Information Technology

The fallout from the cyberattack on global meat producer JBS continued on Tuesday as the White House officially identified it as a ransomware attack and reports emerged of other downstream effects from the shutdown of the company’s IT systems. JBS released a statement on Monday admitting that “some of the servers supporting its North American and Australian IT systems” were brought down by an “organized cybersecurity attack” on Sunday. The company is the second largest meat and poultry processor in the United States and accounts for nearly one quarter of all the beef produced in the country as well as one fifth of all pork.JBS has shut down all of the affected systems and contacted the White House on Tuesday, according to a statement from deputy press secretary Karine Jean-Pierre. While the initial JBS statement did not say it was a ransomware attack, Jean-Pierre confirmed that it was and told reporters on Tuesday the company had already gotten a ransom demand from an organization “likely based in Russia.” She did not say whether JBS plans to pay the ransom or not.”The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre said during a briefing on Air Force One.  She added that the White House is working with the Department of Agriculture, the FBI and CISA on helping JBS while also coordinating with meat suppliers across the country in case supply is affected by the attack. Government officials in Australia are also working with the company to remedy the problem. 

Bloomberg News and The Counter reported that the attack was already so damaging that the Department of Agriculture was unable to release the wholesale prices for beef and pork, affecting thousands involved in the agriculture market. “Packer submission issues” was cited as the main reason for the delay in releasing the report. In the data that was released, daily cattle slaughter estimates showed that there was a 27,000 drop in heads of cattle compared to last week. JBS alone handles about 22,500 cattle each day, according to Bloomberg.The JBS statement said the company’s backup servers were not affected and that at the moment, there is no evidence “that any customer, supplier or employee data has been compromised or misused as a result of the situation.” The company admitted that there may be delays of “certain transactions with customers and suppliers.”The Counter reported that JBS, which is based in Brazil but operates in more than 20 countries, was forced to shut down shifts at multiple processing plants across the United States and Australia, where it is also one of the biggest suppliers of pork and beef. In multiple Facebook posts, JBS said it was shutting down plants in Iowa, Utah, Colorado, Minnesota, Texas, and Nebraska. Many online noted that the company has digitized significant parts of its operations, from its IT systems down to some factory tools used for the processing of meat. The U.S. Cattlemen’s Association took to Twitter to provide updates, explaining that there were reports of “livestock haulers in line, at plants, waiting to unload and being redirected to nearby yards.” The situation began to draw political condemnation as many noted how dangerous it was for the country to have nearly 25% of its meat production coming from one company relying on one software platform. Powerful Iowa Senator Chuck Grassley wrote on Twitter that he was demanding updates from JBS about the situation and that the company “needs to normalize operations as soon as possible for farmers and consumers.”Cybersecurity analysts drew parallels to the recent ransomware attack on Colonial Pipeline that left much of the East Coast scrambling for gas for days. But many said this attack was worse because unlike gas, food will spoil and many ransomware attacks take weeks to recover from. “The recent JBS cyberattack — along with the Colonial Pipeline and Apple/Quanta cyber attacks that preceded it — demonstrate that your organization needs to make cybersecurity a boardroom priority, if you haven’t done so already,” said Neil Jones, a cybersecurity evangelist with Egnyte. “For years, cybercriminals have attacked targets for financial gain, but now we’re seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact across the US economy,” Jones added.BitSight CTO Stephen Boyer said in an email that 40% of food production companies face an increased risk of a ransomware incident due to poor patching practices. Food companies are also reportedly taking longer to patch vulnerabilities than the recommended industry standard, leaving them at higher risk, Boyer wrote. Over 70% of food production companies are at an increased risk of ransomware due to their overall security performance, according to BitSight’s analysis. The Associated Press noted that the Campari Group was hit with a ransomware attack last year while Molson Coors also announced that it was attacked in March.  Purandar Das, co-founder of cybersecurity firm Sotero, explained that this is the second attack in a row on a critical industry and shows how vulnerable infrastructure and supply chain systems are. “What used to be isolated attacks on siloed systems has now escalated into broad attacks that are rendering systems useless,” Das said. He added that the big concern now is that these attacks will become more targeted in order to leave certain industries inoperable for large periods of time. “The private sector needs to reevaluate their cybersecurity approach and invest in long-term programs and technology,” Das told ZDNet. “It needs to be a long-term investment with the understanding that not doing so will impact their operations and eventually their revenue streams. Cybersecurity can no longer be an afterthought.” More

Cyber criminals are now using fake versions of popular Android applications in order to infect victims with trojan malware – which are only installed after the user downloads a fake ad blocker. TeaBot – also known as Anatsa – is able to take full remote control of Android devices, allowing cyber criminals to steal bank details and other sensitive information with the aid of keylogging and stealing authentication codes. The malware first emerged in December last year and the campaign remains active. The authors of TeaBot attempt to trick victims into downloading the malware by disguising it as fake versions of popular apps, the real versions of which often have often been downloaded millions of times. As detailed by cybersecurity researchers at Bitdefender here, these include phoney versions of Android apps including antivirus apps, the VLC open source media player, audiobook players and more. The malicious version of the apps use slightly different names and logos to the real ones. The malicious apps aren’t being distributed by the official Google Play Store, but are hosted on third-party websites – although many of the ways people are directed to them still remains a mystery to researchers. SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) One of the ways the victims are driven towards the malicious apps is via a fake ad blocker app which acts as a dropper – although it’s unknown how victims are directed towards the ad blocker in the first place.

The fake ad blocker doesn’t have any real functionality, but asks for permissions to display over other applications, show notifications and install apps from outside Google Play – the fake apps which are hidden after they’re installed. However, these hidden apps will repeatedly show phoney adverts – ironically, often claiming that the smartphone has been damaged by a malicious app – encouraging the user to click a link for the solution. It’s this which downloads TeaBot onto the device. The method of infection might appear convoluted, but dividing it over a number of steps makes it less likely that the malware will be detected. TeaBot appears to concentrate much of its targeting on Western Europe, with Spain and Italy the current hotspots for infections – although users in the UK, France, Belgium, the Netherlands and Austria are also frequent targets. The campaign remains active and while many of the methods of distribution outside the fake Ad Blocker remain unknown, there are precautions which users can take to avoid becoming a victim. “Never to install apps outside the official store. Also, never tap on links in messages and always be mindful of your Android apps’ permissions,” Bitdefender researchers advised in the blog post.

MORE ON CYBERSECURITY More

A crackdown on financial cybercrime across Asia has resulted in $83 million sent by victims to criminals being intercepted. 

Interpol said last week that Operation Haechi-i, running between September 2020 and March 2021, focused on combating investment fraud, romance scams, money laundering linked to illegal online gambling, online sextortion, and voice phishing. In total, $83 million was intercepted over the course of six months before the victims of these scams sent all of the requested funds to cybercriminals.  In one case cited by Interpol, a Korean company became the victim of a business email compromise (BEC) scam after being approached by what the firm thought was a trading partner.  Invoices had been requested and the bank details were covertly changed to bank accounts belonging to the cybercriminals. Approximately $7 million was transferred and then routed to accounts in Indonesia and Hong Kong. Interpol was able to intercept and freeze roughly half of the stolen funds, but the investigation is ongoing.  In a separate incident, a criminal gang in Hong Kong pushed a ‘pump and dump’ stock scheme, purchasing a vast number of shares and taking to social media to push the price up further. The group then coordinated its own sales, collapsing the price for outside investors. Trading accounts were frozen. 

Interpol says that Operation Haechi-i has led to 585 arrests, over 1,600 bank accounts being frozen, and more than 1,400 individual criminal investigations being opened. Out of these cases, 892 have now been solved.  Financial cybercrime, conducted through online platforms and services, is a global issue that requires cross-border collaboration. Operation Haechi-i is an example of this, as it included specialist law enforcement officers in Cambodia, China, Indonesia, South Korea, Laos, the Philippines, Singapore, Thailand, and Vietnam.  Operation Haechi-i is the first operation planned over the next three years by law enforcement in Southeast Asia to tackle financial cybercrime.  “The key factors in intercepting illicit money transfers are speed and international cooperation,” commented Amur Chandra, Brigadier General of the Indonesian National Police and Secretary of Indonesia’s Interpol National Central Bureau. “The faster victims notify law enforcement, the faster we can liaise with Interpol and law enforcement in the relevant countries to recover their funds and put these criminals behind bars.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The US Securities and Exchange Commission (SEC) has charged five members of BitConnect’s promoter network over their alleged role in the marketing of the scam. 

The regulator claims that the five promoted BitConnect as a “global unregistered digital asset securities offering that raised over $2 billion from retail investors” — many of whom lost their money when BitConnect collapsed in 2018. SEC’s complaint (.PDF), filed in the US District Court for the Southern District of New York, names Trevon Brown (also known as Trevon James), Craig Grant, Ryan Maasen, and Michael “Michael Crypto” Noble, all of which reside in the country.  According to SEC, from roughly January 2017 to January 2018, Brown, Grant, Maasen, and Noble promoted, offered, and sold securities as part of BitConnect’s lending program, which promised clients a return as high as 40% on their investments by trading on the price of Bitcoin (BTC) and capitalizing on its volatility. Funds were sent in BTC and converted to BitConnect’s BCC.  Marketing was conducted through videos on YouTube and testimonial-style content that was published — sometimes several times a day.  In return, SEC says the promoters, among others in the network, earned a commission when “soliciting investor funds.” In total, it is estimated that $2 billion was raised during BitConnect’s lifetime and commission rates ranged from between 0.2% and 5%.  The most active and successful promoters were also allegedly awarded commission through “development funds,” calculated each week as new investors joined the fold. 

“Brown obtained at least $480,000, Grant over $1.3 million, Maasen over $475,000, and Noble over $730,000 as “referral commissions” and “development funds” from promoting and touting investments into BitConnect’s lending program to retail investors,” SEC says.  SEC claims that BitConnect’s offerings were not registered, and the promoters allegedly acted as broker-dealers — while also failing to register, as required by federal securities laws.   Another named individual in the United States, Joshua Jeppesen, has been charged as an alleged liaison between BitConnect and the platform’s promoters, earning himself a reported $2.6 million in the process.  BitConnect closed its doors in 2018, citing bad press, distributed denial-of-service (DDoS) attacks, and regulatory investigations as the core reasons. US regulators sent cease-and-desist letters to the lending platform due to its failure to register, and BitConnect’s operators said these demands “became a hindrance for the legal continuation of the platform.” BCC then crashed, wiping out the value of existing investments, and the platform’s operators were accused of performing an exit scam, taking with them approximately $14.5 million.  Brown, Grant, Maasen, and Noble are being charged with the violation of registration provisions, whereas Jeppesen is being charged with “aiding and abetting BitConnect’s unregistered offer and sale of securities.” SEC is seeking injunctions, civil penalties, and disgorgement with interest.  “We will seek to hold accountable those who illegally profit by capitalizing on the public’s interest in digital assets,” commented Lara Mehraban, Associate Regional Director of SEC’s New York office.  An Australian promoter of BitConnect was arrested last year by the Australian Securities and Investments Commission (ASIC).  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Amazon is getting ready to switch on a new service called Amazon Sidewalk, and if you own an Echo device, or a Ring Floodlight and Spotlight Cam, then the chances are that you are going to start donating part of your internet connection to making this work.  The idea behind Amazon Sidewalk is that without a reliable internet connection, having a device like a webcam doorbell or security doorbell is somewhat pointless. So, to combat this poor connectivity, Amazon is planning to turn select Echo and Ring devices into Sidewalk Bridges and use your internet connection to help others.And starting June 8 (US only for now), Amazon will be turning your devices into Sidewalk Bridges unless you opt-out.Here’s how Amazon describes it:”Amazon Sidewalk helps your devices get connected and stay connected. For example, if your Echo device loses its wifi connection, Sidewalk can simplify reconnecting to your router. For select Ring devices, you can continue to receive motion alerts from your Ring Security Cams and customer support can still troubleshoot problems even if your devices lose their wifi connection. Sidewalk can also extend the working range for your Sidewalk-enabled devices, such as Ring smart lights, pet locators or smart locks, so they can stay connected and continue to work over longer distances. Amazon does not charge any fees to join Sidewalk.”Later this month, Tile tags will be able to connect to Amazon sidewalk, extending their capability and making them more competitive in the face of Apple’s AirTag.Must read: Dumping Google Chrome resulted in one colossal benefit

How much of your bandwidth will Sidewalk use up? According to Amazon, it is restricted to 80Kbps, or as Amazon puts it, about 1/40th of the bandwidth used to stream a typical high definition video, and the total monthly usage is capped at 500MB, which, as Amazon puts it, is equivalent to streaming about 10 minutes of high definition video.But is it secure?Amazon says yes, and has published a privacy and security whitepaper outlining how it has accomplished this. This document concludes with why uses should have this feature enabled:”By sharing a small portion of their home network bandwidth, neighbors give a little—but get a lot in return.”But does trust needs to be earned?Want to say no to Amazon Sidewalk? Here’s how:Fire up your Alexa appTap More and then SettingsTap Account SettingsTap Amazon SidewalkNow you can turn Amazon Sidewalk on or off What do you think about Amazon Sidewalk? Let me know in the comments below. More

Image: Getty Images
The federal government has responded to a report on age verification for online wagering and online pornography, saying it is considering, at least in principle, if the nation’s digital identity system could be extended to help with protecting children from online harms.The House of Representatives Standing Committee on Social Policy and Legal Affairs closed its inquiry into age verification for online wagering and online pornography last year, tabling a report in February 2020.Making a total of six recommendations, the committee asked the Digital Transformation Agency (DTA) to extend its digital identity program to include an age-verification exchange for the purpose of third-party online age verification. This was despite the eSafety Commissioner saying on many occasions there are no “out-of-the-box technology solutions” that would solve this issue and it is her opinion that age verification should not be seen as a panacea.In response [PDF] to the recommendation, the government said it supports it in principle.”Initially, the government’s priority will be to complete work underway that explores the potential for changes to the policy and accreditation framework … depending upon the findings of this work, further technical interventions may be required,” it wrote. “If so, the government agrees that the Digital Transformation Agency is well placed to explore extending the digital identity program.”The DTA, in November 2019, declared its digital identity play would be a valuable tool in verifying an individual’s age before allowing access to online pornographic material.

Must read: Researchers want Australia’s digital ID system thrown out and redesigned from scratchThe committee also recommended the DTA, in consultation with the Australian Cyber Security Centre (ACSC), develop standards for online age verification for age-restricted products and services.It said these standards should specify minimum requirements for privacy, safety, security, data handling, usability, accessibility, and auditing of age-verification providers.The government said it supports this recommendation in principle.”The government is committed to protecting young people while safeguarding the privacy and security of people of all ages in an increasingly digital environment,” it said.Such commitments include work from eSafety on the development of a roadmap for the implementation of a mandatory age verification regime for online pornographic material, as well as work underway by the Department of Social Services which is completing a review of customer verification requirements for online wagering services.”Subject to the findings of the work outlined above, further technical standards-based work may be required which could include requirements for privacy, safety, security, data handling, usability, accessibility, and auditing of age-verification providers,” it said, noting it considers the DTA and the ACSC “well-placed” to provide assistance or advice.In its response to the remaining recommendations, the government pointed to the yet-to-be-passed Online Safety Act, the Australian Competition and Consumer Commission’s work on app marketplace practices, and work from eSafety including its Safety By Design initiative as helping address the concerns raised by the committee.”While there are no simple solutions to any online safety issue, technologies, such as age verification, age assurance, and age prediction, are developing at pace,” the government wrote. “If used in conjunction with filtering and other proactive user safety settings, they can play a role in limiting exposure to harmful content for children.”It said it also recognises that technological solutions alone would not stop all children from accessing online pornography or other age-inappropriate services. “A multifaceted approach that includes parental engagement and education is vital to reduce the adverse effects of online pornography and other harmful content. Online safety requires long-term, sustained social and cultural change, through the coordinated efforts of the global community, and greater collaboration and consultation between industry, government, and the general public,” it said.RELATED COVERAGENow the DTA wants its digital ID used for porn age verificationIt would require for the program to be extended to the private sector.Shorten wants Morrison to pivot social media ‘evil’ remark to fighting online harms to kidsFormer Opposition Leader Bill Shorten has taken the Prime Minister’s ‘evil one’ concerns and turned it into protecting those underage from accessing pornography online.Australia’s eSafety and the uphill battle of regulating the ever-changing online realmThe eSafety Commissioner has defended the Online Safety Act, saying it’s about protecting the vulnerable and holding the social media platforms accountable for offering a safe product, much the same way as car manufacturers and food producers are in the offline world.Australian government prefers education over prosecution to deter cyberbullyingThe government has responded to a three year-old report on cyberbullying, saying many of the requests the committee made were included in the country’s controversial Online Safety Bill which passed the House only last month. More

Image: Getty Images/iStockphoto
United States-based food processing company JBS USA has confirmed falling victim to a cyber attack, with the aftermath affecting its North American and Australian systems.”On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” it said in a statement. “The company took immediate action, suspending all affected systems, notifying authorities, and activating the company’s global network of IT professionals and third-party experts to resolve the situation.”JBS said its backup servers were not affected, and that it was actively working with an incident response firm to restore its systems “as soon as possible”.It also said it is currently not aware of any evidence to suggest customer, supplier, or employee data has been compromised or misused as a result of the attack. “Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” it added.Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

Over in New Zealand, Waikato District Health Board (DHB) has issued an update to the ransomware attack it suffered two weeks ago.Waikato DHB on May 18 experienced a full outage of its information services. On Monday, the organisation said progress was being made to restore its IT systems and that the focus was to move towards a recovery phase to “progressively stand up services”.It said clinical services across all departments and hospitals ran relatively smoothly over the weekend, but reiterated that emergency departments at all the DHB hospitals in Waikato, Tokoroa, Te Kuiti, Taumarunui, and Thames should be kept for emergencies only.Work on IT systems, Waikato DHB said, is continuing in “priority areas for restoration” across radiation therapy, lab systems, radiology for imaging, result viewer, and IPM, which is the organisation’s patient management system. “There is a recovery process needed before these are functioning services,” it said.”We continue to work with legal experts and the Privacy Commissioner as the investigation is ongoing. A number of individuals were identified last week and the majority have now been contacted.”RELATED COVERAGE                       More

The Brazilian government has passed new legislation introducing tougher measures against fraud and crimes perpetrated in the digital environments.According to the law 14.155 sanctioned last Thursday (27), the Brazilian Penal Code has been altered to add more stringent penalties in relation to device invasion, theft and misconduct in digital media environments, as well as crimes committed with information provided by someone induced to or erroneously through fraudulent emails, social networks, or contacts via telephone.

Crimes that are included in the scope to the new legislation include cloning of messaging apps such as WhatsApp, whereby criminals can, for example, request money from the victim’s contacts, and phishing. Brazil is a world leader in phishing attacks, with one in five Internet users in the country targeted at least once in 2020.The updated law establishes sentences and fines with the length of jail terms increasing if the victim suffers economic damage, for crimes relating to the invasion of electronic devices such as smartphones and computers as the objective of obtaining, tampering with or destroying information without the consent of users, or with the goal of installing software to obtain illicit advantage. Moreover, the updated law also relates to theft through fraud via an electronic device, with or without the violation of security mechanisms in place, or through use of malicious software, or by any other fraudulent means. Under the recently sanctioned legislation, sentences for cybercriminals can range between 1 to 8 years in addition to fines, with penalties increasing if crimes are committed through server infrastructure based outside Brazil, or if the victim is elderly or vulnerable. The introduction of tougher penalties for cybercriminals In Brazil follows legislation passed in March that criminalize stalking online and in physical environments. The penalty for such practices, which can be amplified through social networks, is a jail term that can range between 6 months to 2 years, in addition to a fine. More