Eliana Willis

Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack took down their systems earlier last weekend. The food production giant became the latest critical industry company to be hit with ransomware in recent months as cybercriminals continue to show little fear in attacking a variety of industries. Schreiber Foods mostly focuses on yogurt, processed and natural cheese as well as cream cheese.Andrew Tobisch, director of communications for Schreiber Foods, told ZDNet that the “cyber event” impacted their systems starting on Friday and lasting through the weekend. “That meant our plants and distribution centers couldn’t use those systems, which they need to run. It impacted all of our locations, but fortunately, we have a specialized response team that immediately jumped into action and began working to resolve the matter,” Tobisch said. “As a result, we’ve made great progress, and our plants began to come back online late Monday, October 25.”Wisconsin State Farmer reported this week that Schreiber — one of the biggest milk processors in the state — had been hit with a $2.5 million ransom demand after the attack. According to the news outlet, the company began telling milk transporters about the issues with their computer systems on Saturday, forcing the haulers to take the milk elsewhere. Employees told Wisconsin State Farmer that they were unable to even get in the building while the attack was being dealt with. 

The attack disrupted the entire milk supply chain because Schreiber uses a variety of digital systems and computers to manage milk processing. The company has thousands of employees and reports billions in sales each year, with locations across Europe and South America.Schreiber Foods is the latest food industry company hit with ransomware in recent months. Last week, CISA attributed two attacks on New Cooperative and Crystal Valley to the BlackMatter ransomware group in September. New Cooperative — an Iowa-based farm service provider — was hit with a ransomware attack on September 20, and BlackMatter demanded a $5.9 million ransom. Crystal Valley, based in Minnesota, was attacked two days later. Both attacks came as harvests began to ramp up for farmers.In the advisory, CISA, the FBI and NSA said BlackMatter has targeted multiple US critical infrastructure entities since July. In September, the FBI released its own notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to “disrupt operations, cause financial loss, and negatively impact the food supply chain.” The notice listed multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million.  More

Twelve people have been targeted by an international law enforcement operation for involvement in over 1,800 ransomware attacks on critical infrastructure and large organisations around the world. A statement by Europol describes the 12 suspects in Ukraine and Switzerland as “high-value targets” responsible for “wreaking havoc across the world” by distributing LockerGoga, MegaCortex, Dharma and other ransomware attacks against organisations in 71 countries.But it’s unclear if the individuals have been arrested or charged – a Europol spokesperson told ZDNet that “the judicial process is ongoing”.

ZDNet Recommends

The suspects are believed to have various different roles in “aggressive” criminal organisations responsible for encrypting networks with ransomware and demanding a payment in exchange for the decryption key.   SEE: A winning strategy for cybersecurity (ZDNet special report)    Some of the suspects are thought to be involved in compromising the IT networks of targets, while others are suspected of being in charge of laundering Bitcoin payments made by victims.  Europol says that those responsible for breaking into networks did so by using techniques including brute force attacks, SQL injections and sending phishing emails with malicious attachments in order to steal usernames and passwords. 

Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malware, Colbalt Strike and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks.As a result of the operation, over $52,000 in cash was seized, alongside five luxury cars. A number of computers have also been seized and are being examined in order to secure evidence and identify new leads. In total, more than 50 investigators from agencies around the world – including six Europol specialists – were involved in the operation, which was coordinated by Europol’s European Cybercrime Centre (EC3).SEE: Cloud security in 2021: A business guide to essential tools and best practicesThis included: Norways’s National Crime Investigation Service; France’s National Police and the Public Prosecutor’s Office of Paris; the Dutch National Police and National Public Prosecution Service; Ukraine’s National Police of Ukraine and Prosecutor General’s Office; the United Kingdom’s National Crime Agency (NCA) and Police Scotland; Germany’s Police Headquarters Reutlingen; the Switzerland Federal Police and Polizei Basel-Landschaft: and the United States Federal Bureau of Investigations (FBI) and Secret Service. A recent European Union Agency for Cybersecurity report warned that ransomware is the biggest cybersecurity issue facing the world today. MORE ON CYBERSECURITY More

It’s time to update Chrome and once again, for the third month in a row, Google has fixed two previously unknown ‘zero-day’ bugs in the world’s most popular desktop browser.Google disclosed that it had patched the two high-severity zero-day flaws in release notes for the stable release of Chrome version 95.0.4638.69 for Windows, Mac and Linux. Any version number higher than that will have the fixes.

ZDNet Recommends

It’s a good idea to check out Google’s support page for Chrome updates, which explains how Chrome can be set to automatically update when patches become available. Otherwise, Chrome has an ‘Update’ button that is coloured red if an update is at least a week old, indicating that it should be installed.SEE: This new ransomware encrypts your data and makes some nasty threats, tooThe two zero-day flaws — which are being exploited by attackers now — are being tracked with the identifiers CVE-2021-38000 and CVE-2021-38003. Both were found by Google’s Threat Analysis Group (TAG), which tracks state-sponsored and cyber-criminal exploit activity. The second of the two zero-days was also reported by Samuel Groß from Google Project Zero on 26 October, indicating how fast Google is responding to zero-day discoveries.CVE-2021-38000 is a design flaw due to “insufficient validation of untrusted input in Intents”. It was reported by TAG on September 15.

CVE-2021-38003 — a memory corruption flaw, according to Google Project Zero’s zero-day tracker — is described vaguely as “inappropriate implementation in V8”. V8 is Chrome’s powerful JavaScript engine that Groß hopes to shore up with additional sandboxing protections. As he noted in his proposal, V8 bugs allow attackers to create “unusually powerful exploits” that are hard to mitigate with existing security technologies.”Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild,” Google said in release notes. The update will roll out over the coming days or weeks, according to Google. There are eight, mostly memory-related, security fixes in this Chrome update. The currently listed high-severity flaws include a use-after-free in Sign-in, another use-after-free in Chrome’s garbage collection, insufficient data validation in Chrome’s New Tab page, a type confusion in V8, and a use-after-free in Web Transport.SEE: Cloud security in 2021: A business guide to essential tools and best practicesThis Chrome release marks the 14th zero-day flaw Google has patched in Chrome this year. The 10th was in mid-September when it patched two zero-days. It patched two more zero-days at the end of September and a further two on Thursday.Google hasn’t attributed the exploits to any hacking group. That Google has patched an unusually high number of zero-day flaws in Chrome in 2021 could be interpreted in several ways. The more that get discovered and the quicker they’re fixed via updates is good for end-users. Once patched, the exploit is less valuable. This could mean defenders are getting better at spotting zero-days.On the other hand, Google Project Zero has seen an uptick in zero-days affecting major platforms like Chrome, Windows, and iOS in the past year. The reason for that could be the commercialisation of the zero-day exploit market, providing a shortcut to the acquisition of exploits that otherwise require skills to develop. More

Australian Federal Police (AFP) has ordered an individual to forfeit AU$1.66 million for stealing the log-ins and passwords for Hulu, Netflix, and Spotify accounts. The culprit, based in Sydney, conspired with another individual from the US to steal the log-ins and passwords of streaming service customers and then sold them online at a cheaper rate. The AFP began investigating the matter in May 2018, after it was tipped by the FBI about a now-defunct account generator website called WickedGen.com. WickedGen was a website that sold stolen account details for online subscription services, including Netflix, Spotify, and Hulu. The account details belonged to unknowing victims in Australia and internationally, including the US. The Sydney individual was found to be the creator, administrator, and primary financial beneficiary of WickedGen and three other sites that offered similar services. Across the four websites, the offender had over 150,000 registered users and provided almost 86,000 subscriptions to illegally access legitimate streaming services. The Sydney-based individual pleaded guilty to stealing these log-ins and passwords in October last year. After the guilty plea, the AFP’s Criminal Assets Confiscation Taskforce (CACT) obtained restraining orders over the individual’s cryptocurrency, and bank and PayPal accounts that were held under false names. All up, the AFP has collected AU$1.66 million from the charged individual, with AU$1.2 million of that amount being cryptocurrency.

The funds will be redistributed by the Department of Home Affairs for supporting crime prevention, law enforcement, and community-safety related initiatives, the AFP said. The charged individual will now face a two years and two months prison sentence. The use of online subscriptions have been on the rise in Australia, with almost the same number of Australians watching content from online subscription streaming services, like Netflix, when compared to those who watch free-to-air television. The findings, published by the Australian Bureau of Communications, Arts and Regional Research, found that the popularity of over-the-top services have continued to grow as 70% of Australians watched this type of content as of the end of last year, which is almost triple the amount from 2016. Related Coverage More

A demonstration of Cellebrite technology being used.
Image: Getty Images
In testimony to Australia’s Senate Estimates, Services Australia said its use of Cellebrite software has only been for looking into fraud and identity theft matters. Cellebrite, an Israeli digital intelligence company, is best known for its controversial phone-cracking technology, which it previously claimed could download most data from almost any device on behalf of government agencies. “We’re very aware that we have a role of assurance over AU$200 billion of social support in Medicare and Centrelink programs and so the integrity of those outlays is important,” Services Australia acting-deputy CEO of payments and integrity Chris Birrer said. “We do have a system of compliance in terms of ensuring that people are complying with their mutual obligations under the income support payment and that we take very seriously making sure people are paid the right amount.” Facing questioning around how Services Australia uses Cellebrite’s technology, Birrer said it is only used in fraud and identity theft cases, which has included cases where people have falsely claimed the government disaster relief payments, uploaded images that do not relate to Australia to commit fraud, and stolen the identities of actual customers to hijack payments. According to The Guardian, Services Australia reportedly has a AU$1.2 million contract with the digital intelligence company.  When asked by Senators whether Services Australia could guarantee that the privacy rights of Australian citizens would not be violated, Birrer answered vaguely, opting to instead explain how the agency provides information to customers about how to make reporting changes.

“We publish all information in relation to what [customers’] obligations are in terms of particularly reporting changes of circumstances. That’s made very clear in terms of when people enter onto payment and in the information we provide. In fact, we’ve got a lot of success now in nudging people and presenting information to customers just to remind them to report changes in circumstances that might have resulted in an adjustment to their payment,” he said.Services Australia, which falls under the Minister for Government Services remit, was also questioned about its handling of robo-debt, the government income compliance system that wrongfully issued debts to hundreds of thousands of people. Of the AU$752 million owed by the government for its bungled robo-debt system, AU$740 million has so far been refunded, Services Australia CEO Rebecca Skinner said Senate Estimates. The remaining AU$12 million, which is owed to around 9,200 customers, continued to be outstanding as the agency is still trying to locate these customers, Skinner said. She explained that these customers were harder to find due to estate issues and some of them no longer being customers. Throughout Services Australia’s appearance, Minister for Government Services Linda Reynolds was also repeatedly asked why she continued to refuse to provide documents about the legal advice Services Australia received in implementing robo-debt. Reynolds, in response, maintained that Services Australia’s claim to public interest immunity continued to stand.Since the end of 2019, a Senate committee has been seeking for Services Australia to provide information regarding the legal advice it received in implementing the robo-debt system, while the agency has refused to provide that information under a claim of public interest immunity.  Services Australia’s claim of public interest immunity was rejected in February last year as the Senate committee said the reasons provided for that claim to exist were insufficient. The committee then similarly rejected Reynolds’ claim of public interest immunity in August.    “The Senate has now rejected your PII claim on multiple occasions. And this is now hitting the point where it’s absolutely obstructive to the work of the Senate on behalf of the Australian people. We’re not talking about a few people here. Hundreds of thousands of Australians was served any legal debt by your government,” Labor Senator Deborah O’Neill said. Related Coverage More

Public key infrastructure (PKI) is a system of processes, technologies, and policies for encrypting and signing data. It plays an essential role in authenticating users, servers, devices, software, and digital documents. Yet enterprises are struggling with the growing number of PKI certificates they must manage, and many are considering PKI automation to address this problem, according to a new DigiCert report.The report, “State of PKI Automation 2021,” explores how organizations are handling the challenge of PKI certificate management. Expired certificates are a problem because they disable encryption and create an attack surface for hackers. DigiCert commissioned ReRez Research to survey IT leaders from 400 global organizations of 1,000 employees or more. The survey focused on specialists managing digital certificates for users, servers, and mobile devices.The report revealed that today’s organizations manage more than 50,000 certificates, a steep upsurge from previous years. More than half (61 percent) are concerned about the time it takes to manage certificates. According to 37 percent of the respondents, their organization has three or more departments managing certificates, which creates silos that hide certificates from IT security teams until something goes wrong. A lot of unmanaged keys are out thereA typical organization has as many as 1,200 certificates that are unmanaged, while 47 percent of organizations say they often discover rogue certificates. Rogue certificates are essentially a form of shadow IT, certificates that are ordered outside the purview or processes of IT and frequently are neglected and not managed. This is causing major problems for organizations, such as outages due to certificates expiring unexpectedly, which two-thirds of the respondents have experienced. Even more troubling, one in four organizations have experienced five to six PKI-related outages in the past six months.Organizations struggling with PKI certificate management lack visibility into their certificate deployment landscape and need PKI automation. In fact, most organizations (91 percent) are thinking about it. Only 9 percent of the respondents aren’t discussing PKI automation and have no plans to do so. For 70 percent of the respondents, a solution is likely to be implemented within 12 months. A quarter of the respondents are either implementing or have finished implementing a solution. To gauge how companies are approaching PKI automation, DigiCert separated the respondents into groups of leaders and laggards. The results showed major differences between the two groups. Not surprisingly, 33 percent of those in the leader category are more likely to say PKI automation is important.When diving deeper into the data, the report found the leaders are two or three times better at reducing PKI security risks, avoiding PKI downtime, minimizing rogue certificates, managing digital certificates, and meeting PKI service level agreements (SLAs). In contrast, the laggards — those who aren’t skilled at managing PKI certificates — experience problems with compliance, security, and delays. They’re also less productive, overworked, and losing revenue.  Reining in rogue certificates

Furthermore, PKI management leaders are more accountable for their certificate inventories, whereas laggards are less concerned. When comparing the two groups, the leaders reported fewer certificate-related outages or rogue certificates.While most organizations believe PKI automation is important, the transition isn’t easy. Respondents cited several challenges related to automation, such as cost, complexity, compliance, and resistance to change by staff and management. That’s why DigiCert recommends organizations take several key steps to assess their PKI certificate management prior to automation. Organizations should:Identify and create an inventory of the entire certificate landscape, from TLS to code signing, and client certificates.Remediate keys and certificates that don’t comply with corporate policies.Protect with best practices for issuance and revocation. Standardize and automate enrollment, issuance and renewal. Monitor for new changes.Common certificate workflows include web servers, device identity, code signing, digital signatures, and identity and access functions. When automating certificate workflows, DigiCert recommends organizations should identify unmanaged or manual certificate workflows, adopt automation software that centralizes and manages certificate workflows, and finally, monitor with centralized visibility and control of the workflows. More