Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label CrowdStrike. Show all posts
Hacking
AI technology AI Threat CrowdStrike Cyber Security cyber threat CyberCrime cybercriminals Hacking

Cybercrime in 2025: AI-Powered Attacks, Identity Exploits, and the Rise of Nation-State Threats

 


Cybercrime has evolved beyond traditional hacking, transforming into a highly organized and sophisticated industry. In 2025, cyber adversaries — ranging from financially motivated criminals to nation-state actors—are leveraging AI, identity-based attacks, and cloud exploitation to breach even the most secure organizations. The 2025 CrowdStrike Global Threat Report highlights how cybercriminals now operate like businesses. 

One of the fastest-growing trends is Access-as-a-Service, where initial access brokers infiltrate networks and sell entry points to ransomware groups and other malicious actors. The shift from traditional malware to identity-based attacks is accelerating, with 79% of observed breaches relying on valid credentials and remote administration tools instead of malicious software. Attackers are also moving faster than ever. Breakout times—the speed at which cybercriminals move laterally within a network after breaching it—have hit a record low of just 48 minutes, with the fastest observed attack spreading in just 51 seconds. 

This efficiency is fueled by AI-driven automation, making intrusions more effective and harder to detect. AI has also revolutionized social engineering. AI-generated phishing emails now have a 54% click-through rate, compared to just 12% for human-written ones. Deepfake technology is being used to execute business email compromise scams, such as a $25.6 million fraud involving an AI-generated video. In a more alarming development, North Korean hackers have used AI to create fake LinkedIn profiles and manipulate job interviews, gaining insider access to corporate networks. 

The rise of AI in cybercrime is mirrored by the increasing sophistication of nation-state cyber operations. China, in particular, has expanded its offensive capabilities, with a 150% increase in cyber activity targeting finance, manufacturing, and media sectors. Groups like Vanguard Panda are embedding themselves within critical infrastructure networks, potentially preparing for geopolitical conflicts. 

As traditional perimeter security becomes obsolete, organizations must shift to identity-focused protection strategies. Cybercriminals are exploiting cloud vulnerabilities, leading to a 35% rise in cloud intrusions, while access broker activity has surged by 50%, demonstrating the growing value of stolen credentials. 

To combat these evolving threats, enterprises must adopt new security measures. Continuous identity monitoring, AI-driven threat detection, and cross-domain visibility are now critical. As cyber adversaries continue to innovate, businesses must stay ahead—or risk becoming the next target in this rapidly evolving digital battlefield.
Read more »
Slack
Company Security CrowdStrike Cyber risks Cyber Security Cyber Security Vendor Cybersecurity Crisis Risk Assessment Slack

Managing Vendor Cyber Risks: How Businesses Can Mitigate Third-Party Failures

 

On Wednesday, businesses worldwide experienced disruptions when Slack, a popular workplace communication tool, went offline due to a technical issue. The outage, which lasted several hours, forced teams to rely on alternative communication methods such as emails, phone calls, or in-person discussions. While the incident was quickly resolved, it highlighted a broader issue—businesses’ growing dependence on third-party software providers and the risks associated with their failures. 

While Slack’s downtime was inconvenient, other recent outages have had more severe consequences. In early 2024, Change Healthcare, a payment processing provider under UnitedHealth Group, suffered a ransomware attack that disrupted medical billing nationwide. Healthcare providers struggled to process insurance claims, delaying patient care and, in some cases, resorting to handwritten billing records. A few months later, CDK Global, a software provider used by car dealerships, was hacked, causing widespread operational shutdowns across the auto sales industry. 

In July, a major issue with cybersecurity firm CrowdStrike led to massive flight cancellations, grounding thousands of travelers worldwide. These incidents demonstrate how companies, even with strong internal security measures, remain vulnerable to the weaknesses of their vendors. Cyber insurance and risk management company Resilience reported that in 2024, nearly one-third of the claims it processed were related to vendor-based cyber incidents, including outages and ransomware attacks. 

The company’s CEO, Vishaal “V8” Hariprasad, noted that many organizations overlook the risks posed by third-party providers, despite the potential for significant financial losses. While businesses cannot completely eliminate third-party risks, they can take steps to reduce their exposure. Conducting thorough security assessments before partnering with vendors is crucial. Many organizations assume that if a company offers a widely used service, it must be secure, but that is not always the case. 

Companies should verify whether vendors carry cyber insurance covering third-party risks and review their security protocols, especially for remote access. Cybersecurity rating services such as Security Scorecard and BitSight can help businesses monitor vendor vulnerabilities in real time, allowing them to respond quickly to potential threats. Developing a robust incident response plan can help minimize the impact of vendor failures. Businesses should conduct risk assessments to identify critical systems and outline alternative solutions in case of outages. 

For example, if a primary communication platform becomes unavailable, having a backup system in place can prevent workflow disruptions. Regular cybersecurity drills can also help companies prepare for worst-case scenarios, ensuring that employees know how to respond to a vendor-related cyber incident. Strengthening internal security measures is another essential step. Multi-factor authentication, zero-trust architecture, and network monitoring can help prevent attackers from exploiting vendor weaknesses to gain access to a company’s systems. 

Subscribing to dark web monitoring services can also help detect stolen credentials, allowing businesses to take preventive action before cybercriminals can exploit compromised accounts. A single cyber incident does not necessarily indicate that a vendor is unreliable, but how they respond to the crisis matters. CrowdStrike’s software update issue in July led to thousands of flight cancellations, but some cybersecurity experts argue that the company’s overall security offerings remain strong. Knee-jerk reactions, such as immediately abandoning a vendor after an incident, can sometimes do more harm than good. 

While vendor-related cyber risks are an unavoidable part of doing business in a digital world, preparation and proactive security measures can make the difference between a minor disruption and a full-blown crisis. Companies that invest in due diligence, response planning, and internal security improvements are better positioned to withstand third-party failures and recover quickly when issues arise.
Read more »
Supply chain vulnerability
CNI CrowdStrike CrowdStrike outage Cyber Security cybersecurity resilience IT Industry IT Systems Supply chain vulnerability

2024 CrowdStrike Outage Reveals Critical IT Vulnerabilities

 


The CrowdStrike outage in July 2024 exposed significant weaknesses in global IT supply chains, raising concerns about their resilience and dependence on major providers. The disruption caused widespread impact across critical sectors, including healthcare, transportation, banking, and media. Key services—such as parts of the NHS, international transport hubs, and TV networks—experienced significant downtime, highlighting vulnerabilities in centralized IT systems.

The outage was attributed to a faulty software update for Microsoft Windows users provided by cybersecurity firm CrowdStrike. Initial fears of a cyberattack were ruled out, but the incident shed light on the inherent risks of reliance on a few dominant providers in global IT supply chains. Experts warned that such dependencies create singular points of failure, leaving essential infrastructure exposed to systemic disruptions.

One of the most affected sectors was healthcare, where operations in the NHS were forced to revert to manual methods like pen and paper. Dafydd Vaughan, chief technology officer at Public Digital, emphasized the dangers of monopolistic control in critical services. He highlighted that EMIS, a provider serving over 60% of GP surgeries in England and Wales, dominates the healthcare IT landscape. Vaughan advocated for increased competition within IT supply chains to mitigate risks and enhance resilience.

Far-Reaching Impacts

The repercussions of the outage extended beyond healthcare, disrupting transport systems, banking operations, and broadcasting networks. These interruptions prompted calls for enhanced safeguards and reinforced the need for robust IT infrastructure. Recognizing the severity of these vulnerabilities, the UK government elevated data centres to the status of critical national infrastructure (CNI). This designation ensures they receive additional protection and resources, similar to essential utilities like water and energy.

Government Response and Future Legislation

In response to the crisis, the Labour Government, which assumed power in July 2024, announced plans to introduce the Cyber Security and Resilience Bill in 2025. This proposed legislation aims to expand regulatory oversight, enforce stringent cybersecurity standards, and improve reporting protocols. These measures are designed to fortify national defenses against both outages and the escalating threat of cyberattacks, which increasingly target critical IT systems.

The CrowdStrike incident underscores the pressing need for diversified and resilient IT supply chains. While the government has taken steps to address existing vulnerabilities, a sustained focus on fostering competition and enhancing infrastructure is essential. By proactively preparing for evolving threats and ensuring robust safeguards, nations can protect critical services and minimize the impact of future disruptions.

Read more »
software failure
car dealerships CDK Global CrowdStrike Cyber Security digital monoculture industry crisis Ransomware software consolidation software failure

Ransomware Attack and Software Glitches Reveal Fragility in U.S. Car Dealerships and Global Systems

 

A surprising situation unfolded this summer when buying a car in the U.S. became nearly impossible. In June, a ransomware attack targeted CDK Global, a Chicago-based software company with a market value of about $6.4 billion, halting operations at thousands of dealerships for almost three weeks. Approximately half of the U.S. auto industry depends on CDK Global’s software for daily operations.

Shortly after, a malfunctioning software update from cybersecurity firm CrowdStrike caused disruptions worldwide, affecting millions of computers running Microsoft Windows. This glitch impacted critical infrastructure, including airports, banks, hospitals, and government services.

Cybersecurity experts are now concerned as these events signal a more unstable future. The consolidation of software providers and lack of competition in industries offering essential services create risks. A single software failure could bring entire industries to a standstill, and experts warn the next incident could be even worse.

Previously, cyberattacks and outages were either brief or focused on individual targets. However, the attacks on CDK Global and CrowdStrike were different. Rory Mir, associate director of the Electronic Frontier Foundation, emphasized that these events highlight the severe risks linked to reliance on a single software provider, affecting not just individuals but entire industries.

The financial toll from these outages has been significant. The CDK Global attack cost nearly 15,000 car dealerships in the U.S. an estimated $1 billion and led to around 56,200 lost car sales over three weeks, according to Anderson Economic Group. The CrowdStrike incident is believed to have caused even greater economic damage, with some estimates putting the loss in the tens of billions of dollars globally.

As a result, the cyber insurance industry now faces increasingly complex risks. Insurance premiums are likely to rise as insurers struggle to assess the unpredictable nature of future cyber threats. Dr. Keri Pearlson of MIT Sloan School of Management remarked that insurers are grappling with pricing models because they cannot foresee the likelihood or nature of the next major cyber incident.

The CrowdStrike failure demonstrated how a single software issue could affect various industries. The CDK Global attack, on the other hand, underscored how entire sectors—such as car dealerships—can be heavily dependent on a few dominant software providers. This situation is not unique to the automotive industry; the banking and airline sectors also rely on a handful of key software vendors, creating potential choke points for disruption.

For instance, in the banking industry, three payment processors—FIS, Fiserv, and Jack Henry—control approximately 70% of the market. In the airline industry, three major booking platforms—Travelport, Amadeus, and Sabre—dominate the market. These consolidations create vulnerabilities, much like the Suez Canal blockage that paralyzed global shipping for days, according to Brad Hibbert of Prevalent.

Healthcare, long a prime target for cyberattacks, faces even greater risks. Dominant software providers such as Epic Systems and Oracle-owned Cerner control the U.S. digital medical records market, making healthcare IT a weak link in the chain, says Andrew Southall of SkySiege.

To address these vulnerabilities, experts recommend diversifying critical systems and adopting multi-vendor strategies. John Price of SubRosa suggests that businesses should explore redundancy and backup solutions across multiple vendors to minimize the impact of potential outages.

However, diversifying is easier said than done. Federal Trade Commissioner Lina Khan’s antitrust efforts have focused on Big Tech, but niche software providers have largely escaped scrutiny, contributing to the growing risk of market concentration.

As Rory Mir notes, limited choices in software markets may harm consumers and businesses by allowing monopolies to lower security standards. In cybersecurity, this consolidation creates a “digital monoculture,” leaving fewer targets but higher stakes for malicious actors.

CDK Global’s dominance in the auto industry exemplifies the dangers of unchecked market power. The company faced an antitrust case by industry disruptor Authenticom, which accused CDK and Reynolds and Reynolds of forming a cartel. The case ultimately ended with a settlement, but the issue underscores the risks posed by monopolies in the digital age.
Read more »
USDoD
CrowdStrike Cyber Security Hacking Security USDoD

Brazilian Hacker Behind Major Data Leaks



In a recent turn of events, cybersecurity firm CrowdStrike has identified the hacker known as USDoD, who has been linked to numerous data breaches, as a 33-year-old Brazilian man. This hacker, also known by the alias "EquationCorp," has been behind several high-profile cyber attacks targeting prominent organisations, including Airbus, the FBI's InfraGard portal, National Public Data, and TransUnion.

A report obtained by the Brazilian news site TecMundo, from an anonymous source within CrowdStrike, reveals that the individual behind USDoD is Luan BG, a resident of Minas Gerais, Brazil. The report states that CrowdStrike has shared this information with the authorities, which includes details such as his tax registration, email addresses, domains he registered, IP addresses, social media accounts, and his phone number. While personal information about Luan has been uncovered, specific details that could fully reveal his identity have been kept confidential by CrowdStrike, respecting privacy concerns despite his criminal activities.

According to the investigation, Luan BG has been involved in hacking activities since at least 2017, originally engaging in hacktivism. However, by 2022, his activities had escalated into more serious cybercrimes. His operational security mistakes played a crucial role in his identification. For instance, he repeatedly used the same email address and similar phrases across various social media platforms and forums, allowing investigators to track his activities. This email was also linked to personal accounts, domain registrations, GitHub contributions, and social media profiles, which collectively led to his identification. Additionally, early gaps in his technical abilities made it easier for investigators to compile a detailed profile of him, including photos and emails tied to his aliases.

Robert Baptiste, a well-known cybersecurity expert and CEO of Predicta Lab, has confirmed CrowdStrike's findings through an independent investigation. Baptiste’s work corroborates the evidence pointing to Luan BG as the individual behind the USDoD alias.

The report also highlights that Luan BG inadvertently exposed his identity during a 2023 interview with DataBreaches.net, where he falsely claimed to be around 30 years old with dual Brazilian and Portuguese citizenship, residing in Spain. However, further investigation into his online activities, including emails and social media posts, traced his location back to Brazil. Despite his attempts to mislead by claiming U.S. citizenship, CrowdStrike was able to connect him to Brazil using financial records and other digital traces.

Although authorities have been informed about Luan BG’s identity, there is concern that he may continue his cybercriminal activities. Despite the exposure, experts fear that Luan might deny the revelations or downplay them and persist in his illicit endeavours.

The exposure of USDoD’s identity by CrowdStrike is a crucial step in the ongoing battle against cybercrime. It highlights the complex challenges cybersecurity professionals face in tracking down and exposing individuals involved in high-level cyberattacks. As the case unfolds, the impact of this discovery on the broader cybercriminal community will be closely watched.


Read more »
security measures
breach recovery CrowdStrike CrowdStrike outage Cyber Security IT Security ransomware restoration security measures

Lessons from the CrowdStrike Falcon Sensor Defect: Enhancing Ransomware Recovery and Business Continuity

 


In recent times, a significant IT disruption was caused by a defect in a content update for CrowdStrike’s Falcon sensor, affecting approximately 8.5 million PCs across diverse sectors. This issue, which disrupted organizations ranging from small businesses and global conglomerates to government agencies and hospitals, highlighted severe vulnerabilities in how entities handle large-scale IT failures. The impact was widespread, leading to delayed flights, transaction failures at gas stations and grocery stores, and significant delays in emergency services such as police and fire departments. 

The scale of this disruption serves as a critical reminder of the importance of robust ransomware recovery and business continuity plans (BCPs). Although the immediate cause of the disruption was not a ransomware attack, the parallels between handling this IT issue and responding to ransomware are striking. This event underscores the need for organizations to evaluate and improve their preparedness for various types of cyber threats. One of the key lessons from this incident is the importance of efficient detection. The mean time to detect (MTTD) is a crucial metric that measures how swiftly an organization can identify a security breach. 

The quick identification of the Falcon sensor defect was vital in managing its effects and preventing further damage. Organizations should focus on strengthening their detection systems to ensure they can quickly identify and respond to potential threats. This includes implementing advanced monitoring tools and refining alert mechanisms to reduce response times during a real cyber incident. Recovery and restoration processes are equally critical. After the Falcon sensor issue, organizations had to mobilize their BCPs to recover systems and restore normal operations from backups. This situation emphasizes the need for well-documented, regularly updated, and thoroughly tested recovery plans. 

Businesses must ensure their backup strategies are reliable and that they can quickly restore operations with minimal disruption. Effective recovery plans should include clear procedures for data restoration, system repairs, and communication with stakeholders during a crisis. The incident also highlights the importance of continuous assessment and improvement of an organization’s cybersecurity posture. By analyzing their response to the Falcon sensor defect, organizations can identify gaps in their strategies and address any weaknesses. This involves reviewing incident response plans, updating communication protocols, and enhancing overall resilience to cyber threats. 

Furthermore, the disruption reinforces the need for comprehensive risk management strategies. Organizations should regularly evaluate their exposure to various types of cyber threats, including ransomware, and implement measures to mitigate these risks. This includes investing in cybersecurity training for employees, conducting regular security audits, and staying informed about the latest threat intelligence. 

In conclusion, the CrowdStrike Falcon sensor defect offers valuable lessons for enhancing ransomware recovery and business continuity planning. By learning from this event, organizations can improve their ability to respond to and recover from cyberattacks, ensuring they are better prepared for future threats. Regular updates to BCPs, enhanced detection capabilities, and robust recovery processes are essential for safeguarding against disruptions and maintaining operational resilience in today’s increasingly complex digital landscape.
Read more »
Tech
Cloud CrowdStrike malware Ransomware Tech

The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat

The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat

A recent report by CrowdStrike observes on a disturbing trend: the increasing use of manual techniques in ransomware attacks. This shift towards hands-on-keyboard activities is not only making these attacks more sophisticated but also more challenging to detect and mitigate.

The Surge in Interactive Intrusions

According to CrowdStrike’s findings, there has been a staggering 55% increase in interactive intrusions over the past year. These intrusions, characterized by direct human involvement rather than automated scripts, account for nearly 90% of e-crime activities. This trend underscores a critical shift in the tactics employed by cybercriminals, who are now leveraging manual techniques to bypass traditional security measures and achieve their malicious objectives.

Why Manual Techniques?

The adoption of manual techniques in ransomware attacks offers several advantages to cybercriminals. Firstly, these techniques allow attackers to adapt and respond in real-time to the defenses they encounter. Unlike automated attacks, which follow predefined scripts, manual intrusions enable attackers to think on their feet, making it harder for security systems to predict and counter their moves.

Secondly, manual techniques often involve the use of legitimate tools and credentials, making it difficult for security teams to distinguish between malicious and benign activities. This tactic, known as “living off the land,” involves using tools that are already present in the target environment, such as PowerShell or Remote Desktop Protocol (RDP). By blending in with normal network traffic, attackers can evade detection for extended periods, increasing the likelihood of a successful attack.

The Impact on the Technology Sector

The technology sector has been particularly hard-hit by this surge in manual ransomware attacks. CrowdStrike’s report indicates a 60% rise in such attacks targeting tech companies. This sector is an attractive target for cybercriminals due to its vast repositories of sensitive data and intellectual property. Additionally, technology companies often have complex and interconnected systems, providing multiple entry points for attackers to exploit.

The consequences of a successful ransomware attack on a tech company can be devastating. Beyond the immediate financial losses from ransom payments, these attacks can lead to prolonged downtime, loss of customer trust, and significant reputational damage. In some cases, the recovery process can take months, further compounding the financial and operational impact.

What to do?

Enhanced Monitoring and Detection: Implement advanced monitoring tools that can detect anomalous behavior indicative of manual intrusions. Behavioural analytics and machine learning can help identify patterns that deviate from the norm, providing early warning signs of an attack.

Regular Security Training: Educate employees about the latest phishing techniques and social engineering tactics used by cybercriminals. Regular training sessions can help staff recognize and report suspicious activities, reducing the risk of initial compromise.

Zero Trust Architecture: Adopt a Zero Trust approach to security, where no user or device is trusted by default. Implement strict access controls and continuously verify the identity and integrity of users and devices accessing the network.

Incident Response Planning: Develop and regularly update an incident response plan that outlines the steps to take in the event of a ransomware attack. Conduct regular drills to ensure that all team members are familiar with their roles and responsibilities during an incident.

Backup and Recovery: Maintain regular backups of critical data and ensure that these backups are stored securely and inaccessible from the main network. Regularly test the recovery process to ensure that data can be restored quickly in the event of an attack.
Read more »
Software
Black hat CrowdStrike Cyber Security Global IT Outage Software

CrowdStrike's Recovery Efforts in Focus After Global IT Outage


 

On July 19, cybersecurity leader CrowdStrike found itself at the centre of a crisis after a faulty software update caused a widespread IT outage, affecting millions of computers worldwide. The aftermath of this incident was evident at the Black Hat cybersecurity conference in Las Vegas, where CrowdStrike had a contributing presence. The company, known for its expertise in stopping cyber threats, faced the challenge of reassuring its customers and partners while dealing with the repercussions of the outage.

CrowdStrike's Response to the Crisis

In the weeks following the outage, CrowdStrike provided regular updates on its investigation into the issue. As part of its apology to affected partners, the company distributed $10 Uber Eats gift cards, though this gesture quickly backfired. Many recipients found their gift cards flagged as fraudulent due to high usage rates, exacerbating the company's already strained relationship with some partners.

Despite the challenges, CrowdStrike maintained a strong presence at the Black Hat conference, where it showcased its products and engaged with attendees. The company's booth, one of the largest at the event, drew attention, not just for the promotional items like T-shirts and action figures but also for the opportunity to discuss the incident with CrowdStrike representatives.

The response from cybersecurity professionals at Black Hat was mixed. Some attendees remained loyal to CrowdStrike, viewing the outage as an unfortunate but not defining moment for the company. A U.S. government employee who uses CrowdStrike regularly expressed confidence in the company's ability to maintain its position as a leading cybersecurity provider. Similarly, a security engineer noted that while his company was affected by the outage, CrowdStrike's prompt and effective remediation efforts helped restore normal operations within a day.

However, not all feedback was positive. Some attendees voiced concerns about the reliability of CrowdStrike's services following the incident. Seth Faeder, an engineer at ClearChoice Dental Implants Centers, noted that while his company wasn't directly impacted, he had to assist in restoring affected systems for his parent company, which uses CrowdStrike. This experience led him to suggest exploring alternatives like Sophos.

Another cybersecurity professional emphasised the importance of having backup plans in place, stating that while it might be difficult to move away from CrowdStrike entirely, the outage is an indicator of the risks involved in relying too heavily on a single provider.

CrowdStrike's Efforts to Rebuild Trust

Throughout the conference, CrowdStrike sought to reassure attendees of its commitment to resilience and customer support. The action figures distributed at the booth came with a message acknowledging the outage and emphasising the company's dedication to preventing similar incidents in the future. This message was also prominently displayed on screens throughout the conference venue, reinforcing CrowdStrike's focus on transparency and accountability.

Kevin Benacci, CrowdStrike's senior director of corporate communications, highlighted that the company's presence at Black Hat was not just about addressing the incident but also about expressing gratitude to the cybersecurity community for its continued support. Technical experts were on hand to discuss the incident in detail and provide insights into the company's response.

Despite the challenges posed by the outage, CrowdStrike's booth remained busy throughout the conference, suggesting that the company's reputation, while damaged, may not be beyond repair. The resilience and loyalty of some cybersecurity professionals indicate that CrowdStrike still holds a crucial place in the industry.

However, the incident has sparked a broader discussion about the reliability of cybersecurity tools and the need for contingency planning. As the industry reflects on the lessons learned from CrowdStrike's outage, the focus will likely shift to ensuring that even the most trusted systems are equipped to handle unforeseen challenges.


Read more »
Subscribe to: Posts (Atom)