Cyber Security Headlines Week in Review: The fall of FTX, Australia Medibank fallout, supply chain failures

This week’s Cyber Security Headlines – Week in Review, November 14-18, is hosted by Rich Stroffolino with our guest, John Scrimsher, CISO, Kontoor Brands

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com.

At least $1 billion of client funds missing at FTX

The cryptocurrency exchange’s founder Sam Bankman-Fried secretly transferred $10 billion of customer funds from FTX to his own trading company Alameda Research, according to sources speaking to Reuters. A large portion of that total has since disappeared, say the sources, who put the missing amount at between $1 billion and $2 billion. While it is known that FTX moved customer funds to Alameda, the missing funds are being reported by Reuters for the first time. In text messages, Bankman-Fried said he “disagreed with the characterization” of the $10 billion transfer. He continued, “we didn’t secretly transfer, we had confusing internal labeling and misread it,”, without elaborating. Asked about the missing funds, Bankman-Fried responded: “???”

(Reuters)

Australian Federal Police say cybercriminals in Russia behind Medibank hack

The Australian Federal Police (AFP) say they have identified the perpetrators of the hack and attempted extortion of health insurance company Medibank, which stated last week that it would not be making a ransom payment after hackers gained access to the highly sensitive data of 9.7 million current and former customers, including 1.8 million international customers living abroad. Although the AFP did not identify the perpetrators by name, they appear confident that they know who they are pursuing and that they are based in Russia. Medibank has now been listed on the extortion site formerly operated by REvil. Listeners who are interested in pursuing this story may be interested in a podcast episode released by The Guardian in their Full Story series, which is out right now and which describes the hack and its developments in greater detail.

(The Record and The Guardian)

Australia considers ban on ransomware payments

We’ve been covering the details and fallout from the most recent high-profile hack to hit Australia, impacting the insurance provider Medibank. Combined with the Optus breach, personal data on a large percentage of Australians became exposed this year. Now Australia’s home affairs minister Clare O’Neil proposed making ransomware payment illegal, with the aim of decreasing profitability for such breaches. Critics of the proposal say it would move ransom payments underground, using third-parties in other jurisdictions. The government also announced the formation of a new cyber-policing model between the AFP and the Australian Signals Directorate to create a joint standing operation against cyber attacks. 

(InfoSecurity Magazine)

Thousands of sites used for brand impersonation

It turns out massive brand impersonation isn’t just a problem for Twitter these days. According to a report from researchers at Cyjax, China-based threat actors known as Fangxiao operate a massive network of over 42,000 domains, meant to impersonate popular brands. The group isn’t new to the game, first spotting spoofing firms since 2017. It uses the sites to redirect users to adware, dating sites, and fraudulent giveaways, generating revenue from clients who pay for traffic. The sites try to appear convincing, with researchers noting extensive localization options. The group appears to register roughly 300 new brand domains daily. 

(Bleeping Computer)

Thanks to today’s episode sponsor, AppOmni

Can you name all the third party apps connected to your major SaaS platforms like SalesForce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.

Privacy experts cautious about FIFA World Cup Apps

The FIFA World Cup in Qatar starts in just a few days and has been mired in controversy since the country won the hosting honor. Now privacy experts say that two official apps are cause for concern. Ehteraz is a Covid-19 tracking app and Hayya follows fans’ entrance to and from the stadium. The latter requires full network access and unrestricted access to personal data. Øyvind Vasaasen, the head of security at the Norwegian Broadcasting Corporation (NRK) said, “It’s not my job to give travel advice, but personally, I would never bring my mobile phone on a visit to Qatar.”

(Cybernews)

98% of organizations have been severely impacted by cyber supply chain breach

A recent report cited 98% of respondents experienced negative impacts of a cyber breach in their supply chain, according to a new report. The annual report also found that 40% of respondents rely on third-party vendors or suppliers to ensure security. The industry as a whole reported a lack of understanding and communication across the enterprise regarding the role of cybersecurity. 

(Security Magazine)

The effectiveness of Ukraine’s IT army

At the G20 Summit’s “Digital Transformation” panel, Ukrainian President Volodymyr Zelensky said the country’s “IT army” successfully stopped over 1,300 Russian cyberattacks since the start of Russia’s invasion. He also pointed to lessons other countries could adopt to deal with modern cyber warfare. This ranged from shifting to cloud-hosted public registers to keep up benefits to those displaced by the war, to how it kept its Diia state site operational with over 100 contactless public services. This allowed Ukraine to keep offering things like digital passports, tax services, and other critical infrastructure . 

(Dark Reading)

Ten new ransomware families on the scene in the last six months 

That finding comes from Ivanti’s “Ransomware Report from Q2/Q3.” Overall, those ten new families led to a total of 170 documented ransomware families actively seeking to exploit targets. It also found some troubling gaps in ransomware prevention. 18 ransomware vulnerabilities did not get surfaced by popular scanners. The rise in ransomware vulnerabilities also saw a lag in government response, with 124 vulnerabilities not added to CISA’s mandatory patch list. The report corroborates anecdotal reports that healthcare, energy, and critical manufacturing remain the most targeted industries. 

(Dark Reading)