DW Weekly #170 – 26 July 2024
Welcome to another issue of the Digital Watch weekly!
It should have been a routine update. Alas, an update Crowdstrike issued to its Falcon Sensor kernel-level driver that protects Windows computers caused a major tech outage last Friday, disrupting operations across different industries worldwide, including air travel, healthcare, financial services, and media.
The problem began when CrowdStrike released a content configuration update for the Windows sensor to collect telemetry on potential new threat techniques. These updates are a regular aspect of the Falcon platform’s dynamic protection system, sometimes occurring daily. However, this particular update contained a logic error that resulted in a system crash, causing the notorious blue screen of death (BSOD) on 85 million Windows devices.
The silver lining? The outage, while severe, did not lead to exploitation by malicious actors on a larger scale. However, CrowdStrike intelligence reported observing threat actors leveraging the situation in Latin America, underlining the vulnerability of digital systems to exploitation.
Financially, the impact of this incident is staggering. According to cyber insurer Parametrix, the faulty update could result in losses of up to $54 billion for companies like Microsoft, major airlines, banks, and healthcare providers. In a bizarre twist, CrowdStrike tried to make amends by sending $10 Uber Eats gift cards to affected partners. However, many recipients got error messages saying the vouchers were cancelled, with Uber flagging the high redemption rate as fraud.
What did we learn from this case? Numerous organisations are overreliant on single-point IT solutions. Should tech companies bear responsibility for cyber risks associated with their products and services?
Defining supplier responsibility (and liability) for the security and stability of digital products through legal instruments is essential for ensuring accountability and safety. This would incentivise companies to invest more in robust security measures, thorough testing protocols, and fail-safe mechanisms. Moreover, it would foster a culture of responsibility within the tech industry, where the potential real-world impacts of digital failures, their solutions, and their broader implications for society are given the serious consideration they deserve.
As these debates heat up, the scrutiny of cybersecurity practices is intensifying: CrowdStrike’s CEO has been summoned by a US congressional committee to explain the mess, underscoring the growing legislative interest in the issue.
Andrijana and the Digital Watch team
Highlights from the week of 19-26 July 2024
Details on how the working group will function will be finalised after the summer.
The statement recognises the profound potential of AI and foundation models, pinpointing several competition risks: concentrated control of key AI resources, market power entrenchment by incumbent digital giants, and potentially anti-competitive collaborations among major AI players.
Altman also advocates for international collaboration and possibly establishing governance bodies to ensure AI benefits are widely shared and risks minimised.
Despite initial weak sales, Nvidia is now on track to sell over 1 million H20 chips in China this year, generating more than $12 billion.
SearchGPT offers summarised results with source links and follow-up queries.
The Joint Statement Initiative on Electronic Commerce, co-convened by Australia, Japan, and Singapore, announced a milestone on 26 July 2024, with participants reaching a stabilised text for the Agreement on Electronic Commerce after five years of negotiations. The negotiations will continue.
Expected to lower business costs and boost services trade, it underscores Singapore’s significant role as the EU’s fifth-largest services trade partner, with over half of the €43 billion services traded in 2022 delivered digitally.
The probe will examine whether Apple imposed unequal commercial conditions on developers of mobile applications sold through its App Store.
The potential fine for Meta could reach $13.4 billion, or 10% of 2023 global revenue.
The fine, one of the largest by an African regulator on a global tech company, follows a 38-month investigation revealing Meta’s non-compliance with Nigeria’s Data Protection Regulation (NDPR).
The breach is suspected to stem from an earlier hack of a system by third-party vendor Diligent Corp.
The country is committed to minimising their impact, says Prime Minister Gabriel Attal.
Battling progressive supranuclear palsy (PSP), a condition that limits her ability to speak and move, Wexton announced in September that she will not seek re-election due to her worsening health.
This webinar explored how advanced technology can improve disaster preparedness, response, and recovery in Africa, highlighting innovative cyber tools and solutions that enhance crisis management and resilience.
