Pinkerton Insights Podcast

The Panama Canal is operating with draft restrictions due to a severe drought related to El Niño last week. The last five months have been the driest dry season in the history of the canal. Water levels on Gatun Lake and in the New Panamax locks are dropping. Since April, vessels transiting the New Panamax locks are restricted to drafts less than 44 feet. A further restriction of the maximum drafts to less than 43 feet was to go into effect, but it has been postponed. To comply with the draft restrictions, carriers have reduced their cargo stowage. We asses that regular cargo shipments that transit the Panama Canal are likely to be further delayed as Panamax and New Panamax ships will have to transit the canal with smaller cargo loads. Unless the region receives significant rainfall that would recharge the water levels in the next month or two, it is highly likely that carriers will have to restrict or roll bookings to meet the maximum draft requirements. As the current draft restriction is the fifth

Last week in Mexico, the Environmental Commission of the Megalopolis declared an“extraordinary environmental emergency” due to the high levels of PM 2.5, an atmospheric particulate matter, and ozone in Mexico City and surrounding states.  In Brazil, thousands of university professors and students protested nation wide against cuts on the federal budget affecting higher education in the country last week.  A group of gunmen attacked a coal mine operation and detonated a bomb last week in the Harnai District in northeastern Balochistan province of Pakistan, killing at least five people and injuring one.  About 15 Greenpeace activists conducted a demonstration in Sydney, Australia to demand that political parties take action against climate change and recognize the climate emergency.  The Portuguese parliament rejected a retroactive wage increase for the teachers’ union last week, worth 635 million euros, arguing that public finances cannot sustain the expenditure.  In the U.S., Weather reports informed that hea

Last week in Pakistan, an outbreak of Human Immunodeficient Virus was reported in the cities of Ratodero and Naudero, in the district ofLarkana in the province of Sindh.  The Nigerian Interior Minister informed last week that at least 55 people were killed and at least 30 were injured after a gasoline tanker truck exploded during the evening of May 5. In Russia, Flight SU 1492 of the Russian airline Aeroflot had to make an emergency landing right after take-off last week. Due to technical problems, the aircraft caught fire at the Moscow international airport.  Different businesses and hotels in western Jamaica declared last week their support for the declaration of States of Public Emergency in St. James, Hanover, and Westmoreland. Open sources reported recently that Sudanese demonstrators pledged to organize protests in several embassies across Europe and the United States.  In Turkey, the High Election Board announced last week that the Istanbul elections will be held again on June 23, after the board dismi

As disclosed recently, Vodafone Italy discovered backdoors in Huawei equipment, including home internet network routers and Vodafone’s line network infrastructure.  In the US, a security researcher from GDI Foundation found a leak in a database from Ladders, a popular New York-based job recruitment website which focuses on high-end jobs.  As disclosed last week, cybersecurity specialists from Cisco Talos have detected that hackers are benefiting from the vulnerability found in Oracle Web Logic Service to spread ransomware named Sodinokib.  In Nigeria, local authorities reported last week that a group kidnapped three oil workers of the Niger Delta Petroleum Resources in Ogbele. French President Emmanuel Macron announced a series of reforms last week as a result of the Yellow Vest movement and the three-month political exercise where the president held debates across France to hear the citizen’s concerns.  Chinese and U.S. negotiators started a round of talks in Beijing recently to move closer to a trade deal a

 Last week, eight coordinated explosions occurred throughout Sri Lanka.  It was reported recently that the Congolese rebel group, Allied Democratic Forces is highly likely to be tied to the Islamic State, as a news agency of IS claimed that the identified terrorist group was responsible for its first attack inBeni, Democratic Republic of the Congo.  Last week in the Philippines, it was reported that a 6.1 magnitude earthquake hit the island of Luzon. In Malaysia, a water disruption was announced in Selangor State last week The Urgence Quebec in Canada reported last week that more than 1,500 residents of the province had been evacuated due to six severe floods.  In theU.S., it was reported last week that floodwaters, produced by a storm system affecting western and northern Texas, inundated Dallas Fort Worth’s airport garage and thus affected a dozen parked vehicles.

Last week in India, hundreds of Jet Airways’ employees protested in Mumbai and New Delhi, after the airline declared the suspension of all operations. The airline announced the grounding of all its fleet after they failed to obtain emergency funds from the banks of India. Protesters demanded the government issue a bailout to avoid the cessation of operations. Several employees accused the airline of not issuing pay for months. The company stated that the suspension is likely to be temporary. At least 20,000 employees are at risk. The airline daily operated around 600 flights. However, all of them were canceled. The company owes large sums to its suppliers, oil companies, pilots, and lessors. We find it unlikely that Jet Airways will resume operations in the short term as the company undergoes an economic crisis that is unlikely to resolve. We assess the demonstrations are likely to increase and spread in more Indian cities due to the uncertainty and lack of clear response from the company. Also, it is

In the UK, news outlets reported recently that around 650 British people, represented by Hayes Connor Solicitors, are claiming for damages that go up to 5 million British pounds, or around 7 million dollars US, against the ticket seller company, as they were victims of fraudulent transactions. More than 40,000 UK citizens have been affected by a security breach in Ticketmaster that took place in June 2018, when the firm was hacked. The issue was addressed on April 3, 2019, at the High Court in Liverpool. Ticketmaster declared that the hack was caused by a third-party customer support product of Inbenta Technologies and that the case was reported to the Information Commissioner’s office. Hayes Connor Solicitors stated that negotiations with Ticketmaster have been unsuccessful. Further, its clients have presented stress and anxiety after being victims of hacking attempts, knowing their money and personal data could be used for fraudulent activities.  We find it likely that this security breach will continue to

Recent weather reports indicated that heavy rainfall will continue in the Midwest and Great Plains regions of the U.S. increasing the damage caused by flooding over the last days. It is also expected that snowfall in the states of Nebraska, Iowa, Minnesota, South Dakota, and Wisconsin that could exacerbate the situation. The Mississippi River water level has overflowed causing severe disturbances in the infrastructure in these states. According to media reports, the flooding in the region has caused 3 billion dollars U.S. in damages, and the most affected sector has been agriculture, especially with the crops and livestock losses. Many residents have been forced to evacuate the affected areas. We assess that the weather forecasts indicate that the flooding situation could continue until mid-May in the Farm Belt region. Additionally, the authorities have discovered ruptured dikes on many rivers including the Missouri, Platte, and Elkhorn which could represent a major risk in the long-term. The heavy rainfall f

As reported last week, the United States Federal Emergency Management Agency has informed that due to a mistake, the data of 2.3 million beneficiaries of the Transitional Sheltering Assistance program was exposed. FEMA declared that it shared the database which contained unnecessary data like date of birth, residential address, and in some cases sensitive data linked to bank accounts with an outside; reportedly, the agency revealed the financial data of at least 1.8 million people affected by the hurricanes Maria, Irma, and Harvey. Currently, the Agency has taken corrective steps to delete the information from the contractor’s system; furthermore, it has updated the contract with the contractor to guarantee the compliance of its information exchange and cyber-security protocols.  We assess that because of the nature of the exposed data, this breach is likely to pose a significant threat to the impacted persons. Fraud and identity theft are the crimes that likely could happen if a malicious actor got a hold of

ZOLL Medical Corporation reported a data breach that affected over 275,000 of its customers. The company informed that, during a server migration, e-mails that stored personal data were compromised. The investigation has led them to believe that the information remained exposed from November 8 to December 28, 2018. However, ZOLL did not clarify if attackers had hacked the server or if it was an unintentional mistake; they just informed that a third party was in charge of the exposed archives. At present, the company declared that the compromised data included names, dates of birth, addresses, some social security numbers, and partial medical information.  Due to the sensitive information that the company left unprotected during the server migration, we assess that the data breach could likely pose a significant threat to the impacted clients. Although it is uncertain if hackers attacked the company's server, it is still worrisome that data remained exposed for over a month. We find it likely that more breache

The cyber-security company Cybereason issued a report last week on a new malicious campaign carried out in Japan, which uses Ursnif trojan to steal bank-related information. The cyber-attack begins when the user receives a phishing email that contains an infected Office document, which asks for permission to enable macros; thus, tests to verify if the victim is in Japan begin. Once it is confirmed, a PowerShell payload – fixed in an image – executes Bebloh trojan, which would later download the Ursnif from the malicious actor’s server. Attacks using the mentioned trojan are not uncommon in the country; however, in this campaign, the hackers have overhauled and added functionalities that make it more persistent and difficult to detect. Some of the features are modules targeting anti-PhishWall and Rapport; IE, Outlook, and Thunderbird stealers; and software specialized on disk encryption and theft of cryptocurrency.  We assess that attackers will continue to develop malicious campaigns in the long-term; those l

Last week in India, it was released that a researcher found that a server that contained sensitive information of over 450,000 Delhi citizens had not been appropriately configured, leaving the information accessible to cyber-attackers. Recently, developers from Drupal, the free and open-source content management framework, announced that their security team had discovered a new vulnerability in their system and had consequently released a new version to address the problem.  As disclosed during the recent NDSS Symposium, a group of researchers found three different types of cyber-attacks that could be perpetrated against 4G and 5G LTE mobile networks. 

In the UK, packages containing explosive devices were discovered last week at London City Airport, Heathrow Airport, and Waterloo station within three hours of one another. No injuries occurred as a result of the packages. The packages were white postal bags containing small improvised explosive devices and were stamped by the Irish postal service. The package discovered at Heathrow Airport caught fire when opened by a staff member. Bomb technicians carried out controlled explosions on the other packages. The discovery of the devices did not impact air or rail services. Media reports indicated that an additional suspicious device was found at the University of Glasgow that police believe is possibly linked to the three packages sent the day prior.  The possibility of additional package bombs cannot be ruled out, and the threat is highly likely to remain elevated in the days leading up to the March 29 Brexit decision. A “No Deal” Brexit outcome is projected to have significant economic and security conseque

American government agencies and business have been the target of many malicious attacks by nation-state actors. Analysts at the National Security Agency recently claimed that most of the cyber-attacks are from Iranian and Chinese hackers. Since U.S. President Donald Trump’s decision to conclude the nuclear deal with Iran, as well as constant trade tension between China and the U.S., the attacks have increased. According to media reports, Iranian hackers have attacked government agencies, banks, corporations, and other entities. However, the Chinese cyber-attacks have focused on companies related to the U.S. military, such as technology companies, to gather classified information about trade, military intelligence, and plans. We assess that the consistent cyber-attacks on government agencies and corporations in the U.S. will likely continue as intelligence agencies have not identified the responsible parties yet due to the complexity of the attacks. According to media reports, there are many enterprises have

Open sources reported last week that malicious actors initiated a phishing campaign that uses Google Translate as a facade to steal Google and Facebook credentials. According to experts, the process starts with phishing emails pretending to come from Google with the subject "Security Alert." The content warns about an unverified log-in from a Windows device, and it recommends pressing a button to consult the activity. After the user clicks the link, it will redirect to a Google Translate page that simulates a Google Account log-in. Researchers stated that the phishing page is harder to detect through a mobile browser as it hides better the Google Translate interface and resembles a more legitimate Google Account log-in. If the user enters the information requested, the attackers receive the information via email. Afterward, it redirects to a Facebook log-in page to start the same phishing process. Malicious actors can steal accounts, passwords, and other data related to the person's verification settings such

Late last month, Tech Crunch disclosed an investigation regarding a specialized app distributed by Facebook via third parties and used to collect users’ smartphone activities. Facebook’s Research app was first distributed in 2016 by three beta testing programs: Applause, uTest, and Betabound. Once downloaded, the app has to remain running in the background, and, in return, the user receives $20 US dollar per month in e-cards, and another $20 per every friend referred to the app. The app grants Facebook access to decrypted messages, encrypted messages, Amazon purchase history, web searches, email usage, social networks, all app related information, and games. On March 2018, Facebook used another VPN app named Onavo to gather all the users’ data even though it transgressed Apple Store’s non-data collection policies; the app was later removed from the store. We expect the information gathering methods to continue increasing in the short to medium term as the revenue obtained for the selling and analysis of sensi

Last week in the US, Discover Financial Services Inc. informed the Office of California’s Attorney General of a data breach that they discovered in August 2018, and might affect some of its clients. The company filed a formal notification on January 25; however, the document does not provide information on the number of impacted cardholders, nor on the specific information that was compromised. The company has started to issue a new card for its clients and, in some cases, new account numbers to prevent any fraudulent schemes. The company was emphatic in its pronouncements that the systems were not hacked and that it was a routine notification – required under California state law if more than 500 residents are involved.  We find it highly likely that the company will continue to replace the cards of the potentially affected clients in the short to medium term as a measure to diminish the risk of fraudulent operations. Furthermore, Discover has announced that they would cover unauthorized purchases made possi

Security researchers at RiskIQ in France recently reported a new group as part of the Magecart collective which recently targeted French advertising agency Adverline. The new group, known as Magecart Group 12, conducted their attack by injecting malicious code into a JavaScript library that controls retargeting advertising. The malicious code, similar to previous Magecart attacks, contains a web-based skimmer which steals credit card information. As a result of the attack, Trend Micro identified over 270 e-commerce sites with the skimmer installed, across a range of commerce lines. Some affected sites included those used for travel, cosmetics, healthcare, and apparel. As noted by security researchers, the skimmer code prevents deobfuscation and analysis by conducting frequent internal integrity checks.  We assess that given the ongoing success of Magecart attacks, they will continue in the immediate to long term. Additionally, with a new threat group joining the Magecart collective, we assess it likely that t

In Colombia, a terrorist attack was reported last week at Francisco Paula de Santander Police Academy located in southern Bogota. The suicide bomber evaded the security officers on the entrance, crashed into one of the academy’s buildings and detonated a device as a group of students, and the entrance guards were approaching. The explosive device was composed of 80 kg of pentolite and killed at least ten cadets, injured another 65 police officers, and damaged the windows from buildings and homes outside the complex. The pentolite is also known as buster and is commonly used to clear terrain as well as in mining works; it is comprised of nearly 40% TNT. The police academy hosted a General Brigadier graduation ceremony minutes before the attack took place. Pinkerton expects the situation to worsen as special anti-terrorist operations and governmental retaliation measures are expected to take place. This situation could also affect the government’s resolution to continue the peace talks with the Ejercito de Libe

Last week in Mexico, multiple homicides were reported in Las Virginias Bar located near the tourist area of Playa del Carmen, in Quintana Roo State. According to state authorities, seven people died on the scene after two armed people entered the location and started the shooting. According to the Ministry of Public Security of Quintana Roo, the armed attack may be related to drug trafficking gangs. The authorities also announced that there were no tourists involved in the shooting. So far, the local attorney office has confirmed the capture of two alleged criminals linked to the attack. Pinkerton finds that violence in Quintana Roo has not diminished in recent months despite the capture of dozens of alleged criminal leaders. Instead, the crimes have increased, particularly, after the arrest of Leticia Rodriguez, also known as "Dona Lety" or "La 40," who controlled the drug trafficking and illegal activities in the Riviera Maya, which includes Cancun, Solidaridad, Tulum, Carrillo Puerto, and Puerto Morelos mu