Spanish Police arrested three individuals on July 20, 2024, who are suspected of participating in a series of cyberattacks targeting critical infrastructure and government institutions in Spain and other NATO countries. The detainees are believed to be affiliated with the hacktivist group NoName057(16), known for its show more ...
pro-Russian ideology and launching DDoS attacks against entities supporting Ukraine in the ongoing conflict. The arrests come amidst heightened concerns about cyberwarfare as tensions escalate between Russia and the West. An article in Reuters quoted a statement by the Spanish Civil Guard which said that the attacks orchestrated by NoName057(16) specifically targeted public institutions and companies in strategic sectors within NATO countries that have offered aid to Ukraine. Details of NoName Hackers’ Arrest The operation, led by the Spanish Civil Guard, apprehended the suspects in Mallorca, Huelva, and Seville. Searches conducted at their residences yielded computer equipment and documents potentially linked to the cyberattacks. Notably, Spanish police released a video on its social media platform X of a raid at the home of one of the suspects in which a Soviet-era hammer and sickle flag was mounted on a wall, further hinting at their alleged pro-Russian affiliation. [caption id="attachment_82995" align="alignnone" width="762"] Source: X[/caption] Investigations suggest that NoName057(16) primarily employs Distributed Denial-of-Service (DDoS) attacks. DDoS attacks aim to overwhelm websites or online services with a flood of junk traffic, rendering them inaccessible to legitimate users. While the specific impact of these attacks remains under investigation, they likely caused disruptions to targeted institutions and potentially hampered their operations. The group's manifesto, referenced by Spanish authorities, reportedly outlines their objective of retaliating against "hostile and openly anti-Russian actions by Western Russophobes." Inglorious Past of NoName057(16) NoName057(16) emerged shortly after Russia's invasion of Ukraine and has since been linked to cyberattacks against various NATO members, including Poland. In January 2024, NoName057(16) claimed responsibility for a wave of DDoS attacks targeting Swiss government websites on the eve of a summit aimed at facilitating peace talks between Russia and Ukraine. The targeted websites included those belonging to the federal government and organizations involved in the peace process. [caption id="attachment_82997" align="aligncenter" width="529"] One of the organizations targeted by NoName in Spain. (Source: X)[/caption] Polish cybersecurity firms have also documented a surge in cyberattacks originating from suspected pro-Russian actors. A recent report by Check Point Software Technologies revealed that Polish entities face an average of nearly 1,430 cyberattacks per week. The study further identified NoName057(16) as the most prolific pro-Russian group targeting Polish infrastructure, with past attacks directed at Polish Radio, Gdynia Port, and government websites. The arrests in Spain mark a significant development in efforts to counter cyberattacks potentially linked to the ongoing conflict in Ukraine. The investigation into the activities of NoName057(16) is ongoing, with Spanish authorities collaborating with a specialized prosecutor's office to uncover the full extent of the group's operations and identify additional individuals involved. The full extent of the damage caused by NoName057(16) remains under investigation. However, the disruption of essential services, even for a short period, can have significant consequences. Hospitals, power grids, and communication networks rely heavily on functioning IT infrastructure. DDoS attacks can disrupt healthcare services, hinder emergency response efforts, and cause economic losses. The use of a homemade DDoS program called DDoSia by NoName057(16) raises concerns about the potential for these attacks to become more accessible to non-state actors. Cybersecurity experts urge governments and businesses to invest in robust cybersecurity measures to defend against such threats. The Spanish authorities' crackdown on NoName057(16) is a positive development in the fight against cyberwarfare. However, it also serves as a stark reminder of the evolving nature of cyber threats and the need for continued vigilance in the face of a constantly adapting digital landscape. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
A critical software update gone wrong triggered a domino effect on July 19, 2024, causing a global Microsoft-CrowdStrike outage that crippled critical infrastructure, businesses, and organizations worldwide, especially the airline industry. However, amidst the pandemonium, Southwest Airlines in the United Stated show more ...
seemed to have weathered the storm with surprising grace. While competitor airlines grounded their fleets and scrambled for solutions, Southwest continued operating with minimal disruptions. The reason: the airline is still using Windows 3.1 and Windows 95 that is 32-years-old! How Did Southwest Survive BSOD? The faulty update from cybersecurity giant CrowdStrike last Friday sent millions of Windows systems into a tailspin, causing widespread chaos leading to the dreaded Blue Screen of Death (BSOD). Airports became battlegrounds of long lines and cancelled flights, hospitals struggled with limited access to patient records, and financial institutions experienced service outages. The airlines affected by the CrowdStrike update had to ground their fleets because many of their background systems refused to operate. These systems could include pilot and fleet scheduling, maintenance records, ticketing, etc. According to this article on Forbes.com, in the United States alone, airlines cancelled 3,675 flights or 14 per cent of the total fleets. Another 56 per cent of all flights were late by 15 minutes or more. By 6 pm Friday, Delta Airlines had cancelled 1,326 flights, United had cancelled 562 and American had cancelled 466. Southwest however stood tall during the crisis. It cancelled just three of its 4,390 departures. Also 94 per cent of Southwest flights departed within an hour of the scheduled time. So how did Southwest survive the Crowdstrike outage? Explaining the scenario, a website named govtech says, “That’s because major portions of the airline’s computer systems are still using Windows 3.1, a 32-year-old version of Microsoft’s computer operating software. It’s so old that the CrowdStrike issue doesn’t affect it so Southwest is still operating as normal. It’s typically not a good idea to wait so long to update, but in this one instance Southwest has done itself a favor.” Windows 3.1, launched in 1992, doesn’t get any updates. So, when CrowdStrike pushed the faulty update to all its customers, Southwest wasn’t affected as it didn’t receive an update. Apart from Windows 3.1, Southwest also uses Windows 95 for its staff scheduling system. It is a newer operating system — about three years younger than Windows 3.1 — but it’s ancient compared to today’s tech. Many of the [caption id="attachment_82984" align="alignnone" width="788"] Source: X[/caption] Memes Galore After Southwest Dodges the Bullet This unexpected resilience of Southwest Airlines sparked online jokes and memes, with some netizens poking fun at the airline's supposedly "outdated" technology. Users on social media platform X took this opportunity to create memes and poke fun at the airline and its alleged attitude of "If it ain't broke, don't fix it." [caption id="attachment_82985" align="alignnone" width="776"] Source: X[/caption] [caption id="attachment_82986" align="alignnone" width="701"] Source: X[/caption] [caption id="attachment_82987" align="alignnone" width="758"] Source: X[/caption] Southwest Grappling with ‘Modern’ Issues While Southwest's outdated systems were a saving grace in this instance, it highlights the potential risks associated with such dated technology. The airline previously faced significant disruptions due to these very systems, resulting in hefty fines and a commitment to modernization efforts. During the holiday season in 2022, Southwest had to cancel 16,900 flights leaving around two million passengers stranded. This resulted in a $35 million fine as part of a $140 million settlement. The airline also committed to spending $1.3 billion to update its technology. Southwest will likely need to navigate a path that prioritizes both robust cybersecurity and the gradual integration of modern, reliable systems to avoid future outages and maintain passenger trust.
Majority of customers, affected by the recent CrowdStrike outage on July 19 leading to the Blue Screen of Death (BSOD), might only be eligible for a refund. According to a report by Business Insider, despite the devastating technical outages from CrowdStrike's botched security update, the company doesn't have show more ...
to shell out anything more than a simple refund. The update caused widespread disruptions, including flight cancellations, problems with 911 calls, and restricted access to medical records. Limited Liability in CrowdStrike's Terms & Conditions CrowdStrike's terms and conditions limit the company's liability to the amount paid for the software. This means that businesses hit by the outage wouldn't be able to claim compensation for lost revenue or damages unless they negotiated a different contract beforehand. Elizabeth Burgin Waller, chair of the Cybersecurity & Data Privacy practice at Woods Rogers, told Business Insider that the standard terms and conditions for CrowdStrike's Falcon security software cap liability at "fees paid. This translates to companies only being able to recover the cost of their CrowdStrike subscription, even if they suffer significant business losses due to the outage. "Even if they covered lost revenue or downtime, they limit the recovery against CrowdStrike to fees paid," Waller told Business Insider. [caption id="attachment_83013" align="aligncenter" width="600"] Few of the companies affected by CrowdStrike outage (Source: X)[/caption] Large Companies May Have Different Agreements Waller suggests that larger companies, such as airlines or hospital chains impacted by the outage, might have negotiated separate contracts with CrowdStrike that offer more protection. These contracts are not publicly available, but they could potentially hold CrowdStrike accountable for a wider range of damages. "If you're a huge company, you might have been able to get some negotiation around that," she said. CrowdStrike hasn't yet responded to inquiries about how it plans to enforce its terms and conditions in this situation. Cyber Insurance May Offer Relief According to Waller, most companies will likely turn to cyber insurance to cover the costs associated with the CrowdStrike outage. These expenses include hiring IT personnel to install the fix, lost employee productivity, addressing customer issues, and potential legal fees for publicly traded companies. Many cyber insurance policies cover "contingent business interruption" or "dependent business interruption”, which allows businesses to recoup damages from third-party cybersecurity companies they rely on, potentially including CrowdStrike's Falcon software. [caption id="attachment_82972" align="aligncenter" width="1280"] Scenes at an Indian Airport (Source: ShivaniReports on X)[/caption] "If I've got a big stop sign in front of me — terms and conditions against CrowdStrike — or if I can only get a refund, then I need to go look to my own cyber insurance policy," Waller said. However, Waller clarifies that some cyber insurance policies might only cover situations involving malicious events like hacking. "We've just got a software glitch. So I think we're going to see lawsuits filed against cyber insurance carriers for years to come, I imagine, on this outage," Waller said. "This is a pretty big deal, from a cyber insurance standpoint, and I think this is also going to spawn a lot of litigation about what's covered and what is intended under these different policies." Potential Lawsuits and SEC Scrutiny for CrowdStrike Waller predicts that CrowdStrike can expect legal challenges from shareholders, customers seeking greater compensation, and likely an investigation from the Securities and Exchange Commission (SEC). As a publicly traded company, CrowdStrike is obligated to file an 8-K report with the SEC within the next few days, detailing the cause of the Falcon update malfunction. Interestingly, this event comes just after a federal judge in Manhattan ruled in favor of SolarWinds, a tech security company compromised in a 2020 Russian cyberespionage campaign, against an SEC lawsuit. The SEC argued that SolarWinds failed to adequately inform investors and the public about the full extent of the hack's impact. However, Judge Paul Engelmayer disagreed, stating that the company wasn't required to provide the "maximum specificity" demanded by the SEC. This ruling offers some leeway for CrowdStrike, a $73 billion company. While they have a responsibility to update investors and the public, they might not need to disclose every intricate detail. "You need to convey the severity of what is happening, but we don't need to be really concerned about the nitty gritty details or what we don't know," Waller said. Australian Minister Warns of Scams Meanwhile, Australia's Minister for Cyber Security, Clare O'Neil, issued a series of tweets urging Australians to be extremely cautious of any suspicious texts, calls, or emails claiming to assist with the CrowdStrike outage. O'Neil highlighted the importance of protecting vulnerable individuals, including elderly relatives, from potential scams. She encouraged reporting suspicious communications through Scamwatch. [caption id="attachment_83015" align="alignnone" width="748"] Source: X[/caption] The Minister acknowledged reports of scams where criminals impersonated airlines offering to resolve flight delays and technical support personnel proposing to fix affected technology. O'Neil assured the public that supermarkets were experiencing minimal issues and there were no food shortages. She emphasized the importance of remaining patient with workers restoring systems across various sectors. Finally, O'Neil advised that both CrowdStrike and Microsoft are nearing completion on automatic fix to the issue with an update which should increase the speed at which systems across the economy are back online.
Canada’s oil and gas sector is a cornerstone of its economy, contributing approximately $120 billion, or about 5 per cent of the country’s Gross Domestic Product (GDP). This sector not only fuels economic growth but also plays a critical role in national security, as it supports essential services such as heating, show more ...
transportation, and electricity generation. However, the increasing digital transformation of Operational Technology (OT) within this sector has made it more susceptible to cyber threats, says a report by the Canadian Centre for Cyber Security. Key Findings of Canadian Centre for Cyber Security’s Report According to a survey conducted by Statistics Canada, about 25 per cent of all Canadian oil and gas organizations reported experiencing a cyber incident in 2019. This figure represents the highest rate of reported incidents among all critical infrastructure sectors, highlighting the urgent need for enhanced cybersecurity measures in Canada. The digital transformation of OT systems, while beneficial for management and productivity, has expanded the attack surface for cyber actors, exposing these systems to a variety of cyber threats. [caption id="attachment_83004" align="alignnone" width="682"] Source: Representational pic in report[/caption] The Canadian Centre for Cyber Security has identified that medium- to high-sophistication cyber threat actors are increasingly targeting organizations indirectly through their supply chains. According to the report, this tactic allows attackers to obtain valuable intellectual property and information about the target organization’s networks and OT systems. The reliance of large industrial asset operators on a diverse supply chain—including laboratories, manufacturers, vendors, and service providers—creates critical vulnerabilities. Cyber actors can exploit these vulnerabilities to gain access to otherwise protected IT and OT systems. The report emphasizes that cybercriminals motivated by financial gain pose the most significant threat to the oil and gas sector. It says that Business Email Compromise (BEC) schemes and ransomware attacks are particularly prevalent. While BEC is likely more common and costly than ransomware, the latter remains a primary concern due to its potential to disrupt the supply of oil and gas to customers. The underground cybercriminal ecosystem is continuously evolving, with ransomware-as-a-service (RaaS) models allowing even less skilled attackers to launch sophisticated attacks, summarized the report. This evolution has led to an increase in successful incidents targeting the sector. The report cites the Colonial Pipeline ransomware cyberattack in May 2021 and says that the incident serves as a stark example of the potential consequences of such cyber incidents. The attack forced the shutdown of one of the largest gasoline, diesel, and jet fuel pipelines in the U.S., leading to significant disruptions in fuel supply, panic buying, and short-term price spikes. The report warns that similar incidents could occur in Canada, jeopardizing the supply of essential products and services. Financial implications of Data Breach in Millions: Report The report also highlights the financial implications of cyber threats. The cost of a data breach can range significantly, with estimates suggesting that it can reach millions of dollars depending on the size and nature of the organization. The potential for disruption or sabotage of OT systems poses a costly threat to owner-operators of large OT assets, with implications for national security, public safety, and the economy. Furthermore, the Canadian Centre for Cyber Security has noted that the oil and gas sector attracts considerable attention from financially motivated cyber threat actors due to the high value of its assets. Cybercriminals are not only targeting operational systems but also valuable intellectual property, business plans, and client information. The report underscores the importance of protecting these assets, as the disruption of operations could have far-reaching consequences. In light of these threats, the report calls for organizations within the oil and gas sector to prioritize cybersecurity investments and adopt a proactive approach to risk management. Continuous training and awareness programs for employees are essential to mitigate risks associated with human error, which is often a significant factor in successful cyber attacks. The Canadian Centre for Cyber Security emphasizes the need for collaboration between public and private sectors to combat cyber threats effectively. By sharing information and best practices, organizations can better prepare for and respond to cyber incidents. In conclusion, the findings from the Canadian Centre for Cyber Security highlight the pressing need for enhanced cybersecurity measures within Canada’s oil and gas sector. With cyber threats on the rise, it is imperative for organizations to take proactive steps to safeguard their operations and ensure the resilience of this critical infrastructure. The time to act is now, as the stakes have never been higher in the fight against cybercrime.
Source: www.databreachtoday.com – Author: 1 Anti-Phishing, DMARC , Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime Authorities Warn About Domains Targeting Victims Seeking to Restore Windows Devices Prajeet Nair (@prajeetspeaks) • July 20, 2024 Image: Shutterstock show more ...
Cybercriminals are wasting no time in exploiting the chaos created by the CrowdStrike outage. […] La entrada Fake Websites, Phishing Surface in Wake CrowdStrike Outage – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
