Never a dull moment: A recap of important cybersecurity events
Cytex Resilience Newsletter
The cybersecurity landscape has experienced a series of unprecedented challenges in recent months. From large-scale infrastructure disruptions to data breaches affecting billions, organizations are facing a perfect storm of cyber threats. This newsletter examines these critical incidents, incorporating relevant statistics, and offers insights into mitigating their impact.
2024 Deja Vu of Y2K: A single technical glitch in CrowdStrike’s software update triggered the largest IT outage. A misconfigured CrowdStrike Falcon sensor update caused the IT outage, leading cybercriminals to create fake domains with phishing attacks and malware. The domino effect – Blue Screen of Death (BSOD). A faulty driver file “Channel file 291” triggered "Kernel Panics," resulting in the dreaded BSOD on Windows machines. These drivers loaded at boot-up, sent affected systems into recovery mode.
CrowdStrike Aftermath: Lessons Learned
A security update did what no hacker had ever done before! Approximately 8.5 million Windows devices were affected, causing disruptions in airlines, hospitals, and financial institutions worldwide.
Within hours of the incident, security researchers began to report on threat actors leveraging the outage for phishing campaigns. Phishing domains such as “crowdstrikebluescreen[.]com” and “crowdstrikefix[.]com” were discovered.
Delta is planning to sue Microsoft and CrowdStrike for lost revenue. The outages cost Delta an estimated $350 million to $500 million, leading to over 176,000 refund or reimbursement requests due to nearly 7,000 canceled flights. The CrowdStrike incident resulted in a total loss of $5.4 billion for Fortune 500 companies, excluding Microsoft. It would not be surprising to see additional lawsuits as well.
Recovery
If your organization was impacted by the CrowdStrike outage, you'll have plenty of stories to tell at the next family dinner. Threat actors are exploiting this crisis with a surge in phishing emails and scams impersonating the vendor. Here’s what to watch out for:
Urgent call to action: Be wary of urgent emails and messages requiring immediate action. These often involve claiming rewards or avoiding penalties, using a sense of urgency to trick you into not thinking critically or seeking advice.
Mismatched email domains: If the email claims to be from a reputable company like Microsoft or your bank but is sent from a different email domain like Gmail.com or microsoftsupport.ru, it's likely a scam. Watch out for subtle misspellings of the legitimate domain name, such as micros0ft.com or rnicrosoft.com. Scammers often use these tricks.
Tip: Whenever receiving a message requiring immediate action, take a moment to pause and verify its authenticity. Slow down, prioritize safety, and confirm the legitimacy of the message.
Suspicious links or unexpected attachments: If you suspect a message or email is a scam, avoid opening any links or attachments. Hover over the link without clicking to check the address. Verify if the address matches the one in the message.
Spelling & grammar: Professional organizations ensure high-quality content by having an editorial and writing team. Email scams often contain spelling and grammatical errors, sometimes due to poor translation or deliberate attempt to bypass filters.
The internet witnessed the biggest credential breach with the leak of "RockYou2024," containing 10 billion unique passwords on a hacking forum. RockYou2024 is not just a single event. It is a collection of old and recent breaches, significantly increasing the risk of credential stuffing attacks. Hackers are targeting companies like Santander and Ticketmaster, showing the potential damage from such attacks.
Credential stuffing attacks on cloud service providers (Snowflake, Ticketmaster) highlight supply chain vulnerabilities leading to financial losses, data breaches, and reputational damage. Here's what you can do:
Change passwords immediately and enable Multi-Factor Authentication (MFA). This two-step approach makes it much harder for attackers to break in, even if they steal your password.
Use a password manager to create and store strong, unique passwords for all your accounts. Eliminates the need to remember complex passwords and simplifies secure logins.
Check for compromised credentials with CloakedPrivacy's FREE data breach lookup. Knowing if your information is exposed is crucial for taking action.
Subscribe to a data breach monitoring service in CloakedPrivacy to receive alerts if your organization or employee data appears on the dark web. Early detection allows for faster response.
App Store: Download CloakedPrivacy
Google Play: Download CloakedPrivacy
Train employees about the dangers of weak passwords and reusing them across accounts. Phishing attacks often exploit these habits.
By taking these steps, you can mitigate the risks associated with the RockYou2024 leak, whether you're an individual or a business. This event underscored the persistent threat of credential theft and the critical need for robust identity and access management practices.
Ransomware attacks on critical infrastructure are on the rise. The ransomware attack on the Los Angeles County court system, the largest US trial court, disrupted essential legal services, impacting all 36 courthouses. This incident demonstrated the vulnerability of critical infrastructure to cyber extortion and the potential for severe disruptions to essential services. The closure follows a global IT outage caused by a CrowdStrike update, with the timing of the events appearing to be a coincidence.
Justice Delayed is Justice Denied: The LA court disruption is causing trial delays, backlogs & frustrations, impacting the right to a speedy trial, a fundamental aspect of justice, and emphasizing the need for proactive cybersecurity to ensure operational continuity.
As the world converges on Paris for the Olympics, cybercriminals see an opportunity to strike. With millions of spectators and athletes converging on the City of Lights, the potential for a DDoS attack or data theft is significant. The adversaries are likely to use AI, which was missing from the 2021 and 2018 Olympics. Given that nearly 25% of free Wi-Fi networks in Paris lack encryption, the risk of a successful cyberattack is heightened.
“It's very difficult to stop it because what the malicious actors do is, they deploy millions and millions of devices, and they start to flood to your communication network with legitimate requests,” Taimur Aslam, CTO Cytex, Inc.
The task of defending against threats relies on essential cybersecurity measures like data backups, managed detection and response, system patching, managing third-party risk, penetration testing, and disaster recovery plans to ensure smooth operation of any enterprise or major event.
“One of the best preventative actions would be to educate all the athletes, educate all the visitors who are going there about the dangers of phishing, Smishing, and to be on the lookout for any malicious activity that they noticed when they're using their own devices,” Taimur Aslam, CTO Cytex, Inc.
Fortifying Your Defenses
The convergence of these cyber threats, characterized by unprecedented scale and impact, underscores the need for a proactive and comprehensive approach to cybersecurity. Cybersecurity goes beyond tech; it's about people. 70% of cyberattacks target human error. Phishing is the 2nd most expensive attack with losses of $4.76 million. Security training reduces breach cost by $232,867. Phishing emails are also commonly used in ransomware attacks. Employees can be your first line of defense if trained to detect & disrupt attacks. Cultivate & foster a culture of cyber awareness within your organization to reduce the potential of insider threats & boost cyber resilience.
Security training reduces breach cost by $232,867
Cytex provides AI powered cybersecurity, risk management, and compliance operations in a unified resilience platform.
Interested? Find out more at https://cytex.io
📰 Paris Olympics: Let the (Cyber Aggressor) Games Begin
Cytex CTO Taimur Aslam analyzes Paris 2024 cyber threats amid rising tensions and AI advancements.
Read more at InformationWeek →
Sharp insights, interesting analysis & a fresh perspective on August's biggest cyber events
Informative!!