The US cybersecurity company has successfully restored 97% of its Windows sensors following a global outage caused by a faulty software update. The issue, which began nearly a week ago, affected 8.5 million devices running Microsoft’s Windows operating system, leading to significant disruptions in services, including flights, healthcare, and banking.
The outage was triggered by a fault in CrowdStrike’s Falcon platform sensor, a security agent designed to protect devices from threats. The fault caused computers to crash and display the notorious blue screen of death. In response, CrowdStrike deployed a fix and mobilized all resources to support customers, enhancing recovery efforts with automatic recovery techniques.
The recovery comes amidst scrutiny over the cybersecurity firm’s quality control measures. Despite the challenges, CrowdStrike’s swift response has helped mitigate further impact and restore critical services globally.
Hackers from North Korea, identified as Anadriel or APT45, have conducted a global cyber espionage campaign to steal classified military secrets, supporting Pyongyang’s banned nuclear weapons programme. The joint advisory came from the United States, Britain, and South Korea. The hackers are believed to be part of North Korea’s Reconnaissance General Bureau, which has been under US sanctions since 2015.
These cyber units have targeted a wide range of defence and engineering firms, including those manufacturing tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems. Notable breaches occurred at NASA and US Air Force bases, with significant data extraction. In one 2022 incident, hackers infiltrated NASA’s computer system for three months, extracting over 17 gigabytes of data.
Hackers also employed ransomware to fund their operations, targeting US hospitals and healthcare companies. The US Justice Department has charged one suspect, Rim Jong Hyok, with conspiracy and money laundering. In a 2021 incident, a Kansas hospital paid a ransom in bitcoin, which was traced to a Chinese bank. Authorities are offering a $10 million reward for information leading to Rim’s arrest.
Officials from the FBI and Justice Department have seized some online accounts, recovering $600,000 in virtual currency to be returned to ransomware victims. The operation reveals the extent of DPRK state-sponsored actors’ efforts to advance their military and nuclear programmes. Last year, North Korean hackers breached systems at a Russian rocket design bureau, employing similar phishing techniques and computer exploits.
Meta Platforms announced on Wednesday that it had removed approximately 63,000 Instagram accounts in Nigeria involved in financial sexual extortion scams, primarily targeting adult men in the United States. These Nigerian fraudsters, often called ‘Yahoo boys,’ are infamous for various scams, including posing as individuals in financial distress or as Nigerian princes.
In addition to the Instagram accounts, Meta also took down 7,200 Facebook accounts, pages, and groups that provided tips on how to scam people. Among the removed accounts, around 2,500 were part of a coordinated network linked to about 20 individuals. These scammers used fake accounts to conceal their identities and engage in sextortion, threatening victims with the release of compromising photos unless they paid a ransom.
Meta’s investigation revealed that most of the scammers’ attempts were unsuccessful. While adult men were the primary targets, there were also attempts against minors, which Meta reported to the National Centre for Missing and Exploited Children in the US. The company employed new technical measures to identify and combat sextortion activities.
Online scams have increased in Nigeria, where economic hardships have led many to engage in fraudulent activities from various settings, including university dormitories and affluent neighbourhoods. Meta noted that some of the removed accounts were not only participating in scams but also sharing guides, scripts, and photos to assist others in creating fake accounts for similar fraudulent purposes.
Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.
In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.
The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.
Spanish police have arrested three pro-Russian hackers suspected of carrying out cyberattacks against Spain and other NATO countries. These attacks, allegedly for terrorist purposes, targeted public institutions and critical infrastructures in nations supporting Ukraine in the ongoing conflict with Russia. The suspects, whose identities have not been disclosed, were detained in Manacor, Huelva, and Seville.
The arrests are linked to the hacktivist group NoName057(16), active since the Russian invasion of Ukraine. The Civil Guard reported that the group’s manifesto acknowledges their intent to retaliate against Western actions perceived as anti-Russian. Police released footage showing a Soviet-era flag in one suspect’s home.
A report from the Internet Watch Foundation (IWF) has exposed a disturbing misuse of AI to generate deepfake child sexual abuse images based on real victims. While the tools used to create these images remain legal in the UK, the images themselves are illegal. The case of a victim, referred to as Olivia, exemplifies the issue. Abused between the ages of three and eight, Olivia was rescued in 2023, but dark web users are now employing AI tools to create new abusive images of her, with one model available for free download.
The IWF report also reveals an anonymous dark web page with links to AI models for 128 child abuse victims. Offenders are compiling collections of images of named victims, such as Olivia, and using them to fine-tune AI models to create new material. Additionally, the report mentions models that can generate abusive images of celebrity children. Analysts found that 90% of these AI-generated images are realistic enough to fall under the same laws as real child sexual abuse material, highlighting the severity of the problem.
According to a blog post from Microsoft on Saturday, a global tech outage caused by a software update from cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices. That number represents less than one percent of all Windows machines, but the impact was significant, grounding flights, interrupting broadcasts, and disrupting access to essential services such as healthcare and banking.
Despite the relatively small percentage of devices affected, the outage had broad economic and societal effects due to critical enterprises’ widespread use of CrowdStrike’s services. Microsoft noted that CrowdStrike has helped develop a solution to accelerate the fix for Microsoft’s Azure infrastructure. The company is also collaborating with Amazon Web Services and Google Cloud Platform to share information about the outage’s effects across the industry.
The air travel industry was particularly hard hit, with thousands of flights cancelled and passengers experiencing extensive delays. Delta Air Lines, one of the hardest-hit airlines, reported over 600 flight cancellations by Saturday morning, with more expected throughout the day as the industry worked to recover from the IT outage.
Australia’s cyber intelligence agency warned on Saturday about the release of ‘malicious websites and unofficial code’ online, claiming to aid recovery from Friday’s global digital outage. The outage, caused by a botched software update from CrowdStrike, impacted various sectors, including media, retailers, banks, and airlines.
The Australian Signals Directorate (ASD) urged consumers to obtain technical information and updates exclusively from official CrowdStrike sources to avoid falling victim to scams. Cyber Security Minister Clare O’Neil also cautioned Australians to be vigilant against potential scams and phishing attempts.
The outage affected the Commonwealth Bank of Australia, causing temporary disruptions in PayID payments, which were later resolved. National airline Qantas and Sydney airport experienced delays but maintained operations. Prime Minister Anthony Albanese confirmed that critical infrastructure, government services, and emergency phone systems were unaffected.
CrowdStrike, a major cybersecurity provider with nearly 30.000 global subscribers, previously reached a market cap of about $83 billion. Despite the widespread disruption, the swift response helped mitigate further issues and ensured a quick recovery.
A US judge has dismissed most of an SEC lawsuit against software company SolarWinds, which accused it of defrauding investors by concealing security weaknesses linked to a Russia-backed cyberattack. Judge Paul Engelmayer ruled that claims against SolarWinds and its chief information security officer, Timothy Brown, were based on ‘hindsight and speculation’ and lacked concrete evidence.
The judge dismissed most claims related to statements made before the cyberattack, except for one regarding a statement on SolarWinds’ website about its security controls. The SEC had alleged that SolarWinds hid its cybersecurity vulnerabilities before the attack and downplayed its severity afterwards. SolarWinds expressed satisfaction with the decision, calling the remaining claim factually inaccurate.
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform and compromised several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The US government has attributed the attack to Russia, which has denied involvement.
This case, filed last October, was notable for being one of the first where the SEC sued a company that was a victim of a cyberattack without announcing a settlement. It is also rare for the SEC to sue public company executives not closely involved in preparing financial statements.
Senator Chuck Grassley’s office provided the letter to Reuters, stating that OpenAI’s policies appear to prevent whistleblowers from receiving due compensation for their protected disclosures. The whistle-blowers have requested that the SEC fine OpenAI for each improper agreement and review all contracts containing NDAs, including employment, severance, and investor agreements. OpenAI did not immediately respond to requests for comment.
