Joint Cyber Defense Collaborative, CISA’s flagship public-private partnership, organized the exercise and is developing the playbook through a planning effort called JCDC.AI. The collaborative is planning a second exercise later this year on AI integration in U.S. critical infrastructure.
FBI Cyber Division Assistant Director Bryan Vorndran said the exercise showed that both sectors are better prepared to handle cyberthreats when there is adequate coordination.
“We are stronger when we come together to share information and determine best practices in the evolving AI landscape.”
“Determining and aligning on best practices in the evolving AI landscape is a great endeavor and a needed exercise. However, the criminals are clearly not participating and march to their own drum, which is why we need to stay vigilant with the development of cyber resiliency approaches against the ever-increasingly complex and AI-driven attacks.”
Exercises like this one are a good thing in my mind as it helps to flush out weaknesses for improvement and strengthens the things that organizations do well. Others should look at this and copy it as this is a good model to work from.
Posted in Commentary with tags Hacked on June 19, 2024 by itnerd
In a filing with the SEC late last week, life and supplemental health insurance provider Globe Life disclosed a data breach impacting the information of its consumers and policyholders.
The company said after an inquiry from a state insurance regulator, it launched an investigation into “potential vulnerabilities related to access permissions and user identity management for a Company web portal”, which showed that the vulnerabilities likely allowed unauthorized access to consumer and policyholder data.
Globe Life removed external access to the compromised portal it believes the issue is isolated to. The company does not anticipate operations to be significantly impacted.
According to its website, Globe Life companies have more than 17 million policies.
This comes during the aftermath of the UnitedHealthcare February attack, one of the worst to hit American healthcare impacting an estimated 50% of U.S. medical claims.
Experts with Cyware and Horizon3.AI offer perspectives on the matter.
Stephen Gates, Principal Security SME, Horizon3.AI had this to say:
“In this scenario, it seems that a web portal was likely there to allow third-parties, agents, or employees to remotely access insurance information, initiate new applications, potentially make claims, and so on. It is also likely that two-factor authentication (2FA) was not implemented, as indicated by the mention of “potential vulnerabilities related to access permissions and user identity management.
“Typically, a portal provides access to information stored in a database within the network. If an attacker gained access to the portal, it would generally imply they could access the data stored in that database. While there isn’t sufficient evidence to suggest that the attacker moved laterally within the network, there are indications of a potential breach involving confidential data.
“I would suggest looking for any information that may have been logged by the web portal in the context of activities that would suggest a breach of information. This is one of the reasons why logging user activities are always recommended.”
Emily Phelps, Director, Cyware follows with this comment:
“When dealing with potential vulnerabilities in web portals, detaching the portal from the network can be a quick mitigation step, but it’s often more complex. There’s always a chance of lateral movement, especially if the attacker had time to explore the network before detection. It’s crucial to conduct a thorough investigation to understand the extent of the breach and whether any data was exfiltrated or manipulated.
“The depth of the information stolen and the exact nature of the breach—whether it involves ransomware or not—can impact the company’s response and regulatory obligations. Companies often report breaches to demonstrate transparency and compliance, but the material impact can vary widely.
“The SEC has been progressively tightening regulations around data breaches and cybersecurity. As breaches continue to occur, we can expect even stricter oversight and requirements for companies to implement robust cybersecurity measures and provide timely, detailed disclosures.
“In general, these incidents highlight the need for continuous improvement in cybersecurity practices, particularly in access permissions and user identity management, to prevent unauthorized access and minimize potential damage from breaches.”
No breach is good. But this one seems really bad based on scale alone. Until companies get their heads around looking holistically at their security, this sort of thing will unfortunately keep happening.
This is a reference to that situation where dBrand made a racist remark on Twitter and got called out for it. The thing is, that happened in April. Why is Spigen bringing this up now? That literally makes no sense because that incident is over and done with. Maybe Spigen is trying score some cheap points at dBrand’s expense? I don’t know.
I checked and that is Spigen’s share value in Korea. Which doesn’t exactly look healthy as it seems to be on a decline from its high of roughly 39,000 WON a few years ago. For the record, 29,850 WON which is their current share price is about $29 CAD.
The net result is that Spigen has started something that I bet it wished it didn’t. And I suspect that dBrand is going to finish them. I really don’t have a favourite in this fight. But I think it’s safe to say that the entertainment value from this will be significant the longer this goes one.
Ondorse, a leading provider of a KYB (Know Your Business) solution, today announced it has secured three new clients in the past two months as part of its ongoing expansion into the UK&I market. Ondorse provides an innovative, all-in-one platform that automates and accelerates burdensome compliance processes, enabling businesses to verify customers more efficiently and reduce the operational costs of compliance.
The new wins – PayXpert , Kota, and Assurdeal – have been secured as part of its ongoing growth in the region. Since its launch in 2021, Ondorse has raised total funding of $6.63M over two rounds from two institutional investors and expanded its client base to include major European companies like insurance unicorn, Alan. The company now aims to build on this through new hires and partner recruitment in the region, with plans to open an office in the UK next year following its rapid and recent commercial success. The company is also announcing the appointment of Olivier Godement, a senior U.S. executive at OpenAI, as an independent Board member.
The Ondorse platform eases the pain of resource-intensive compliance tasks, enabling teams to take a risk-based approach to evaluating and verifying new and existing customers. By flipping compliance on its head, Ondorse is looking beyond traditional onboarding. With AI-driven remediation, automated ongoing due diligence, and a day-1 risk view, the solution is designed to ensure businesses can prevent fraud and money laundering and meet AML regulatory challenges such as AML6 and DORA in the E.U. and the Financial Services and Markets Act (FSMA) in the UK. Orchestrating with 100 vendor solutions, Ondorse unifies compliance, data, risk, and fraud APIs into a single API.
The complete compliance platform scans, remediates, monitors and onboards, covering the entire customer journey. By eliminating manual tasks such as copy-pasting KYB data, retrieving data and documents, and manual activity logging, customers have reported that the solution is delivering a 70% reduction in overall compliance costs and 95% reduction in manual compliance reviews.
The solution is the brainchild of its two founders: President Aymeric Boelle and CEO Florent Robert, who have first-hand experience in compliance and financial services. Aymeric has previously worked as a City lawyer in financial regulation and enforcement at Skadden, whilst Florent has held roles across the finance sector, from fintech founder to Deutsche Bank executive, after RBC and SocGen. Their experience inspired them to develop an innovative approach to manage onboarding and compliance workflows at scale and deliver immediate pain relief to compliance teams.
Headquartered in Paris, Ondorse provides a business identity solution which aims to ease the pain of resource-intensive compliance tasks. Ondorse’s all-in-one platform reduces risk and verification delays whilst ensuring users stay compliant with regulatory requirements.
Next DLPa leader in insider risk and data protection, today announced the launch of Secure Data Flow, a groundbreaking capability within the Reveal Platform that uses the “What, Where, Who and How” of data’s origin, movements and modifications to provide unparalleled protection.
Revolutionizing Data Protection
In today’s rapidly evolving digital landscape, legacy data protection technologies are falling short. They rely heavily on pattern matching, regular expressions, keywords, user-applied tags, and fingerprinting, which can only cover a limited range of text-based data types. Secure Data Flow overcomes the limitations and complexities of legacy Data Loss Prevention (DLP) by complementing traditional content and sensitivity classification-based approaches with origin-based data identification, manipulation detection, and data egress controls. This results in an all-encompassing, 100% effective, false-positive-free solution that simplifies the lives of security analysts.
Recent studies show that employees download an average of 30GB of data each month from SaaS applications to their endpoints, including mobile phones, laptops, and desktops (Productiv) (Vendr). This staggering volume underscores the critical need for advanced data protection measures. By tracking data from its origin as it flows to sanctioned and unsanctioned egress channels within an organization, Secure Data Flow equips security teams to prevent data theft and misuse effectively.
Key Benefits of Secure Data Flow
Comprehensive Data Tracking: Secure Data Flow secures the flow of critical business data from any SaaS application, including Salesforce, Workday, SAP, and GitHub, ensuring that sensitive information is always protected.
Enhanced Data Protection: By using data origin and sensitive data identification, Secure Data Flow safeguards your company’s intellectual property and sensitive data from accidental loss and malicious theft.
Insightful Investigations: Security analysts investigating malicious data exfiltration gain invaluable contextual insights into data origin, manipulation, and lineage, enabling them to identify, investigate, and report on data security risks and incidents with unprecedented accuracy.
A New Era in Data Loss Prevention
With Secure Data Flow, Reveal sets a new standard for data protection, offering a solution that is both powerful and easy to use. It ensures that organizations can confidently protect their most critical data assets with confidence, regardless of their location or application.
For more information about Secure Data Flow and the Reveal Platform, please visit the Next DLP website.
Posted in Commentary with tags Telus on June 18, 2024 by itnerd
TELUS is proud to uphold its commitment to reconciliation by declaring that it will not use artificial intelligence (AI) technology to create or replicate the art or imagery of Indigenous Peoples. TELUS released its Reconciliation Commitment in 2021, which states TELUS is committed to progressing the path of Reconciliation in a deeply meaningful way, in partnership with Indigenous Peoples and is dedicated to fulfilling its role and responsibilities in this regard. This commitment has underscored TELUS’ ongoing reconciliation efforts and the update to include technology and the use of AI further cements the evolution of this work.
The declaration states: Progressing the path of reconciliation in a meaningful way includes the ethical use of technology and AI. Indigenous data sovereignty is crucial in this endeavor, with Indigenous Peoples controlling and protecting their cultural heritage and artistic expressions. TELUS is proud to support the artistic practices of Indigenous Peoples, while being mindful of the historic role organizations have played in the misappropriation of Indigenous art and culture. In upholding TELUS’ Commitment to Artistic Integrity, we declare that we will not use AI technology to create or replicate the art of, or imagery of, Indigenous Peoples.
TELUS is a global leader in the responsible and ethical use of AI, and recently made history with its generative AI (GenAI) customer support tool becoming the first in the world to be internationally certified in Privacy by Design (ISO 31700-1). TELUS also recently won an international Outstanding Organization 2023 prize from the Responsible AI Institute in recognition of its commitment to fostering trust and benefitting society. It’s also the first telecom company in Canada to sign the Government of Canada’s voluntary code of conduct for generative AI, which aims to ensure the transparent, equitable and responsible development and deployment of GenAI technology. Earlier this year, the company published its inaugural TELUS AI report: The power of perspectives in Canada, sharing the perceptions, insights and opinions of AI from nearly 5,000 Canadians, including Indigenous Peoples, racialized groups, older Canadians, new Canadians, youth, people with physical disabilities, and the LGBTQ2S+ community.
To commemorate this declaration, TELUS commissioned a work of art by Kenneth Letander, an Ojibway artist originally from Manitoba and now living in Alberta’s Treaty 6 region. The artwork, titled “Honour by Design”, conveys Letander’s vision:
“In this concept, a human hand is in control of pressing a small green circle, symbolizing the individual’s choice in when and how to use AI. Behind the hand is a turtle, representing Indigenous stories, while below flows a blue river of water where the green circle meets in the middle, signifying the collision of humanity and technology and how humans can use it for good, such as using AI to protect waterways and Mother Earth. Adjacent to this scene is a globe with communication lines leading to a tablet screen, where the turtle is looking and taking in information. Notably, the information representing AI is intentionally separate from the turtle and the hand, as it is respecting Indigenous stories, culture, and determination.”
Posted in Commentary with tags Fisker on June 18, 2024 by itnerd
It seems that EV startup Fisker has filed for bankruptcy protection after burning through all its cash trying to get their Fisker Ocean SUV to market.
I’ve written about them in the past and I kind of had high hopes for them. But to be honest, I’m not surprised by this result. After all Hendrik Fisker who is the CEO of Fisker had tried to make an EV before called the Karma and the company behind that, which to be clear isn’t the same company that we’re talking about now, had similar difficulties before reinventing itself as Karma Automotive.
What also likely didn’t help is that YouTuber MKBHD reviewed the Fisker Ocean in a video called “This is the Worst Car I’ve Ever Reviewed” which likely scared off a lot of customers. In short, the video illustrated a lot of issues with the Fisker Ocean that to be frank, should never be seen by anyone. Now I’ve watched MKBHD’s videos for years, and he goes out of his way to not trash products. So if he says something like this, it has to be bad. To be fair, he did give them a second chance via reviewing the car again with updated software that fixed some of these issues, but like the title of the video suggested at the time, it was likely too little too late.
At this point, I don’t see any good outcome for Fisker. While the company behind the Karma was bought out and still exists today, I don’t see that outcome this time around. Nor do I see Fisker exiting this in any state where they could try and make a go of it. Thus all I have to say is R.I.P. Fisker.
Crown Equipment Pwned In Cyberattack
Posted in Commentary with tags Hacked on June 21, 2024 by itnerdAccording to local media, forklift manufacturer Crown Equipment confirmed Wednesday that it suffered a cyberattack on June 8th that disrupted manufacturing at its plants.
Crown is one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide.
Since the attack, all IT systems have been shut down and employees have been unable to clock in their hours, access service manuals, or deliver machinery in some cases. Employees have been told not to accept MFA requests and to be cautious of phishing emails.
“We determined that many of the security measures Crown had in place were effective in limiting the amount of data the criminals were able to access. We also learned that the hackers gained entry into our system because an employee failed to adhere to our data security policies by allowing unauthorized access to their device,” Crown said in an email sent to employees yesterday.
It is believed that the breach occurred after an employee fell for a social engineering attack and allowed a threat actor to install remote access software on their computer.
Ted Miracco, CEO, Approov Mobile Security had this to say:
“The recent cyberattack on forklift manufacturer Crown Equipment highlights the critical need for comprehensive zero-trust solutions that extend beyond the corporate network to include edge devices, such as mobile phones and personal devices. This breach is believed to have occurred after an employee fell for a social engineering attack, allowing a threat actor to install remote access software on their device. This incident underscores the vulnerability of edge devices, which are often more susceptible to social attacks like phishing. To enhance security, it’s crucial that zero-trust principles encompass all devices, including personal and mobile ones. Mobile apps should also incorporate security measures that attest to the integrity of the device, verifying whether it has been compromised. This can prevent unauthorized access and ensure that only secure devices interact with corporate systems.”
On top of what Mr. Miracco said, defences have to be layered so that attacks don’t work at all, or are limited in scope as the threat actor would not be able to get very far into a network. Otherwise you get this situation.
Leave a comment »