The summer is halfway over, and while you might be taking a vacation soon – hackers and cyber criminals surely are not. We have seen the cybersecurity landscape experience a variety of interesting developments this month, ranging from a massive system outage on Windows computers to simple tips that can save your passwords. Here’s a concise overview of these stories and more.
The CrowdStrike Windows Outage
Discussed around the globe, a recent CrowdStrike update caused Windows computers to crash and display the blue screen of death, affecting companies worldwide. Users first reported the problem on Reddit, indicating that entire organizations could be impacted at the beginning of the outage – a prediction that quickly turned into reality.
The issue stemmed from CrowdStrike’s Falcon Sensor product, which was designed to prevent cyber-attacks, yet malfunctioned and disrupted businesses – impacting transportation from grounding planes in the U.S. to halting trains in the U.K.
Microsoft has been taking mitigation actions and investigating the issue, which began around 6 p.m. Eastern Time on July 19th. Investigators soon realized that the problem was due to a faulty channel file, not a cyberattack, and a workaround was suggested, asking users to boot Windows into Safe Mode, delete a specific system file, and then reboot.
CrowdStrike CEO George Kurtz confirmed the issue is not a cyberattack. However, the workaround is not scalable and requires manual intervention on each system, which presents a challenge for large organizations. Now, we are seeing a significant decline in both CrowdStrike’s stock value and reputation. As more time passes, we will be able to get a better grasp of the implications of this outage.
A Staggering 95% of Organizations Have at Least one Critical Risk
A recent report by OX Security analyzed Supply chain cybersecurity – and came up with a few interesting conclusions. The report found that many applications contained multiple vulnerabilities spanning various stages of the kill-chain, leaving them even more vulnerable to a successful attack. A security exploit referred to as CVE-2024-3094 was discovered, specifically targeting XZ Utils in major Linux distributions demonstrating that attackers continue to use this method effectively.
The widespread presence of these vulnerabilities in code samples highlights persistent risks. On average, AppSec teams monitor 129 applications and handle over 119,000 security alerts annually, with 95% of organizations experiencing at least one high, critical, or apocalyptic risk within their software supply chain, and the average organization facing nine such issues. Additionally, 20% of all applications have high, critical, or apocalyptic issues during the Execution stage. Common vulnerabilities include command injection in 15.4% of applications, sensitive data in log files in 12.4%, and cross-site scripting in 11.4%. Six of the top ten vulnerabilities are linked to poor security practices such as authentication, encryption, exploitable information in logs, and the principle of least privilege.
However, there is some good news. Automated, contextual analysis has reduced the volume of overall alerts by more than 97%, speeding up the identification of critical alerts that organizations need to address. With a faster identification of alerts, companies can recognize and react to a cyber threat before it’s too late.
Healthcare Executive Provides Insight on Cybersecurity
Sunil Dadlani, Chief Information and Digital Officer at Atlantic Health System, will speak at the HIMSS AI in Healthcare Forum on September 5th, about integrating AI-enabled security and cyber defense in healthcare. These information sessions prove to be incredibly important as cyberattack techniques evolve, and so must strategies to protect AI systems.
CIOs, CISOs, and IT leaders need to leverage synergies between AI security and cyber defense. Dadlani’s session, “Dynamic Defense: The Interplay of AI Security and Cyber Threat Mitigation,” will highlight the need for secure AI systems to protect patient data and healthcare operations. AI enhances cybersecurity through advanced threat detection and rapid response, while robust cybersecurity measures protect AI systems. At Atlantic Health System, AI-based identity and access management systems improve security by analyzing user access patterns. Attendees will learn the importance of a comprehensive approach to securing AI solutions, ensuring data security and privacy, and understanding AI’s dual role in enhancing and defending against cyber threats.
Advanced Auto Parts Face a Massive Breach
Advance Auto Parts is notifying over 2.3 million people of a data breach involving stolen personal data. The company operates 4,777 stores and 320 Worldpac branches, serving 1,152 independently owned Carquest stores across North America and the Caribbean. On June 5, 2024, a hacker named ‘Sp1d3r’ began selling a 3TB database allegedly containing 380 million Advance customer records, orders, transaction details, and other sensitive information. On June 19, Advance confirmed the breach via a Form 8-K filing, stating it only affected current and former employees and job applicants. The breach was part of a broader campaign targeting Snowflake accounts using stolen credentials, impacting several companies. Advance’s internal investigation revealed that the breach impacted 2,316,591 people, with unauthorized access lasting from mid-April to May 24, 2024. The stolen data includes full names, Social Security numbers (SSNs), driver’s licenses, and government ID numbers, primarily from job applicants. Affected individuals are offered 12 months of complimentary identity theft protection and credit monitoring services through Experian, with enrollment available until October 1, 2024. They are advised to be vigilant for unsolicited communications, monitor accounts closely, activate fraud alerts, and consider placing a credit freeze. The number of affected individuals reported by Advance is significantly lower than the 380 million records claimed by ‘Sp1d3r’. Samples of the stolen data suggest customer information may have been exposed, though it’s unclear if customer notifications will follow. BleepingComputer contacted Advance Auto Parts for clarification, but no comment was immediately available.
A Hacker Leaked Almost 10 Billion Passwords, Here’s how you can Stay Safe
A hacker has recently leaked an alarming 10 billion passwords, significantly heightening security risks for users effected. This breach, discovered on July 4, includes 9.94 billion passwords compiled in RockYou2024. This compilation merges data from RockYou2021, which had 8.4 billion passwords—many related to social media—with newer breaches and data cracked by the hacker. Additionally, the “Mother of All Breaches” includes 26 billion pieces of personal data. The RockYou2024 leak emphasizes the urgent need to bolster account security. If you haven’t updated passwords for accounts compromised in previous breaches, such as the Ticketmaster breach, or if you reuse passwords, you may be vulnerable to credential stuffing attacks. To enhance your security, adopt the following measures: use unique, random, and strong passwords for each account, and avoid easily guessed strings by opting for complex ones. Implement a password manager to handle and enter these complex passwords, choosing from dedicated managers or those included in antivirus suites, or built-in options from Apple, Google, and Microsoft. Additionally, activate two-factor authentication (2FA) where possible to add an extra security layer, using one-time passcodes generated by an app or hardware dongles for better protection. Consider upgrading to passkeys, which offer superior security compared to 2FA by being unique, not requiring memorization, and being immune to phishing. Passkeys are easier to manage and can be stored in many major password managers.
Contact the Cyber-Experts Today
Oftentimes, the most challenging aspect of staying safe online is keeping up with the constant developments affecting the cybersecurity world. Fortunately, the experts at SWK will do it for you. Contact us today and work with a team of cybersecurity professionals who will dedicate their attention to save you both time, money, and reputation by implementing preventative measures against hackers.