November 8, 2024

The curious case of Medibank’s disappearing ransomware guard

Medibank #Medibank

Carbon Black was evidently satisfied with its work at the country’s largest health insurer. A promotional pamphlet posted to VMware’s website later described Medibank’s use of its “dynamic approach to endpoint security” as a “success story”.

It detailed how Medibank was suffering an average of between two and three ransomware attacks that were bypassing the company’s existing antivirus products quarterly. Since deploying Carbon Black, 100 per cent of ransomware attack attempts were prevented.

That all sounds pretty good. Which is why it seems odd that VMware appears to have since deleted the Medibank material from its website. A note declaring “Page Not Found” is all that remains. Hmm.

Internet archives show the material was still online as recently as May, though it remains unclear as to how long after that it disappeared.

Nevertheless, we would hope it wasn’t after Medibank first disclosed the hack on its systems on October 13 (since suspected to have been launched by a ransomware group with ties to the Russian-speaking REvil cybercrime gang).

That would be a bad look. Not unlike when VMware last month settled charges by the US Securities and Exchange Commission that it misled investors by, err, obscuring its financial reports, a violation of anti-fraud provisions. Whoops!

We can’t imagine the missing Medibank testimonial on VMware’s website had anything to do with wanting to avoid association with ground zero of Australia’s worst cyberattack.

Indeed, no one has even pointed the finger at Carbon Black (which has a good reputation) as being part of Medibank’s vulnerability. Rather, the crooks’ own messages with Medibank name-checked two systems, being Atlassian’s Confluence, and Amazon Web Services’ RedShift. And with an independent review only just launched, it’s unlikely we’ll know where fault lies for some time.

VMware on Thursday didn’t respond to our multiple queries. Though we understand Medibank was told by VMware that it wasn’t unusual for it to rotate marketing materials on their website. Well, this one rotated right out of existence!

It’s not like VMWare is exactly ducking for cover at the moment. Indeed, it took out space reserved for sponsored content in The Australian Financial Review on Monday, where the company’s local managing director Brad Anderson called for greater government investment in technology skills.

We can’t say it isn’t an opportune time to be pushing that particular barrow.

Leave a Reply