Oil terminals in some of Europe’s biggest ports appear to have been disrupted by ransomware, according to reports.

A broker in the region told AFP that the attacks are disrupting the oil supply chain.

“There was a cyber-attack at various terminals, quite some terminals are disrupted,” Jelle Vreeman, senior broker at Riverlake in Rotterdam, told the newswire.

“Their software is being hijacked, and they can’t process barges. Basically, the operational system is down.”

The Amsterdam-Rotterdam-Antwerp oil hub, which spans ports across the Netherlands and Belgium, is believed to have borne the brunt of the attacks. AFP cited local Belgian reports that logistics and storage firm SEA-Tank Terminal is one of those impacted in Antwerp.

According to a separate report from The Associated Press, at least two energy companies in the Belgian ports of Antwerp and Ghent were hit by cyber-attacks, with the government’s Federal Computer Crime Unit opening an investigation.

This follows reports earlier this week that two German oil logistics firms were struck by ransomware: Oiltanking GmbH Group and Mabanaft Group.

Both companies were forced to declare force majeure, a legal clause used in emergencies when companies cannot fulfill their contractual obligations.

However, the head of Germany’s federal office for information security, Arne Schönbohm, is quoted as saying the incident is serious but “not grave.”

Anglo-Dutch oil giant Shell has already admitted it has been forced to reroute supplies due to the incident.

The news has uncomfortable echoes of the Colonial Pipeline attack in May 2021, which crippled oil supplies up and down the US east coast for days, leading to queues at gas stations.

This time the culprit, at least in the attacks in Germany, appears to be BlackCat (aka “alphv”), a relatively new ransomware-as-a-service variant.

Trustpilot said today that it is planning legal action against businesses involved in soliciting fraudulent reviews on its site.

The Danish consumer reviews platform said it was forced to remove over two million fake reviews in 2020 alone, accounting for nearly 6% of those submitted to its site that year.

Although the firm is investing in automated fraud, enforcement and anomaly detection technologies, it said this will now be matched by a step-up in litigation efforts.

Repeat offenders will be hit with enforcement action. Trustpilot said it would seek to prevent them from soliciting fake reviews and try to recover any damages owed. If successful, these will be donated to organizations that protect consumers from online misinformation.

Other tools at Trustpilot’s disposal are cease and desist notices, termination of business, and public banners on offending firms’ profile pages indicating fraud.

“Consumers rely heavily on reviews to make more informed and confident purchasing decisions each and every day. Protecting and promoting trust is fundamental to Trustpilot’s mission,” said the digital firm’s chief trust officer, Carolyn Jameson.

“Whilst the vast majority of businesses use reviews constructively to help get them closer to their customers, we’re prepared to do everything within our power to clamp down on the small minority who do not behave as they should, and instead  use fake and misleading reviews to take advantage of consumers – often those consumers who are particularly vulnerable.”

Fake reviews are an increasing problem for platform providers, consumers and innocent vendors. A report out last year estimated that they could be responsible for as much as $152bn in purchases.

Also, last year, a misconfigured cloud database exposed a significant scheme by vendors using the Amazon marketplace to buy fake reviews from consumers. Vendors send reviewers a list of products to choose from, and if they leave a five-star review, the individual will get to keep the item.

At least 200,000 fake reviewers were implicated in this one scheme alone.

The situation has deteriorated to the point that regulators are stepping in. Last June, the UK’s Competition and Markets Authority (CMA) announced the opening of a formal probe into Amazon and Google over concerns that they’re not doing enough to protect consumers from fake reviews. 

Cybersecurity education provider Infosec Institute is offering scholarships to 15 individuals from underrepresented groups in the cybersecurity industry. 

The $225k in scholarship opportunities will be meted out to veterans, people who identify as BIPOC, students, women who are actively pursuing a career in cybersecurity and members of the LGBTQI+ communities.

Infosec said awarding the scholarships was to reduce the cyber skills and diversity gaps in the industry.

The latest opportunities are part of the institute’s Accelerate Scholarship Program , which has awarded over $500k to aspiring cybersecurity professionals since it was set up in 2018. 

Under the program, 15 scholarship recipients are selected each year to receive lifetime subscriptions to the virtual cybersecurity training resource Infosec Skills which includes access to more than 1400 practical courses, certification training and hundreds of virtual labs in the institute’s cloud-hosted cyber ranges. 

“The need for trained cyber professionals continues to grow, and so does our commitment to helping aspiring professionals advance their careers or get started in this industry,” said Jack Koziol, Infosec CEO and founder. 

“Cybersecurity education can be cost and time prohibitive. Our goal with these scholarships is to break down the barrier of entry, helping fill security roles with talent who bring new perspectives and experiences to our industry.”

Applicants must be at least 18 years old to apply and must be resident in the United States. The deadline to apply for the 2022 Infosec Accelerate Scholarship Program is July 31 2022. Successful applicants will be announced in the first week of September.

The Infosec Accelerate Undergraduate Scholarship is open to college students actively pursuing an associate or bachelor’s degree in a cybersecurity-related field. To apply, students must have a GPA of 3.0 or higher. 

“Now in the fifth year of offering this program, we’re proud to support the growth of our scholarship winners,” said Koziol. 

“We’ve seen many successes with our previous recipients, the motivation and drive they have to learn is inspiring. We will continue to push for and provide opportunities for all types of people to excel in the cybersecurity industry.”

The United States Department of Homeland Security has established a Cyber Safety Review Board (CSRB) to investigate “significant cyber incidents.” 

Mandated via President Joe Biden’s May 12 2021 executive order (EO 14028) on improving the nation’s cybersecurity, the board “shall review and assess, with respect to significant cyber incidents […] affecting Federal Civilian Executive Branch Information Systems or non-Federal systems, threat activity, vulnerabilities, mitigation activities and agency responses.”

The CSRB, which was chartered on September 21 2021, will only operate in an advisory capacity.

Rob Silvers, the DHS’ undersecretary for strategy, policy and plans, has been selected to chair the board for two years. Together with Cybersecurity and Infrastructure Security Agency director Jen Easterly, Silvers will choose up to 20 individuals to serve as board members.

CSRB will be formed by a mixture of government workers and private sector representatives who may need to obtain security clearances. According to instructions included in Biden’s EO, the person chosen to serve as the board’s deputy chair should work in the private sector. 

Members will include at least one representative from the Department of Defense, the Department of Justice, DHS, CISA, the National Security Agency and the Federal Bureau of Investigation. 

A notice published in the Federal Register Thursday stated: “The CSRB will convene following significant cyber-incidents that trigger the establishment of a Cyber Unified Coordination Group as provided by section V(B)(2) of Presidential Policy Directive (PPD) 41; at any time as directed by the President acting through the Assistant to the President for National Security Affairs (APNSA); or at any time the Secretary or CISA Director deems necessary.”

After reviewing a cyber-incident, the CSRB “may develop advice, information, or recommendations for the Secretary for improving cybersecurity and incident response practices and policy.”

The notice said that CSRB’s advice on cybersecurity would be made publicly available “whenever possible” but that some information may be redacted to prevent the disclosure of sensitive data.

DHS secretary Alejandro Majorkas has exempted the board from the transparency rules of the Federal Advisory Committee Act “in recognition of the sensitive material utilized in CSRB activities and discussions.”