In July 2024, the world witnessed an unprecedented IT outage caused by a faulty update in software development industry. The incident affected numerous industries worldwide, grounding planes, disrupting medical appointments, and taking broadcasters off the air. Despite the chaos, the impact on the emerging cyber insurance sector remained limited, with most of the estimated $15 billion in damages left uninsured.
In the Financial Times article, experts argue that the outcome might have been different if the outage had lasted longer. Most cyber insurance policies have a delay of around eight hours before coverage begins, and the cause of the disruption was easier to rectify than a full-scale cyberattack. Risk retention strategies and policy limits also helped minimize insurers’ liabilities, with payouts expected to cover less than a fifth of the $5.4 billion in losses reported by Fortune 500 companies (excluding Microsoft), according to the insurer Parametrix.
However, looking ahead, insurers may not always be so fortunate. The cyber insurance market is one of the riskiest in the industry, with limited data available for accurate risk assessment. Surely though, the recent outage will provide valuable insights. For instance, while insurance can only partially address the growing cyber threat, the recent outage may drive increased demand for coverage. Even before the incident, risk managers were alarmed by cyber threats, as highlighted by the Allianz Risk Barometer. The widespread disruption caused by the so-called ‘blue screen of death’ has only strengthened this concern.
The UK’s National Cyber Security Centre (NCSC) recently brought together international and UK government partners, as well as industry leaders, to discuss the role of cyber deception in cyber defense. The event hosted by the NCSC in London underscored the potential of cyber deception technologies, such as digital tripwires, honeytokens, and honeypots, to enhance national cyber defense strategies. The NCSC aims to establish a comprehensive evidence base on the efficacy of these technologies by promoting their widespread deployment across the country. To achieve this, the NCSC invites public and private sector organisations to contribute to this initiative by sharing their experiences and outcomes from deploying these technologies (as defined by the UK NCSC):
Tripwires: Systems designed to detect unauthorised access by interacting with threat actors, such as honeytokens, to disclose their presence within a network.
Honeypots: Systems that allow threat actors to engage with them, providing opportunities to observe and collect data on their tactics, techniques, procedures, capabilities, and infrastructure for threat intelligence purposes.
Breadcrumbs: Digital artifacts strategically placed within a system to lure threat actors into interacting with tripwires or honeypots, aiding in their detection and study.
To build a comprehensive evidence base on the effectiveness of these tools, the NCSC announced several objectives for this large-scale deployment :
5,000 instances of both low and high interaction solutions across the UK internet, covering both IPv4 and IPv6.
20,000 instances of low interaction solutions within internal networks.
200,000 assets of low interaction solutions deployed within cloud environments.
2,000,000 tokens deployed to bolster detection and intelligence-gathering efforts.
To contribute and participate in this consultation, you contact the UK NCSC at thfcd@ncsc.gov.uk.
The Defense Advanced Research Projects Agency (DARPA) announced the finalists for its AI Cyber Challenge (AIxCC) at DEF CON, a competition that rewards teams for training large language models (LLMs) to identify and fix vulnerabilities in open-source code. BigTech companies like Google, Microsoft, Anthropic, and OpenAI supported participants with AI model credits. The challenge saw about 40 teams submit projects, which were tested on their ability to detect and remediate injected vulnerabilities in open-source coding projects.
Experts say that generative AI can help automate the detection and patching of security flaws in code, and this development can be critical as unsophisticated yet harmful cyberattacks increasingly target critical facilities such as hospitals and water systems. Automating basic cybersecurity practices, such as scanning and fixing code bugs, could significantly reduce these incidents.
Despite running these tests in a controlled, sandboxed environment, the semifinalists’ LLM projects managed to discover 22 unique vulnerabilities and automatically patch 15 of them. DARPA, which has invested over $2 billion in AI research since 2018, plays a unique role in cybersecurity innovation: it created a mock city under cyberattack within DEF CON, attracting over 12,500 visitors. The seven finalist teams will compete in the challenge’s final round at next year’s DEF CON conference, with government officials hoping these AI tools will soon be applied to protect real-life critical infrastructure.
Anne Neuberger, the Biden administration’s deputy national security advisor for cyber and emerging technology, emphasised the goal of using AI for defense as swiftly as adversaries use it for offense. The White House is already collaborating with the Department of Energy to explore deploying these AI tools within the energy sector and hopes to eventually apply them to proprietary company code.
The United Kingdom and France are set to initiate a consultation on addressing the proliferation and irresponsible use of commercial cyber intrusion tools, according to a UK government announcement.
The consultation is part of the Pall Mall Process, a joint UK-French effort focused on addressing the misuse of commercial hacking tools like spyware. The Pall Mall Process was announced last year when the UK and France, alongside major tech companies like Google, Microsoft, and Meta, issued a joint statement acknowledging the urgent need for decisive action against the malicious exploitation of cyberespionage tools. At a conference convened by the UK and France with representatives from 35 nations, concerns were raised regarding the proliferation of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones.
The following launch of this process came after President Joe Biden issued an executive order prohibiting federal agencies from utilizing commercial spyware that might threaten US security or had been exploited by foreign entities. The executive order aimed to tackle the increasing instances of spyware abuse internationally, as well as reports of its improper use against US officials, government infrastructure, and ordinary citizens. In 2021, the Biden administration had also taken steps against spyware vendor NSO Group, founded by two former Israeli military officers, by adding the company to its Entity List.
As part of this consultation, both governments invite stakeholders to provide insights on best practices concerning commercial cyber intrusion capabilities (CCICs) across three key groups:
States: Acting as both regulators and potential consumers within the CCIC market.
Industry organizations: Engaged in or connected to the CCIC market, along with their broader value chain.
Civil society, experts, and threat researchers: Possessing relevant expertise on the risks posed by the CCIC market and the strategies to address them.
Previously, experts had already raised concerns about the Pall Mall Process and its goals, highlighting questions such as whether the initiative will be geographically diverse and include a broad range of countries. Will stakeholders be involved, and will companies providing some of the intrusive tools, in particular, be invited for discussions? What does success look like for this process, and for whom?
To participate in this consultation, please follow this link.
An international operation has dismantled the criminal ransomware group Radar/Dispossessor, which had been targeting companies across various sectors, including healthcare and transport. Authorities from the United States and Germany led the effort to bring down the group, which was founded in August 2023 and initially focused on the US before expanding its attacks globally.
The investigation has identified 43 companies as victims, spanning countries such as the UK, Germany, Brazil, and Australia. The group, led by an individual using the alias ‘Brain’, primarily targeted small to medium-sized enterprises. Many more companies are believed to have been affected, with some cases still under investigation.
Radar/Dispossessor exploited vulnerable computer systems, often through weak passwords and the absence of two-factor authentication, to hold data for ransom. Authorities successfully dismantled servers and domains associated with the group in Germany, the US, and Britain.
Twelve suspects have been identified, hailing from various countries, including Germany, Russia, Ukraine, and Kenya. Investigations are ongoing to identify further suspects and uncover more companies that may have been victimised.
On 9 August, hackers from across the globe convened in Las Vegas to hack a new online voting platform to test and identify potential digital vulnerabilities in future election systems. The Secure Internet Voting (SIV) platform, operated by a US firm, allows voting via phones or computers and is currently in small pilot programs in the US. However, its broader adoption for conducting elections confronts challenges arising from security concerns, leading most states to favour the traditional method of auditable paper ballots.
SIV founder David Ernst, noting the general pessimism on the security of internet voting, stated ‘We believe that there are modern tools and technologies that allow you to make it hyper-secure, with a higher level of security than you can currently achieve with paper’. He further highlighted how SIV was successfully used to select a party primary candidate in 2023 when Republican Celeste Maloy was chosen through SIV and subsequently won Utah’s 2nd congressional district seat in November.
Americans are greatly concerned about voting security as they fear potential foreign cyberattacks on the upcoming elections. National security officials have already found Russia and Iran engaging in online influence campaigns in the current election. Moreover, in previous election cycles, Russian hackers targeted election offices and voting machine companies, and as such, their resilience became a paramount concern.
Concerns are mounting over content shared by the Palestinian militant group Hamas on X, the social media platform owned by Elon Musk. The Global Internet Forum to Counter Terrorism (GIFCT), which includes major companies like Facebook, Microsoft, and YouTube, is reportedly worried about X’s continued membership and position on its board, fearing it undermines the group’s credibility.
The Sunday Times reported that X has become the most accessible platform to find Hamas propaganda videos, along with content from other UK-proscribed terrorist groups like Hezbollah and Palestinian Islamic Jihad. Researchers were able to locate such videos within minutes on X.
Why does it matter?
These concerns come as X faces criticism for reducing its content moderation capabilities. The GIFCT’s independent advisory committee expressed alarm in its 2023 report, citing significant reductions in online trust and safety measures on specific platforms, implicitly pointing to X.
Elon Musk’s approach to turning X into a ‘free speech’ platform has included reinstating previously banned extremists, allowing paid verification, and cutting much of the moderation team. The shift has raised fears about X’s ability to manage extremist content effectively. Despite being a founding member of GIFCT, X still needs to meet its financial obligations.
Additionally, the criticism Musk faced in Great Britain indicates the complex and currently unsolvable policy governance question: whether to save the freedom of speech or scrutinise in addition the big tech social media owners and focus on community safety?
Great Britain scenario..
Elon Musk faced criticism for his social media posts, which many believe have fueled ongoing riots in Britain. Musk shared riot footage and made controversial statements, including predicting a civil war and criticizing Prime Minister Keir Starmer for focusing on speech policing instead of community safety. The unrest was sparked by false online claims that a Taylor Swift-themed dance class stabbing involved an illegal Muslim immigrant, though the suspect is actually a 17-year-old from Cardiff with Rwandan Christian roots. The misinformation allegedly led to anti-immigrant protests and civil disorder across Britain, with violence targeting mosques, asylum seeker housing, and police. Prime Minister Starmer condemned social media companies, particularly X, for enabling the spread of violent disinformation. Government officials, including Technology Secretary Peter Kyle and Home Secretary Yvette Cooper, have vowed action against tech platforms, though Britain’s Online Safety Act won’t be fully effective until next year. Meanwhile, the EU’s Digital Services Act, which Britain is no longer part of, is already in effect.
Delta Air Lines is pursuing legal action against CrowdStrike and Microsoft following a significant outage last month that resulted in widespread flight cancellations. The disruptions affected 1.3 million customers and cost the airline at least $500 million. Delta’s CEO, Ed Bastian, criticised the two companies, holding them accountable for the operational failures.
The trouble began with a software update from cybersecurity firm CrowdStrike, which caused issues for Microsoft customers, including several airlines. Although most carriers recovered the next day, Delta continued to experience problems, leading to the cancellation of about 7,000 flights over five days. The US Transportation Department is now investigating the incident.
CrowdStrike and Microsoft have both denied responsibility for the outages. CrowdStrike threatened to defend itself aggressively if Delta proceeds with legal action, while Microsoft suggested that Delta’s outdated IT infrastructure may have contributed to the prolonged disruptions. Delta’s legal representative, David Boies, dismissed these claims, asserting that the airline had invested heavily in its technology and was not at fault.
The financial impact on Delta has been severe. The airline expects to lose $380 million in direct revenue due to refunds and compensation for the cancelled flights. Additional costs, including customer reimbursements and crew-related expenses, amount to $170 million. However, the reduced flight schedule is anticipated to lower Delta’s fuel bill by $50 million.
Microsoft researchers revealed that Iranian government-linked hackers attempted to breach the account of a high-ranking US presidential campaign official in June, following an earlier breach of a county-level US official’s account. These incidents are part of a broader effort by Iranian groups to influence the upcoming US presidential election, though specifics about the targeted campaign official were not disclosed.
The report aligns with recent statements from US Intelligence officials, who have observed Iran’s increased use of fake social media accounts to sow political discord in the United States. The Iranian mission to the UN denied these allegations, claiming that Iran’s cyber capabilities are defensive and that it does not interfere in US elections.
In addition to the hacking attempts, Microsoft researchers highlighted that Iranian groups have been creating ‘covert’ news sites, using AI to mimic content from legitimate sources and targeting US voters with divisive content. Two such sites, Nio Thinker and Savannah Time, are designed to appeal to opposite ends of the political spectrum, furthering efforts to influence public opinion ahead of the election.
Financial services firms across the European Union are preparing for new regulations under the Digital Operational Resilience Act (DORA). The law, which aims to enhance cybersecurity, will require banks and their technology suppliers to significantly strengthen their IT infrastructure by January 2025. The regulation mandates robust risk management, incident response, and resilience testing to ensure that financial institutions can withstand cyberattacks and other disruptions.
DORA’s scope extends beyond banks, placing stringent requirements on third-party technology providers. These suppliers must now undergo rigorous testing and reporting processes, as the regulation seeks to uncover dependencies within the digital supply chain. The new law represents a shift in focus towards the security of external tech partners, reflecting the growing reliance of financial institutions on digital services.
Non-compliance with DORA will result in severe penalties, with fines reaching up to 2% of global revenues for financial firms and 1% for IT providers. Individual managers could also face significant fines, further intensifying the pressure on firms to meet the new standards. Despite progress, many in the industry are concerned that not all companies will achieve full compliance by the deadline.
The European Union’s emphasis on cyber resilience highlights the evolving challenges faced by the financial sector. As banks and their suppliers scramble to meet the stringent requirements of DORA, the regulation underscores the critical importance of safeguarding digital infrastructure in an increasingly technology-dependent industry.
