Risky Business #654 -- FBI arrests deeply annoying cryptocurrency influencers

Laundering USD$3.6bn in crypto with Walmart gift cards? That'll take a while...
09 Feb 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A spate of ransomware attacks on European energy and transport
  • Russian authorities extend cybercrime crackdown
  • Irritating influencers arrested for laundering 2016 Bitfinex hack proceeds
  • IRS abandons ID.me trial
  • Microsoft disables macros by default, disables MSIX protocol handler
  • Much, much more

This week’s show is brought to you by ExtraHop.

Extrahop’s Ted Driggs is this week’s sponsor guest – he was on the show about a year ago talking about how we should really start thinking about putting together software bills of behaviours as well as bills of material. Ted is back to tell us how that effort is progressing. As you’ll hear, a lot of the behavioural data on software already exists, but it’s being hoarded by different vendors.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware spree hitting European oil, transport companies
String of cyberattacks on European oil and chemical sectors likely not coordinated, officials say - The Record by Recorded Future
Weeks after a ransomware attack, some workers still worry about paychecks
Russian government continues crackdown on cybercriminals
Cyberattack brings down Vodafone Portugal mobile, voice, and TV services - The Record by Recorded Future
An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’ - The Record by Recorded Future
DOJ seizes $3.6 billion from 2016 Bitfinex hack, arrests New York couple - The Record by Recorded Future
Woman Who Allegedly Laundered $1B in Bitcoin Was Cringe YouTube Rapper
NetWalker ransomware affiliate sentenced to seven years in prison - The Record by Recorded Future
IRS abandons plans to use third-party facial recognition
DHS assembles Cyber Safety Review Board to imitate fed agency that studies aviation accidents
Senate lawmakers try again on cyber incident reporting legislation - The Record by Recorded Future
Microsoft temporarily disables MSIX protocol handler following malware abuse - The Record by Recorded Future
Microsoft to block internet macros by default in five Office applications - The Record by Recorded Future
Microsoft says MFA adoption remains low, only 22% among enterprise customers - The Record by Recorded Future
Google Cloud adds new cryptomining threat detection capability - The Record by Recorded Future
News Corp. says Wall Street Journal, New York Post were targeted by hackers
European governments targeted by Chinese hackers with a Zimbra webmail zero-day - The Record by Recorded Future
Palestinian hacking group evolving with new malware, researchers say
State Department sounds alarm over Red Cross breach
State Department offers $10M for information on Iranian election interference
Iran's national TV stream hacked for the second time in a week - The Record by Recorded Future
Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks | The Daily Swig
The Apache Log4j team talks about the Log4Shell patching process - The Record by Recorded Future
npm enrolls Top 100 package maintainers into mandatory 2FA - The Record by Recorded Future
Target open-sources its web skimmer detector - The Record by Recorded Future
North Korea Hacked Him. So He Took Down Its Internet | WIRED
Cryptocurrency platform Wormhole hacked for an estimated $322 million - The Record by Recorded Future