Between the Olympics, councils, and evidence of soaring data, there's plenty to read about the latest cybersecurity threats and incidents. Here's a summary of some of the topics making the headlines this month.
CrowdStrike and the Global IT outage
Let’s start this month's round-up by looking at the cybersecurity firm CrowdStrike, which was at the centre of the massive global IT outage that hit on 19th July.
Disrupting millions of Microsoft users, absolute chaos took place across the globe, from TV stations going offline and cancelled flights to hospitals having to reschedule appointments. A faulty update to CrowdStrike’s Falcon sensor software is said to have been the culprit.
CrowdStrike admitted that a bug in its quality control mechanism allowed the problematic update to pass through undetected. The extent of the damage is still being evaluated, with Microsoft reporting 8.5 million affected devices. While CrowdStrike has not detailed the exact problematic content, it has implemented a new check to prevent future incidents.
Although not a cyberattack, this incident underscores the critical importance of rigorous quality control in cybersecurity. A faulty update in any software highlights the risks associated with updates and the significant impact cybersecurity solutions can have on critical infrastructure. The incident also demonstrates the regulatory scrutiny and accountability cybersecurity firms face when their failures have wide-reaching consequences.
Cybersecurity challenges of the Olympic games
Not even the Olympics can get away with not considering their cybersecurity strategy. It has also been reported that the 2024 Paris Olympic Games organisers have had to strengthen their cybersecurity precautions after experts and law enforcement agencies warned of an expected surge in cyberattacks.
With an estimated €11 billion in economic activity and enormous ticketing operations, the Olympics are an attractive target for cyberattacks and have long been a target. According to Cisco, the 2021 Tokyo Games endured an estimated 450 million cyberattacks. Cyberattacks on the Olympics range from spoofing schemes, phishing, ransomware attacks, and Distributed Denial of Service (DDoS) attacks.
Paris Olympics 2024 officials, alongside partners like ANSSI, Cisco, and Eviden, are said to have implemented robust measures to keep security tight, including:
- Developing secure communication networks
- Comprehensive audits
- Establishing rapid response units
- Providing awareness and training programs
Vince Stubel, the director general of ANSSI, France's cybersecurity agency, has been quoted as saying, "The games are facing an unprecedented level of threats … but we've also done an unprecedented amount of preparation work, so I think we're a step ahead of the attackers."
Spike in cyberattacks in Guernsey
Authorities have warned organisations in Guernsey to strengthen their IT systems following a surge in cyberattacks. The Office of the Data Protection Authority (ODPA) reported that some Microsoft 365 systems had fallen victim to phishing attacks.
The ODPA highlighted that cybercriminals are becoming increasingly skilled at bypassing standard security measures, including multi-factor authentication (MFA), despite Microsoft stating that MFA can prevent over 99% of account compromise attacks.
Organisations have been advised to implement a layered security strategy, including mail and web filtering and enhancing training and awareness programs.
Dorset Council put at risk of cyberattacks
Dorset Council has come under the spotlight recently. It has been highlighted that staff are jeopardising the authority's cybersecurity by neglecting mandatory training. It’s been reported that a considerable number of employees have not completed essential courses on cyber security and data protection, opening the risk of cyberattacks.
Independent advisor Simon Roche has emphasised the necessity of training sessions and suggested penalising non-compliant staff. He also recommended extending mandatory training to personnel in critical areas prone to fraud.
Service manager Marc Eyres has acknowledged the challenge of achieving full compliance and mentioned that this issue would be addressed in an upcoming senior management meeting. About 30% of staff still need to complete the mandatory training, despite a 24% increase in cyberattacks on councils from 2022 to 2023.
Councillor Jill Haynes has expressed concern over the lack of compliance, noting that a single mistake could compromise the council's security.
Cyberattacks soar
Recent data from Check Point Research (CPR) has revealed a significant global increase in cyberattacks, particularly affecting the education, government, and healthcare sectors.
Key findings showed:
- In Q2 2024, cyberattacks globally increased by 30% year over year, averaging 1,636 attacks per organisation per week.
- The top three most attacked industries are education and research, military and healthcare.
- The education & research sector experienced the highest number of attacks, with 3,341 weekly attacks per organisation, a 53% increase from the previous year.
- Government/military and healthcare sectors were also heavily targeted, with an average of 2000 weekly attacks.
- Latin America, Africa, and Europe saw the largest regional increases, with Latin America experiencing a 53% rise.
Several factors contribute to this surge, such as increased digital transformation, sophisticated cyber-criminal tactics using AI and machine learning, economic incentives like ransomware and phishing, and geopolitical tensions.
The report emphasises the urgent need for organisations to adopt advanced security strategies, enhance awareness, and prepare for potential incidents.
Hackney Council reprimanded
BBC News has reported that Hackney Council was reprimanded by the Information Commissioner's Office (ICO) for a cyberattack in October 2020 that compromised the data of at least 288,000 residents and other individuals.
At the time, hackers gained access to and encrypted 440,000 files, exposing sensitive information, including religious beliefs, health, criminal records, economic data, and sexual orientation.
The ICO's investigation has concluded that Hackney Council failed to implement adequate measures to protect its systems. The council was criticised for not applying security measures to all devices and leaving a dormant account with an insecure password connected to its servers. This lapse allowed hackers to exploit the system, resulting in the theft of over 9,600 records and posing a significant risk of harm to 230 people.
The attack also severely disrupted the council’s operations, with some services not fully restored for two years. Hackney Council reportedly disagreed with the ICO's findings, insisting that it had met its security obligations and that the ICO had misunderstood the facts. Despite this, the ICO issued a reprimand instead of a fine, acknowledging the positive actions the council had taken.
The NCSC - sharing lessons helps everyone
This month, the National Cyber Security Centre released a blog about how sharing lessons from cyber incidents can help everyone improve. Sharing information on how attackers gained entry, their actions, and the countermeasures taken could significantly enhance future defence.
Voluntary sharing helps foster a culture of learning and improvement. It's important to responsibly share and protect sensitive information using trusted channels like the NCSC's CISP platform. Sir Roly Keating will discuss a 2023 cyberattack on The British Library at CYBERUK 2024, demonstrating the value of openness.
Unsuccessful attacks and near misses offer valuable lessons, helping organisations improve defences and response strategies. Sharing these experiences publicly or within trusted groups strengthens collective cybersecurity resilience.
Looking ahead
At Brigantia, we support channel partners in delivering the latest information and cybersecurity products to their customers. We work together to keep businesses secure and protected. If you’re looking for the best cybersecurity solutions in the channel, speak to our team.