It’s been a very active week in cybersecurity. Here’s what happening.
This morning many of us are waking up to the news of a massive hack at online trading exchange Binance. According to CNBC, Binance is reporting that a cross-chain bridge linking with its BNB Chain was targeted, enabling hackers to withdraw two million BNB tokens — about $570 million at current prices — from the BNB Chain. Trading has been temporarily halted as a result of the incident.
One of the world’s most loved luxury sports car companies appears to have been hacked, but so far has denied reports of an attack. This is despite the fact that more than 7G of Ferrari internal data has been circulating online. While circumstances point to a ransomware attack, the car manufacturer insists there no evidence of a compromise of its systems or ransomware, and that its business and operations are not impacted. Ferrari continues to investigate the incident.
Insurance giant Lloyd’s of London reset its network and systems Wednesday after it identified unusual network activity. The company has not yet disclosed the nature of the incident. According to a company statement, the system and network reset was a precautionary measure.
Colombia’s National Food and Drug Surveillance Institute (INVIMA) has been impacted with a cyberattack which has disabled its website and disrupted operations at the agency. Connections to its servers have also been impacted. The incident was announced on Monday and as of Wednesday INVIMA’s website was still offline.
One of the largest nonprofit health systems in the U.S., CommonSpirit Health, is dealing with a significant attack. The incident is causing IT disruptions at multiple subsidiary hospitals across the country. CommonSpirit operates more than 700 care sites and 142 hospitals in 21 states. The incident began in early October.
Finally, this was announced on September 30th, but it’s worth noting that Mexico’s president says “a massive trove of emails” from the country’s Defense Department has been taken by a group of hackers from military and police agencies across several Latin American countries. The acknowledgement by President Andrés Manuel López Obrador comes after Chile’s government admitted the prior week that emails had been stolen from its Joint Chiefs of Staff. Obradaor said the intrusion apparently occurred during a change of Defense Department systems.
That’s a wrap for the week. Have a great weekend!
Top Global Security News
CNBC (October 7, 2022) $570 million worth of Binance’s BNB token stolen in another major crypto hack – CNBC
Cryptocurrency exchange Binance temporarily suspended its blockchain network after hackers made off with around $570 million worth of its BNB token.
Binance said late Thursday a cross-chain bridge linking with its BNB Chain was targeted, enabling hackers to move BNB tokens off the network. So-called cross-chain bridges are tools that allow the transfer of tokens from one blockchain to another.
The company said it had worked with transaction validators to pause creation of new blocks on BSC, suspending all transaction processing while a team of developers investigates the breach.
Binance is the world’s largest crypto exchange by trading volume.
Databreach Today (October 5, 2022) Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
A federal jury found former Uber security chief Joe Sullivan guilty of two felonies after a four-week trial in San Francisco.
The jury agreed with U.S. prosecutors who charged Sullivan, 53, in a criminal complaint with “a scheme to withhold and conceal” a 2016 data breach affecting tens of millions of Uber account holders.
The trial was a landmark, likely marking the first time a chief security officer has faced criminal charges over an incident response.
Sullivan faces up to eight years in prison and $500,000 in fines, a stark reversal of fortune for a man who held senior cybersecurity positions at Facebook and Cloudflare and earlier in his career was a pioneering cybercrime prosecutor with the Department of Justice.
Cybersecurity Dive (October 5, 2022) Lloyd’s cuts external connections after identifying ‘unusual’ network activity
Lloyd’s of London reset its network and systems Wednesday after it identified unusual network activity, it said in a statement provided to Cybersecurity Dive. Lloyd’s did not disclose the nature of the incident.
“As a precautionary measure, we are resetting the Lloyd’s network and systems. All external connectivity has been turned off, including Lloyd’s delegated authority platforms,” a spokesperson said.
The organization informed market participants and other relevant parties, a spokesperson said. “We will provide more information once our investigations have concluded.”
The Record (October 5, 2022) Colombia National Food and Drug Surveillance Institute hit with cyberattack
Colombia’s National Food and Drug Surveillance Institute (INVIMA) said it is dealing with a cyberattack that has disrupted operations at the agency.
The organization said in a statement on Monday it has disabled its website, as well as connections to its servers while it investigates the attack. As of Wednesday, its website was still offline.
“Thanks to the timely response of our technical team, it has been possible to verify that the information, privacy and confidentiality of the data that the entity manages are protected,” the institute said in a statement on Monday.
According to INVIMA, the systems used to manage the import authorization of vital medicines is currently unavailable.
SC Media (October 5, 2022) CommonSpirit cyberattack spurs IT outages at CHI Memorial, hospitals across US
A cyberattack deployed against CommonSpirit has led to IT outages at hospitals across the U.S., including multiple CHI Memorial hospitals in Chattanooga, Tennessee. Local media outlets report the incident has also caused disruptions at hospitals run by Virginia Mason Franciscan Health (VMFH) in Seattle.
While some local reports purport the attack struck the electronic health record (EHR) vendor, the cyber incident indeed struck CommonSpirit: the second-largest nonprofit hospital chain in the country. CommonSpirit operates more than 700 care sites and 142 hospitals in 21 states.
The cyberattack was confirmed by a CHI Memorial spokesperson, who confirmed “an IT security issue” at its parent company CommonSpirit Health. CHI Health operates 28 hospitals in the U.S., including Tennessee and Nebraska, where impacts have been confirmed.
Security Affairs (October 3, 2022) RansomEXX gang claims to have hacked Ferrari and leaked online internal documents
The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.
Ferrari is investigating the leak of the internal documents and announced it will implement all the necessary actions.
While the circumstance suggests the company could have suffered a ransomware attack, the car manufacturer that it has no evidence of a compromise of its systems or ransomware, it also added that its business and operations were not impacted.
Associated Press (September 30, 2022) Hack Puts Latin American Security Agencies on Edge
A massive trove of emails from Mexico’s Defense Department is among electronic communications taken by a group of hackers from military and police agencies across several Latin American countries, Mexico’s president confirmed Friday.
The acknowledgement by President Andrés Manuel López Obrador comes after Chile’s government said last week that emails had been taken from its Joint Chiefs of Staff.
The Mexican president spoke at his daily news conference following a local media report that the hack revealed previously unknown details about a health scare he had in January.
López Obrador downplayed the hack, saying that “there’s nothing that isn’t known.” He said the intrusion apparently occurred during a change of Defense Department systems.
Other Top Security News
Rise in Cyberattacks Stretches and Stresses Defenders – WSJ Pro (requires subscription)
*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-october-3-2022