Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
CyberNews CyberTip: Clean your web browser
In day-to-day to use, your web browsers will collect cookies, cached pages and images, and a trail of your visited sites. While some of this data can help personalize your browsing experience, cached data can also create privacy risks and negatively affect the performance of your browser. Consider clearing the cache, cookies, and history of the browser on your PC, Mac, and mobile devices periodically to mitigate these risks.
Meat producer JBS recovers quickly from cyber attack
Full operations have now resumed after the May 30 cyber attack on JBS SA, the world’s largest meat producer. While the cyber attack caused disruptions in processing in Canada and Australia, it forced the closure of all of JBS’ U.S. beef plants, affecting nearly one quarter of American supplies.
The cyber attack is widely believed to have been the work of the REvil ransomware gang, who breached and encrypted a number of the Brazilian-based company’s North American and Australian IT systems. But in a statement June 3, JBS announced that the incident had been fully resolved already, reportedly without resorting to paying ransom.
“The company’s swift response, robust IT systems and encrypted backup servers allowed for a rapid recovery. As a result, JBS USA and Pilgrim’s were able to limit the loss of food produced during the attack to less than one days’ [sic] worth of production,” according to the statement. Andre Nogueira, CEO of JBS’ US Operations, noted that the attackers were never able to penetrate to the company’s core systems, which “greatly reduced potential impact”. He continued: “Thanks to the dedication of our IT professionals, our operational teams, cybersecurity consultants and the investments we have made in our systems, [we] were able to quickly recover from this attack against our business, our team members and the food supply chain.”
There has been no reported indication that customer, supplier, or employee data had been exposed in the incident.
The quick response is a tribute to JBS’ incident preparedness, and will hopefully reduce the threat of an increase in beef and pork prices, relieving pressure on an industry already hit hard by the COVID-19 pandemic.
The attack was the second in just weeks on critical American infrastructure (after the early May cyber attack on Colonial Pipeline), and is sure to strengthen the current calls for stronger cybersecurity measures across all essential services.
Massachusetts ferry system suffers cyber attack
As tourism slowly rebounds in the northern United States, news comes of a successful cyber attack on the Steamship Authority, the largest ferry service in Massachusetts. The June 2 ransomware attack has caused delays and disruptions of ferry transportation between Cape Cod, Nantucket Island, and Martha’s Vineyard.
The Steamship Authority said the incident only affected its back-office operations, and that passenger safety and travel are not at risk. “The issue does not affect radar or GPS functionality,” according to a Steamship Authority spokesperson. “Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process.”
As of June 7, customers were still unable to book or change some reservations online or by phone, as the authority’s website remained down. A temporary site with basic information available has been posted as a temporary alternative as part of their business continuity plan.
No news has been released on the type of ransomware involved in the attack, or whether ransom demands have been made or met.
Founded in 1960, the Steamship Authority employs 750 people at peak season, operating several vessels ranging in capacity from a few hundred to nearly 1300 passengers on its routes.
Chrome browser now warns users of untrusted extensions
Perhaps stung by recent criticism of malware appearing in the Chrome Web Store, Google has announced that it will introduce automatic scanning of the extensions users can install in their Chrome browsers. A warning message will be presented if users attempt to add an extension from a new or untrusted developer. The new extension scanner becomes the latest part of the “Enhanced Safe Browsing” security package, added as a standard part of the Chrome browser in May 2020.
Google says that nearly ¾ of all extensions hosted on the Chrome Web Store were developed by “trusted developers”, i.e., those who adhere to the Chrome Web Store Developer Program Policies. According to Google, it takes at least a few months of playing by the rules to become “trusted”.
However, that leaves the matter of the other ¼ of the extension library: the Chrome Web Store has been abused for years by threat actors who create malware (often mimicking genuine software) or abusing copyright to trick people into downloading malicious software on their computers. Hackers made headlines in May when the fake “Microsoft Authenticator” extension that delivered malware into Chrome stayed on the Chrome Web Store for almost a month, boasting hundreds of downloads, multiple positive reviews (also fake), and a three-star rating. The fake authenticator directed users to a spoofed Microsoft login page that phished the victim’s userid and password.
While the Chrome warning will help identify fake downloads and unscrupulous developers, it is always the user’s ultimate responsibility to independently research and validate any browser extension before installation. Don’t take reviews at face value: consider the number of reviews, the dates of the reviews, and the amount of detail in the comments.