The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. Here are some cybersecurity predictions for 2024 to help security professionals. It is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.
Cybersecurity is an ever-evolving process that can never be ‘complete’ in the exact sense. The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. It is expected that 2024 again emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.
Five Cybersecurity Predictions for 2024
https://www.securityweek.com/five-cybersecurity-predictions-for-2024/
A Never-Ending Story: Compromised Credentials
Ransomware Attacks Continue to Wreak Havoc
Global Conflicts and Elections Lead to a Rise in Hacktivism
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
The Emergence of Next-Gen Security Awareness Programs
10 Global Cybersecurity Predictions for 2024
https://www.fticonsulting.com/insights/articles/10-global-cybersecurity-predictions-2024
Election Security Making Headlines
A Two-Sided Approach to Artificial Intelligence
Widespread Adoption of Zero-Trust Architecture
Cities Integrating IoT into Critical Infrastructure
Increasing Cybersecurity Supply Chain Risks
Third Party Scrutiny Taking Priority for Compliance Officers
The Start of Significant Fines From Australian Regulators
Corporate Responsibility Shifting to Individuals
Organizational Transparency Surrounding Cybersecurity
Emergence of Incentivized Cybersecurity
Experts Talk: Predicting the Cybersecurity Landscape in 2024
Spiceworks News & Insights brings you expert insights on what to expect in cybersecurity in 2024.
https://www.spiceworks.com/it-security/security-general/articles/cybersecurity-predictions-2024/
By investing in AI governance tools and developing complimentary guardrails, companies can avoid what may end up being the biggest misconception in 2024: the assumption that you can control the adoption of AI.
“In 2024, we can expect a surge in malicious AI-generated content.”
“Organizations’ inability to identify the lineage of AI will lead to an increase in software supply chain attacks in 2024,”
The integration of AI into the development process, particularly in the CI/CD pipeline, is crucial.
“Cyberattacks overall are expected to increase; ransomware groups are targeting vendors, government agencies, and critical infrastructure in the United States.”
How can AI help threat actors: “With the assistance of AI, particularly generative AI (GenAI) technology, attackers will be able to refine their techniques, increasing their speed and effectiveness. GenAI will allow criminal cyber groups to quickly fabricate convincing phishing emails and messages to gain initial access into an organization.”
“If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of cyber risks faced by the organization and able to communicate those risks to investors,”
“Third-party risk management is no longer an experiment; it’s an expectation,”
“We will see breaches related to Kubernetes in high-profile companies,”
API Security Trends and Projections for 2024
https://www.spiceworks.com/it-security/application-security/guest-article/api-security-trends-and-projections/
1. The pervasiveness of API vulnerabilities – These vulnerabilities in AAA, if exploited, can lead to major security breaches.
2. Limitations of standard frameworks – While foundational, traditional frameworks like the OWASP API Security Top-10 have limitations in addressing the dynamic nature of API threats.
3. Leak protection – The report highlighted the critical need for enhanced API leak protection, especially considering significant breaches at companies like Netflix and VMware.
4. Rising threats and strategic recommendations – The Wallarm report identified injections as the most pressing API threat, underscoring their likelihood of significant damage.
Gartner’s 8 Cybersecurity Predictions for 2023-2025
https://krontech.com/gartners-8-cybersecurity-predictions-for-2023-2025
By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships. Investors, especially venture capitalists, use cybersecurity risk as an important factor in evaluating opportunities.
1. By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
5. The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025.
6. By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
7. By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability.
8. By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.
Top 10 Cyber Security Trends And Predictions For 2024
https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024
Trend 1: Increased Focus on AI and Machine Learning in Cybersecurity
Trend 2: Growing Importance of IoT Security
Trend 3: Expansion of Remote Work and Cybersecurity Implications
Trend 4: The Rise of Quantum Computing and Its Impact on Cybersecurity
Trend 5: Evolution of Phishing Attacks
Trend 6: Enhanced Focus on Mobile Security
Trend 7: Zero Trust Security
Trend 8: Cybersecurity Skills Gap and Education
Trend 9: Blockchain and Cybersecurity
Trend 10: Cybersecurity Insurance Becoming Mainstream
6 Predictions About Cybersecurity Challenges In 2024
https://www.forbes.com/sites/edwardsegal/2023/12/09/6-predictions-about-cybersecurity-challenges-in-2024/?sh=172726819433
‘Uptick in Disruptive Hacktivism’
Election Interference
More Targeted Attacks
Fooling Users
Leveraging AI Tools
‘New Avenues For Cybercrime’
5 cybersecurity predictions for 2024
https://www.fastcompany.com/90997838/5-cybersecurity-predictions-for-2024
1. Advanced phishing
2. AI-powered scams
3. Increase in supply chain attacks
4. Deployment of malicious browser extensions
5. Changing demographics brings more threats
Top cybersecurity predictions of 2024
https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024
Adoption of passwordless authentication
Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications. Traditional methods like SMS-based MFA will decline in favor of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps.
Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits. However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.
Cybersecurity will be a higher priority for law firms
For nearly any law firm, part of the ‘big picture’ approach to cybersecurity includes an ability to scale detection and response capabilities.
Artificial intelligence and large language models
Phishing and BEC attacks are becoming more sophisticated because attackers are using personal information pulled from the Dark Web (stolen financial information, social security numbers, addresses, etc.), LinkedIn and other internet sources to create targeted personal profiles that are highly detailed and convincing. They also use trusted services such as Outlook.com or Gmail for greater credibility and legitimacy.
We should also expect the rise of 3D attacks, meaning not just text but also voice and video. This will be the new frontier of phishing. We are already seeing highly realistic deep fakes or video impersonations of celebrities and executive leadership.
I expect to see a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.
One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites — such as LinkedIn — to pull information on targets and create highly-personalized social engineering attacks en masse.
Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)”
With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.
Prioritize training
Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.
On the developer side, management will need to assess their identity management strategies to secure credentials from theft, either from a code repository hosted publicly or within internal applications and systems that have those credentials coded in. On the other hand, end users need to understand how to protect themselves from common targeted methods of attack, such as business email compromise, social engineering and phishing attacks.
Security teams need to prioritize collaboration with other departments within their organization to make internal security training more effective and impactful.
Humans Are Notoriously Bad at Assessing Risk
https://www.epanorama.net/newepa/2022/12/31/cyber-trends-for-2023/
We as humans, with our emotions, can sometimes be irrational and subjective. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.
Threat Intel: To Share or Not to Share is Not the Question
https://www.securityweek.com/threat-intel-to-share-or-not-to-share-is-not-the-question/
To share or not to share isn’t the question. It’s how to share, what to share, where and with whom. The sooner we arrive at answers, the safer we’ll be collectively and individually.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
https://www.securityweek.com/addressing-the-state-of-ais-impact-on-cyber-disinformation-misinformation/
The recent rapid rise of artificial intelligence continues to be a game-changer in many positive ways. Yet, within this revolution, a shadow looms. By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.
248 Comments
Tomi Engdahl says:
Cybersecurity Job Hunting May Come Down to Certifications
If current cybersecurity workers only fill 85% of the need in the US, why are so many people still looking for positions? The data from the private-public NIST partnership CyberSeek offers some insight.
https://www.darkreading.com/cybersecurity-careers/cybersecurity-jobs-gap-may-come-down-to-certifications-gap
Tomi Engdahl says:
How to Completely Disappear From the Internet
Want to mask your online identity and shield your data from those who wish to surveil you? Here are all the steps you should take.
https://uk.pcmag.com/security/8110/how-to-stay-anonymous-online
Tomi Engdahl says:
CISOs may be too reliant on EDR/XDR defenses
https://www.csoonline.com/article/2142372/cisos-may-be-too-reliant-on-edr-xdr-defenses.html
Tomi Engdahl says:
Firefox is on track to support Chrome’s new extensions in time for the death of Manifest V2
https://www.androidpolice.com/firefox-more-support-for-mv3-framework/
Tomi Engdahl says:
“You can go right back to 1976, when [Whitfield] Diffie and [Martin] Hellman were trying to publish the paper that introduced public key cryptography, which is the technique that allows us to have encrypted communication over the internet that works. There were intelligence services trying to prevent them.
‘Encryption is deeply threatening to power’: Meredith Whittaker of messaging app Signal
https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal?fbclid=IwZXh0bgNhZW0CMTEAAR1nN0jdthINAjDZre04IntgzboGrlaLj062w8c43XZIh5VXJNhLLMzhAws_aem_ZmFrZWR1bW15MTZieXRlcw
Tomi Engdahl says:
‘You cannot do mass surveillance privately, full stop’: Signal boss hits out at government encryption-busting moves
A ‘legitimate grievance’ with big tech firms is being used by police as a pretext to undermine privacy, Meredith Whittaker says
https://www.theguardian.com/technology/article/2024/jun/20/meredith-walker-signal-boss-government-encryption-laws
Tomi Engdahl says:
https://www.savelan.fi/palvelut/tietoturvakartoitus-yritykselle/
Tomi Engdahl says:
https://www.convergens.fi/fi/post/tietoturvavaatimukset-kasvavat
Tomi Engdahl says:
https://www.facebook.com/share/p/8bERpstv1Sg8Zt7W/
The impact of AI on vulnerability management has been substantial as the industry increasingly integrates AI into its practices. Traditional methods of vulnerability management, involving scanning, report generation, and remediation, are being supplanted by AI-driven solutions.
AI has been well-received in cybersecurity, where many vulnerabilities from diverse sources and scanners can be overwhelming. Previously, managing these vulnerabilities often led to internal tensions and conflicts within teams and with upper management.
AI’s value to vulnerability management lies in its capacity to process the influx of vulnerabilities and filter out non-relevant ones with remarkable efficiency. By evaluating vulnerabilities based on factors such as business criticality, network exposure, and data classification of the affected asset, AI facilitates the focus on the most critical vulnerabilities for remediation, saving significant time and resources.
Automation is another crucial aspect of AI in vulnerability management. For instance, AI can create tickets for specific teams in response to critical vulnerabilities causing compliance failures and convey notifications via platforms like WhatsApp.
Additionally, AI provides comprehensive reporting on remediation efforts, infection rates, and mean time to resolution (MTTR) and identifies teams with insufficient remediation efforts, aspects highly valued by management.
The emergence of new AI-integrated cybersecurity platforms renders traditional vulnerability management systems obsolete. Notably, Vodania by CyberSSS, a platform developed over eight years, fully embraces AI while emphasizing user simplicity over flashy but complex dashboards. This approach centers on simplifying the user experience and fortifying the backend.
The effect of AI on our organization has been notable. It has not only streamlined vulnerability management processes but also automated previously time-consuming tasks. Moreover, it has provided valuable insights for informed decision-making, marking a significant shift in our approach to vulnerability management.
What impact does AI have on your organization?
Tomi Engdahl says:
ChatGPT kiihdytti sähköpostikeskustelujen kaappauksia
https://etn.fi/index.php/13-news/16351-chatgpt-kiihdytti-saehkoepostikeskustelujen-kaappauksia
Pilvipohjaisia tietoturvaratkaisuja kehittävä Barracuda Networks on laatinut raportin, jossa tarkastellaan sähköposteihin liittyviä uhkia. Raportista käy ilmi, että viimeisten 12 kuukauden aikana yrityssähköpostin vaarantamiseen liittyvät hyökkäykset ovat lisääntyneet ja muodostavat nyt 10,6 prosenttia kaikista sähköpostipohjaisista social engineering -hyökkäyksistä eli käyttäjien manipuloinneista. Trendissä näkyy ChatGPT:n vaikutus.
Sähköpostikeskustelujen kaappaaminen on lisääntynyt 70 prosenttia vuodesta 2022, vaikka se on hyökkääjille resursseja vievä lähestymistapa. Yrityssähköpostin vaarantamiseen liittyvä BEC-hyökkäys (Business Email Compromise) on eräänlainen tietojenkalasteluhyökkäys, jossa tietoverkkorikollinen yhdistää erilaisia sosiaalisen manipuloinnin tekniikoita saadakseen uhrin toimimaan halutulla tavalla. Rikollinen voi esiintyy sähköpostissa esimerkiksi yrityksen johtajana saadakseen työntekijän, asiakkaan tai myyjän siirtämään rahaa väärälle tilille, maksamaan valelaskun tai luovuttamaan salaisia tietoja. Perinteiset tietojenkalastelu- eli phishing-hyökkäykset kohdistuvat yleensä suureen määrään työntekijöitä, kun taas BEC-hyökkäykset ovat hyvin kohdennettuja.
Tomi Engdahl says:
CISO Strategy
The Perilous Role of the CISO: Navigating Modern Minefields
As organizations grapple with the implications of cybersecurity on their bottom line and reputation, the question of whether the CISO role is worth the inherent risks looms large.
https://www.securityweek.com/the-perilous-role-of-the-ciso-navigating-modern-minefields/
In our current digital age, the Chief Information Security Officer (CISO) stands at the forefront of protecting their companies, customers, data, and even other stakeholders, from an increasingly hazardous threat environment. Once primarily focused on securing networks and systems, the CISO now contends with a myriad of challenges, from stringent regulatory requirements to heightened legal liabilities stemming from data breaches and compliance complexities. In fact, the pressures have mounted so much, it’s creating trepidation from some previously considering the career path.
“I am hearing more and more high-end security people ask the question, ‘Who would want that job?’ It’s a very good question,” said Robert Hansen, Managing Director of Grossman Ventures. “I’m not sure companies understand how imperiled CISOs are. If there’s a financial upside, I can understand the rationale, but I would caution newbie CISOs to get a very good attorney to review any new onboarding agreements and make absolutely sure there is as much indemnity built into those clauses as possible. And I would spend a lot more time looking into insurance products, that might help offset the risk. Because it’s a lot of risk.”
Tomi Engdahl says:
Artificial Intelligence
When Vendors Overstep – Identifying the AI You Don’t Need
AI models are nothing without vast data sets to train them and vendors will be increasingly tempted to harvest as much data as they can and answer any questions later.
https://www.securityweek.com/when-vendors-overstep-identifying-the-ai-you-dont-need/
Tomi Engdahl says:
Bloomberg:
How Sweden’s push to go cashless has left consumers and the country vulnerable to online fraud; value of fraudulent transactions has doubled since 2021
How the Dash to Ditch Paper Money Created a Playground for Criminals
https://www.bloomberg.com/news/articles/2024-06-21/sweden-led-europe-s-move-to-cashless-economy-now-it-faces-soaring-fraud
Sweden has led the way in Europe in going cashless, but fast and easy digital commerce have left consumers and the state vulnerable to fraud.
Tomi Engdahl says:
Alright, imagine you have two superheroes that help protect your computer and keep it safe from bad guys on the internet. Let’s meet them: VPN and Firewall!
Firewall: This superhero is like a strong gatekeeper standing at the door of your computer. Its job is to decide who can come in and who can’t. It checks all the messages and data that try to get into your computer from the internet. If it sees something suspicious or dangerous, it blocks it from getting in. So, it’s like a security guard for your computer, keeping out the bad stuff.
VPN (Virtual Private Network): Now, this superhero is like a secret tunnel between your computer and the internet. When you use a VPN, it hides your computer’s real location and makes it look like you’re somewhere else. It’s like wearing an invisibility cloak! This helps protect your privacy because no one can see where you are or what you’re doing online. So, if there are bad guys trying to spy on you, they can’t see your information because it’s all hidden and safe in this secret tunnel.
How They Work Together to Protect You:
The Firewall stands guard at your computer’s door, making sure only safe things come in and keeping the bad stuff out.
The VPN creates a hidden path for your internet activity, making sure your location and what you’re doing online are secret and safe.
So, these two superheroes work together to keep you and your computer safe from the tricky things that might try to harm you when you’re online
Tomi Engdahl says:
Modular trojan deployed via SQL injection attacks
https://www.scmagazine.com/brief/modular-trojan-deployed-via-sql-injection-attacks
Tomi Engdahl says:
https://www.hopkins.fi/artikkelit/kyberhyokkaykset-ja-verkkokaupan-markkinointi-oletko-varautunut/
Tomi Engdahl says:
Multifactor Authentication Is Not Enough to Protect Cloud Data
Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.
https://www.darkreading.com/cloud-security/multi-factor-authentication-not-enough-to-protect-cloud-data
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/06/27/suomalaisille-tulossa-uusi-eu-identiteettilompakko/
Digi- ja väestötietovirasto rakentaa suomalaisten käyttöön Euroopan laajuisen digitaalisen identiteettilompakon, jonka avulla voidaan hoitaa lupa-asioita koko EU-alueella. Älypuhelimella toimiva tunnistuspalvelu on tulossa suomalaisten ja Suomessa asuvien käyttöön jo lähivuosina.
Tomi Engdahl says:
CISO Strategy
Inside the Mind of a CISO: Survey and Analysis
Inside the Mind of a CISO 2024 is a survey of 209 security leaders to understand the thinking and operational methods and motivations of CISOs.
https://www.securityweek.com/inside-the-mind-of-a-ciso-survey-and-analysis/
Tomi Engdahl says:
US, Allies Warn of Memory Unsafety Risks in Open Source Software
Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn.
https://www.securityweek.com/us-allies-warn-of-memory-unsafety-risks-in-open-source-software/
Tomi Engdahl says:
https://partner.microsoft.com/fi-FI/asset/collection/network-and-information-security-2-directive-series?OCID=AID2200904_PSOC_FBPAGE_sprinklr_AUD651d93bc68bbbf4021632030_SPL651d93bc68bbbf4021632039&fbclid=IwAR27CnIPmUcqFyTW4B0yMuuyj1zZd7_-kywRt66YRRqr1PQKJTP7XsG1GzI_aem_vT15nZJqgVQQ4GRDvPG6qg&utm_medium=paid&utm_source=fb&utm_id=120212540023570002&utm_content=120212540029810002&utm_term=120212540023830002&utm_campaign=120212540023570002#/?%3Fwt.mc_id=4rkhdgprwp
Tomi Engdahl says:
https://notquiterandom.com/2024/06/25/how-running-a-bbs-shaped-my-path-in-information-security/
Tomi Engdahl says:
Gitleaks: Open-source solution for detecting secrets in your code
Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories
https://www.helpnetsecurity.com/2024/06/27/gitleaks-open-source-solution-detecting-secrets-in-code/
Tomi Engdahl says:
Näin torjut tietojen kalastelua mobiiliverkossa
https://yrityksille.elisa.fi/ideat/nain-torjut-tietojen-kalastelua-mobiiliverkossa/
Tomi Engdahl says:
We analysed the entire web and found a cybersecurity threat lurking in plain sight
https://theconversation.com/we-analysed-the-entire-web-and-found-a-cybersecurity-threat-lurking-in-plain-sight-233240
Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these “hijackable hyperlinks” and have found them by the millions across the whole of the web, including on trusted websites.
Our paper, published at the 2024 Web Conference, shows that cybersecurity threats on the web can be exploited at a drastically greater scale than previously thought.
Concerningly, we found these hijackable hyperlinks on the websites of large companies, religious organisations, financial firms and even governments. The hyperlinks on these websites can be hijacked without triggering any alarms. Only vigilant – some might say paranoid – users would avoid falling into these traps.
If we were able to find these vulnerabilities across the web, so can others. Here’s what you need to know.
For example, a programmer making a link to theconversation.com might accidentally link to tehconversation.com – note the misspelling. If the mistyped domain has never been purchased, someone could come along and buy that phantom domain for around A$10, hijacking the inbound traffic. In these cases, the price of programmers’ mistakes is paid by the users.
These programmer linking errors don’t just risk directing users to phishing or spoofing sites. Hijacked traffic can be directed towards a range of traps, including malicious scripts, misinformation, offensive content, viruses and any other hacks the future will bring.
Over half a million phantom domains
Using high-performance computing clusters, we processed the whole browsable web for these vulnerabilities. At a scale never seen in research, in total we analysed over 10,000 hard drives’ worth of data.
Tomi Engdahl says:
A Guide to Protecting Against IoT Cyber Attacks
https://maker.pro/mouser/a-guide-to-protecting-against-iot-cyber-attacks
Tomi Engdahl says:
Windows: Insecure by design
Get your hands off my computer, Microsoft!
https://www.theregister.com/2024/06/28/windows_insecure_by_design/
Tomi Engdahl says:
Your data could be leaked in five years – here’s why
Features
By Olivia PowellContributions from Catherine Hiley published 2 days ago
Why the rise of quantum computers could end encryption as we know it
https://www.tomsguide.com/computing/vpns/your-data-could-be-leaked-in-five-years-heres-why
Tomi Engdahl says:
Hacker Conversations
Hacker Conversations: Chris Evans, Hacker and CISO
https://www.securityweek.com/hacker-conversations-chris-evans-hacker-and-ciso/
Chris Evans, CISO and chief hacking officer at HackerOne, challenges the common perception of both hackers and their motivation.
Tomi Engdahl says:
Tämä asia kannattaa ottaa puhelimestasi talteen ennen kuin lähdet lomareissuun
Puhelimen kadottaminen ulkomailla edellyttää nopeita toimenpiteitä.
https://www.is.fi/digitoday/mobiili/art-2000010520780.html
Tomi Engdahl says:
Cyberinsurance Premiums are Going Down: Here’s Why and What to Expect
The change in premium rates is more likely to be the insurers’ correction than the insureds’ improvement in security.
https://www.securityweek.com/cyberinsurance-premiums-are-going-down-heres-why-and-what-to-expect/
Cyberinsurance Premiums
Cyberinsurance is getting cheaper, with premiums falling around 15% since they peaked in 2022. Commenting on a report from broker Howden, Reuters suggests business has become more adept in curbing losses from cybercrime.
“Added security such as multifactor authentication has helped to protect companies’ data, reducing insurance claims,” writes Reuters on July 1, 2024. It would be good if this were true, but most things are usually more complex than they first appear.
Cyberinsurance premiums increased rapidly in 2021 and 2022. The insurers got their sums wrong through an insufficient understanding of the cybercrime market. They were forced to redefine a cyberwar exclusion clause, increase denials and exclusions, and hike premiums. Now premiums are declining again.
“Fewer companies are willing to invest a considerable amount of money in cyberinsurance after a bad experience when insurance coverage was denied for various reasons and contractual clauses subtly incorporated into the insurance agreement,” comments Ilia Kolochenko, partner & cybersecurity practice lead at Platt Law LLP, and CEO at ImmuniWeb.
Tomi Engdahl says:
From the SOC to Everyday Success: Data-Driven Life Lessons from a Security Analyst
By taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results.
https://www.securityweek.com/from-the-soc-to-everyday-success-data-driven-life-lessons-from-a-security-analyst/
Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. In this piece, I’d like to take the opposite approach. I’d like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers (SOCs) and apply them to life. My reason for this is simple. I believe that as security professionals, the healthier and happier we are, the better able we are to protect our respective organizations.
In particular, I’d like to focus on the strong data-driven approach adopted by the teams I was fortunate enough to be a part of. I think that the timing is particularly good. Why? Unfortunately, it seems that we as a society are slowly losing our respect for truth and facts, and at the same time, we seem to be becoming aware of an epidemic of narcissism that is well underway. That lies and opinions are so readily accepted as truth is extremely dangerous. More troubling still are the behaviors and actions that are justified based upon them.
1. Don’t assume: Some of my biggest mistakes as a security analyst came when I made assumptions, rather than drawing conclusions only when the data supported those conclusions.
2. Obtain visibility: Making decisions based on data and evidence is important. So is the ability to collect that data in an unbiased fashion. In security operations, we often triangulate, comparing application logging, network data, and endpoint data (among other sources).
3. Use the data: Once we have collected the requisite data, we need to use it – correctly. In security, this involves logic, algorithms, and analysis. If we ensure that we do so in an unbiased manner, and that we don’t allow emotions or feelings to cloud our judgment, we will arrive at better results and decisions than if we do.
4. Document: Relatively early in my career, I worked for a manager who often reminded us that “if it isn’t written down, it didn’t happen.” With each year that passes, I see more and more how right he was.
5. Tell the whole story: In security, telling the whole story is important. While it might be tempting to cover up an incident, tell part of the story in an incident report, feed management half-truths, and report biased statistics, it is never wise.
Tomi Engdahl says:
Benjamin Taubman / Bloomberg:
TRM: cryptocurrency stolen through hacks grew 110% YoY to $1.38B in H1 2024; five large attacks accounted for 70% of all the crypto that was stolen — – Attack on Japanese exchange DMM Bitcoin was biggest in 2024 — Amount is still below the record 2022 level, TRM says
Crypto Stolen by Hackers Doubles to $1.38 Billion In First Half of This Year
https://www.bloomberg.com/news/articles/2024-07-05/crypto-stolen-by-hackers-doubles-to-1-38-billion-in-first-half-of-this-year
Attack on Japanese exchange DMM Bitcoin was biggest in 2024
Amount is still below the record 2022 level, TRM says
Tomi Engdahl says:
Bloomberg:
Sources: the EU plans to issue a formal warning to X over its failure to combat dangerous content under the DSA; X could face fines of 6% of its global revenue
Musk’s X Risks Fine as EU Steps Up Crackdown on Big Tech
https://www.bloomberg.com/news/articles/2024-07-04/musk-s-x-to-get-final-eu-warning-over-dangerous-content
EU poised to issue preliminary findings over dangerous content
Digital Services Act breaches risk penalties of 6% of revenue
Tomi Engdahl says:
How to Fix a Dysfunctional Security Culture
Moving from a state of indifference about security to a place where users actively champion it can be transformed through a focused effort.
https://www.securityweek.com/how-to-fix-a-dysfunctional-security-culture/
There’s an old business saying that goes: “Culture eats strategy for breakfast,” that’s often attributed to Peter Drucker. While it is debatable whether he said it or not, the sentiment is clear—without a strong culture, organizations will be unable to execute on their strategies.
Culture underpins everything an organization does—and how it gets things done. While culture is a term often referred to the organization as a whole, there are also cultures (or subcultures) within organizations related to business practices—like security. At my company, we define a security culture as the ideas, customs, and social behaviors of a group that influence its security.
The Hallmarks of a Security Culture
Culture shifts over time. A positive security culture will grow from basic compliance to a sustainable and well-integrated one that drives secure behaviors and prevents breaches.
But cultures can also become toxic or dysfunctional, working at cross purposes with the desired values and goals of the organization.
Tomi Engdahl says:
Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit
https://www.securityweek.com/mandiant-highlights-russian-and-chinese-cyber-threats-to-nato-on-eve-of-75th-anniversary-summit/
On the eve of NATO’s 75th anniversary summit in Washington DC, Mandiant outlines the current state of cyberthreats facing NATO and aligned countries.
Cyber threats directed against NATO and its member states have increased with the war in Ukraine, but the aggressors are not limited to Russia. NATO technologies and defense secrets are a prize target for any state not directly aligned with NATO or NATO-sympathetic nations.
John Hultquist, chief analyst at Mandiant Intelligence has collated the primary cyber threats facing NATO ahead of its Washington DC summit from July 9, 2024, to July 11, 2024 (coinciding with NATO’s 75th anniversary).
The primary adversaries are Russian and Chinese nation state actors, escalating financially motivated criminal activity, and ideologically driven hacktivists. The primary political motivations are cyber espionage, and hybrid warfare (spreading disinformation and attacking civil society to weaken public resolve and support).
Hultquist highlights three Russian state actors: APT29 (focusing on intelligence collection), COLDRIVER (focused on disinformation), and APT44 (formerly known as Sandworm, and focused on disruptive cyberattacks).
APT29
APT29 is believed to be associated with the Russian Foreign Intelligence Services (SVR). During the past year it has been targeting technology companies and IT service providers to initiate supply chain access to government and policy organizations.
COLDRIVER
COLDRIVER is an actor linked to Russia’s domestic intelligence agency, the Federal Security Service (FSB). This actor uses credential phishing against high profile politically relevant targets. “Information stolen by COLDRIVER was leaked in 2022 in an effort to exacerbate Brexit-related political divisions in UK politics,” writes Hultquist. The actor primarily targets NATO countries and Ukraine with the purpose of sowing discord among the citizens.
APT44
APT44 is tied to Russian military intelligence, and is generally considered to be the disruptive arm of Russian state cyber. It was involved in the NotPetya and Pyeongchang Olympic games attacks, and blackouts in Ukraine. More recently, in October 2022, it is believed to be behind Prestige ransomware attacks against Poland and Ukraine.
Chinese espionage
Chinese activity has transitioned from loud, easily attributable attacks to a greater focus on stealth. “Technical investments have amplified the challenge to defenders and bolstered successful campaigns against government, military, and economic targets in NATO member states,” says Hultquist.
There is now a focus on using zero-day vulnerabilities to compromise edge devices. In 2023, 12 zero-days were used, many targeting security products at the network edge.
Disinformation
Disinformation campaigns continue, especially in a major year of western elections.
Prigozhin’s information operations have survived his death, although less effectively. “The narratives propagated by these operations call for NATO’s dismantlement and imply that the Alliance is a source of global instability,” comments Hultquist.
Ghostwriter, at least partially linked to Belarus, has been targeting Belarus’ neighboring NATO states
Hacktivism and ransomware
Hacktivism never went away but has certainly grown with the war in Ukraine. By its nature, it is difficult to tie hacktivism to specific nation states, but it can often be tied to political ideologies. KillNet, for example, is pro-Russia; the IT Army of Ukraine is anti-Russia.
Ransomware is a favored financially motivated tool of cybercriminals. While it is primarily used by criminals, it is also used by North Korea and has been used by Russian state actors. However, whatever the motivation, the effect is similar: disruption to companies and services, and concern to customers – which is particularly concerning to patients.
Geopolitical cyber activity has undoubtedly increased with the Ukraine war, and is now largely focused against NATO and western alliance counties. “NATO must rely on collaboration with the private sector in the same way it draws on the strength of its constituent members,” says Hultquist. “Furthermore, it must harness its greatest advantage against cyber threats–the technological capability of the private sector–to seize the initiative in cyberspace from NATO’s adversaries.”
Tomi Engdahl says:
It’s Time to Reassess Your Cybersecurity Priorities
https://www.securityweek.com/its-time-to-reassess-your-cybersecurity-priorities/
A cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack.
Tomi Engdahl says:
Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge?
https://www.securityweek.com/can-ai-be-meaningfully-regulated-or-is-regulation-a-deceitful-fudge/
Few people understand AI, nor how to use nor control it, nor where it is going. Yet politicians wish to regulate it.
Tomi Engdahl says:
Lauren Feiner / The Verge:
How the SCOTUS NetChoice ruling on social media platforms’ First Amendment rights could affect a host of tech legislation, including kids’ online safety laws — Here’s what the SCOTUS decision might mean for everything from kids online safety laws to the TikTok ‘ban.’
The aftermath of the Supreme Court’s NetChoice ruling
Here’s what the SCOTUS decision might mean for everything from kids online safety laws to the TikTok ‘ban.’
https://www.theverge.com/24195235/scotus-netchoice-kosa-kids-safety-age-verification-tiktok-ban
Last week’s Supreme Court decision in the NetChoice cases was overshadowed by a ruling on presidential immunity in Trump v. US that came down only minutes later. But whether or not America even noticed NetChoice happen, the decision is poised to affect a host of tech legislation still brewing on Capitol Hill and in state legislatures, as well as lawsuits that are percolating through the system. This includes the pending First Amendment challenge to the TikTok “ban” bill, as well as a First Amendment case about a Texas age verification law that the Supreme Court took up only a day after its NetChoice decision.
The NetChoice decision states that tech platforms can exercise their First Amendment rights through their content moderation decisions and how they choose to display content on their services — a strong statement that has clear ramifications for any laws that attempt to regulate platforms’ algorithms in the name of kids online safety and even on a pending lawsuit seeking to block a law that could ban TikTok from the US.
“When the platforms use their Standards and Guidelines to decide which third-party content those feeds will display, or how the display will be ordered and organized, they are making expressive choices,” Justice Elena Kagan wrote in the majority opinion, referring to Facebook’s News Feed and YouTube’s homepage. “And because that is true, they receive First Amendment protection.”
NetChoice isn’t a radical upheaval of existing First Amendment law, but until last week, there was no Supreme Court opinion that applied that existing framework to social media platforms. The justices didn’t rule on the merits of the cases, concluding, instead, that the lower courts hadn’t completed the necessary analysis for the kind of First Amendment challenge that had been brought. But the decision still provides significant guidance to the lower courts on how to apply First Amendment precedent to social media and content moderation. “The Fifth Circuit was wrong in concluding that Texas’s restrictions on the platforms’ selection, ordering, and labeling of third-party posts do not interfere with expression,” Kagan wrote of the appeals court that upheld Texas’ law seeking to prevent platforms from discriminating against content on the basis of viewpoint.
The decision is a revealing look at how the majority of justices view the First Amendment rights of social media companies — something that’s at issue in everything from kids online safety bills to the TikTok “ban.”
Wider impact of the decision
One recently signed law that may need to contend with the ruling is New York’s Stop Addictive Feeds Exploitation (SAFE) for Kids Act, which requires parental consent for social media companies to use “addictive feeds” on minors. The NetChoice ruling calls into question how far legislatures can go in regulating algorithms — that is, software programmed to surface or deprioritize different pieces of information to different users.
A footnote in the majority opinion says the Court does “not deal here with feeds whose algorithms respond solely to how users act online — giving them the content they appear to want, without any regard to independent content standards.” The note is almost academic in nature — platforms usually take into account many different variables beyond user behavior, and separating those variables from each other is not a straightforward matter.
“The Supreme Court made it pretty clear, curation is absolutely protected.”
Miers said the same analysis would apply to other state efforts, like California’s Age Appropriate Design Code, which a district court agreed to block with a preliminary injunction, and the state has appealed. That law required platforms likely to be used by kids to consider their best interests and default to strong privacy and safety settings. Industry group NetChoice, which also brought the cases at issue in the Supreme Court, argued in its 2022 complaint against California’s law that it would interfere with platforms’ own editorial judgments.
“To the extent that any of these state laws touch the expressive capabilities of these services, those state laws have an immense uphill battle, and a likely insurmountable First Amendment hurdle as well,” Miers said.
The new Supreme Court decision also raises questions about the future of the Kids Online Safety Act (KOSA), a similar piece of legislation at the federal level that’s gained significant steam. KOSA seeks to create a duty of care for tech platforms serving young users and allows them to opt out of algorithmic recommendations. “Now with the NetChoice cases, you have this question as to whether KOSA touches any of the expressive aspects of these services,”
Supporters of these kinds of bills may point to language in some of the concurring opinions (namely ones written by Justices Amy Coney Barrett and Samuel Alito) positing scenarios where certain AI-driven decisions do not reflect the preferences of the people who made the services. But Miers said she believes that kind of situation likely doesn’t exist.
David Greene, civil liberties director at the Electronic Frontier Foundation, said that the NetChoice decision shows that platforms’ curation decisions are “First Amendment protected speech, and it’s very, very difficult — if not impossible — for a state to regulate that process.”
“What the Court has not done today is say, ‘states cannot regulate when it comes to content moderation,’” Hans said. “It has set out some principles as to what might be constitutional versus not. But those principles are not binding.”
There are a couple different kinds of approaches the court seems open to, according to experts.
Still, the areas the justices left open to potential regulation might be tricky to get right. For example, the justices seem to maintain the possibility that regulation targeting algorithms that only take into account users’ preferences could survive First Amendment challenges. But Miers says that “when you read the court opinion and they start detailing what is considered expression,” it becomes increasingly difficult to think of a single internet service that doesn’t fall into one of “the expressive capabilities or categories the court discusses throughout.” What initially seems like a loophole might actually be a null set.
Implications for the TikTok ‘ban’
Justice Barrett included what seemed to be a lightly veiled comment about TikTok’s challenge to a law seeking to ban it unless it divests from its Chinese parent company. In her concurring opinion, Barrett wrote, without naming names, that “a social-media platform’s foreign ownership and control over its content moderation decisions might affect whether laws overriding those decisions trigger First Amendment scrutiny.” That’s because “foreign persons and corporations located abroad” do not have First Amendment rights like US corporations do, she said.
Experts predicted the US government would cite Justice Barrett’s opinion in their litigation against TikTok, though cautioned that the statement of one justice does not necessarily reflect a broader sentiment on the Court.
Barrett’s concurrence notwithstanding, TikTok has also notched a potentially useful ammunition in NetChoice.
“I’d be feeling pretty good if I were them today,” Greene said of TikTok. “The overwhelming message from the NetChoice opinions is that content moderation is speech protected by the First Amendment, and that’s the most important holding to TikTok and to all the social media companies.”
Still, Netchoice “does not resolve the TikTok case,” said NYU’s Barrett. TikTok’s own legal challenge implicates national security, a matter in which courts tend to defer to the government.
“The idea that there are First Amendment rights for the platforms is helpful for TikTok,” Hans said. “If I’m TikTok, I’m mostly satisfied, maybe a little concerned, but you rarely get slam dunks.”
Tomi Engdahl says:
Sarah Perez / TechCrunch:
An international study of 642 websites and mobile apps offering subscription services finds ~76% with at least one possible dark pattern and ~67% with multiple — The U.S. Federal Trade Commission, along with two other international consumer protection networks, announced on Thursday …
FTC study finds ‘dark patterns’ used by a majority of subscription apps and websites
https://techcrunch.com/2024/07/10/ftc-study-finds-dark-patterns-used-by-a-majority-of-subscription-apps-and-websites/
The U.S. Federal Trade Commission (FTC), along with two other international consumer protection networks, announced on Thursday the results of a study into the use of “dark patterns” — or manipulative design techniques — that can put users’ privacy at risk or push them to buy products or services or take other actions they otherwise wouldn’t have. In an analysis of 642 websites and apps offering subscription services, the study found that the majority (nearly 76%) used at least one dark pattern and nearly 67% used more than one.
Dark patterns refer to a range of design techniques that can subtly encourage users to take some sort of action or put their privacy at risk. They’re particularly popular among subscription websites and apps and have been an area of focus for the FTC in previous years. For instance, the FTC sued dating app giant Match for fraudulent practices, which included making it difficult to cancel a subscription through its use of dark patterns.
The release of the new report could signal that the FTC is planning to pay increased attention to this type of consumer fraud.
Sneaking was among the most common dark patterns encountered in the study, referring to the inability to turn off the auto-renewal of subscriptions during the sign-up and purchase process. Eighty-one percent of sites and apps studied used this technique to ensure their subscriptions were renewed automatically. In 70% of cases, the subscription providers didn’t provide information on how to cancel a subscription, and 67% failed to provide the date by which a consumer needed to cancel in order to not be charged again.
Social proof, meanwhile, uses the power of the crowd to influence a consumer, usually to make a purchase, by displaying metrics related to some sort of activity. This is particularly popular in the e-commerce industry, where a company will display how many others are browsing the same product or adding it to their cart. For subscription apps, social proof may be used to push users to enroll in the subscription by showing how many others are doing the same.
The study found that 21.5% of websites and apps they examined had used notifications and other forms of social proof to push consumers toward enrolling in a subscription.
Sites can also try to instill a sense of urgency to get consumers to buy. This is something seen regularly on Amazon and other e-commerce sites, where people are alerted to low stock, prompting them to check out quickly, but may be less commonly used to sell subscriptions.
Interface interference is a broad category that refers to ways the app or website is designed to push the consumer to make a decision that’s favorable for a business. This could include things like pre-selecting items, like longer or more expensive subscriptions — as 22.5% of those studied did — or using a “false hierarchy” to visually present more favorable options for the business more prominently. The latter was used by 38.3% of businesses in the study.
Interface interference could also involve something the study referred to as “confirmshaming” — meaning using language to evoke an emotion to manipulate the consumer’s decision-making process, like “I don’t want to miss out, subscribe me!”
The study was conducted from January 29 through February 2 as part of the International Consumer Protection and Enforcement Network’s (ICPEN) annual review, and included 642 websites and apps offering subscriptions.
This isn’t the first time the FTC has examined the use of dark patterns. In 2022, it also authored a report that detailed a range of dark patterns, but that wasn’t limited to only subscription websites and apps. Instead, the older report looked at dark patterns across industries, including e-commerce and children’s apps, as well as different types of dark patterns, like those used in cookie consent banners and more.
Tomi Engdahl says:
Home routing and encryption technologies are making lawful interception harder, Europol warns
Criminals are exploiting the home routing loophole
https://www.techspot.com/news/103717-home-routing-encryption-technologies-making-lawful-interception-harder.html
IN CONTEXT: Thanks to home routing, internet service providers can continue managing users’ communications while they are traveling abroad. Calls, messages, and data are processed through a user’s home network rather than the local network of the country they are visiting.
Home routing is a useful technical solution for travelers interested in seamless internet access through their domestic provider. Users can also enjoy enhanced security if the provider has enabled Privacy Enhancing Technologies (PET) such as encryption. However, according to Europol, PET-enabled home routing is making its law enforcement duties much harder than they were before
The law enforcement agency published a new paper on home routing, sounding the alarm about the challenge posed by PET and home routing for “lawful interception of information in the context of law enforcement and judicial investigations.” Europol says it cannot carry out its duties anymore, as the agency’s ability to protect European citizens and lead criminal investigations is significantly hindered.
When a suspect uses a foreign SIM card where home routing is deployed and PET is enabled, Europol explains, communications can no longer be intercepted and monitored. The problem occurs for both foreign citizens using their own SIM card in another country and citizens using a foreign SIM card in their own country.
When encryption is used at the service level, Europol explains, session-based encryption keys are exchanged between the service provider and the client within the user’s home network. This way, the “visiting network” providing actual network access can no longer access these keys, and data cannot be retrieved.
Criminals are seemingly well aware of home routing and PET’s ability to shield unlawful communications from Europol’s watchful eye, the EU agency states. Cooperation between a service provider and a foreign (EU) nation could theoretically provide Europol with a way to intercept this traffic.
Enforcing national intercept orders is out of the question, as they cannot possibly work across borders. Meanwhile, a European Investigation Order can take up to 120 days to get a reply.
The provider would be forced to “execute an interception order for an individual using a SIM card from another country,” Europol explains. No target information is exchanged with a foreign country.
Tomi Engdahl says:
Threat Prevention & Detection in SaaS Environments – 101
https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and insider threats, and it becomes quite clear that identity is a primary attack vector.
To make matters worse, it’s not just human accounts that are being targeted. Threat actors are also hijacking non-human identities, including service accounts and OAuth authorizations, and riding them deep into SaaS applications.
When threat actors get through the initial defenses, having a robust Identity Threat Detection and Response (ITDR) system in place as an integral part of Identity Security can prevent massive breaches. Last month’s Snowflake breach is a perfect example. Threat actors took advantage of single-factor authentication to access the account. Once inside, the company lacked any meaningful threat detection capability, which enabled the threat actors to exfiltrate over 560 million customer records.
How ITDR Works#
ITDR combines several elements to detect SaaS threats. It monitors events from across the SaaS stack, and uses login information, device data, and user behavior to identify behavioral anomalies that indicate a threat. Each anomaly is considered an indicator of compromise (IOC), and when those IOCs reach a predefined threshold, the ITDR triggers an alert.
For example, if an admin downloads an unusual amount of data, ITDR would consider that to be an IOC. However, if the downloading takes place in the middle of the night or is on an unusual computer, the combination of those IOCs may rise to be considered a threat.
Tomi Engdahl says:
Europol says mobile roaming tech is making its job too hard
Privacy measures apparently helping criminals evade capture
https://www.theregister.com/2024/07/05/europol_home_routing_complaint/
Top Eurocops are appealing for help from lawmakers to undermine a privacy-enhancing technology (PET) they say is hampering criminal investigations – and it’s not end-to-end encryption this time. Not exactly.
Europol published a position paper today highlighting its concerns around SMS home routing – the technology that allows telcos to continue offering their services when customers visit another country.
Most modern mobile phone users are tied to a network with roaming arrangements in other countries. EE customers in the UK will connect to either Telefónica or Xfera when they land in Spain, or T-Mobile in Croatia, for example.
Tomi Engdahl says:
A CISO’s Guide to Avoiding Jail After a Breach
Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach
Tomi Engdahl says:
Nearly every flight in the U.S. is grounded right now following a CrowdStrike system update error that’s affecting everything from travel to mobile ordering at Starbucks — but not Southwest Airlines flights. Southwest is still flying high, unaffected by the outage that’s plaguing the world today, and that’s apparently because it’s using Windows 3.1.
Yes, Windows 3.1 — an operating system that is 32 years old. Southwest, along with UPS and FedEx, haven’t had any issues with the CrowdStrike outage. In responses to CNN, Delta, American, Spirit, Frontier, United, and Allegiant all said they were having issues, but Southwest told the outlet that its operations are going off without a hitch.
https://www.yahoo.com/tech/windows-version-1992-saving-southwest-171922788.html?guce_referrer=YW5kcm9pZC1hcHA6Ly9jb20uZ29vZ2xlLmFuZHJvaWQuZ29vZ2xlcXVpY2tzZWFyY2hib3gv&guce_referrer_sig=AQAAADybw7Ns31w9DzcQNzu1DuY8mcPZ-QD4D1W8sVa142KzBiO7UsLkxNNUp5shJ2rZW-egUobi6lJWcHofRIlliNGWuPvEIabuCnqcKKsaq10A9p4V4jB5O3gqXwQJNLYmvv4nRhseHBYmwwgRqJ6Jdb4SY8wV0WK9y6FzIv7Vj1LP&guccounter=2
Tomi Engdahl says:
Crowdstrike released bad drivers, Windows doesn’t have proper error handling for exceptions caused by drivers (e.g. disabling them).
In a world where most of infosec relies on ring0 access, I’d still say the largest fault is on Microsoft
Tomi Engdahl says:
The first news claim that Microsoft had issues was not completely baseless. It was Microsoft Windows OS that showed the system crash screen and Microsoft 365 had an outage at the time. The actual reason that caused Windows to crash was that Crowdstrike released a broken driver configuration file update that crashed the driver causing Windows 11 to crash.
I would not call the original news reports as fake news or baseless. They reported what happened, but had not yet found the root cause.
The stock of both Microsoft and Crowdstrike stock tanked because of what happened and how they handled the situation, not because of baseless news reporting.
…crazy how news that reveal weaknesses of tech companies products and services affect their stock price
Tomi Engdahl says:
https://www.euronews.com/business/2024/07/19/microsoft-and-crowdstrike-shares-fall-pre-market-trading-as-it-outage-hits