Microsoft acknowledges cyber attack led to recent 10 hour outage and its defences may have made it worse. Cybersecurity Today for Friday, August 2, 2024

Share post:

Microsoft says it’s 10 hour outage started with a DDoS attack, but may have been made worse by their defensive reaction, Canada’s Privacy Commissioner is investigating the Ticketmaster hack on behalf of Canadians whose data was affected, a major US blood bank serving several states is paralyzed by a ransomware attack and the lawsuits have started pouring in from the CrowdStrike outage – not all of them from customers.

Welcome to Cyber Security Today. I’m Jim Love.

On July 30, 2024, Microsoft faced a major global outage affecting multiple services including Microsoft 365, Azure, and even Minecraft. The disruption, lasted nearly 10 hours, and our sources correctly told us that the episode was triggered by a distributed denial of service (DDoS) cyberattack.

But there’s more.  Microsoft later confirmed that an error in their DDoS protection mechanisms actually amplified the attack’s impact instead of mitigating it.

The resulting outage affected various services globally, including Azure App Services, the Azure portal, Microsoft 365 and other services.

To resolve the issue, Microsoft’s team implemented network configuration changes and rerouted traffic to alternative paths.

In about 10 hours, systems were largely back up and running.

Microsoft has promised to publish a Preliminary Post Incident Review within 72 hours to provide more details about the incident and their response. They’ve also advised users to set up Azure Service Health alerts to stay informed about future issues.

This event highlights the ongoing challenges in cybersecurity and the potential far-reaching impacts of such attacks on global digital infrastructure.”

This incident occurred less than two weeks after another major IT outage caused by a flawed CrowdStrike update

While we can beat up on CrowdStrike or Microsoft, we have to ask, wehn do these “isolated failure” turn into a wake-up call? CIOs and CISO’s know that what we have seen is the symptom of a much larger issue. As one very astute senior IT exec told us.

“Expect more catastrophic failures because the on-slaught of digitization post-pandemic is on legacy infrastructure, single points of failure, and archaic designs never designed to withstand the load, scope and scale of what we see today.  Monolithic architectures still exist, and when they break…  Everything breaks…  Yet nobody wants to invest in updating the foundation…”

Sources include: Several

The Privacy Commissioner of Canada has launched an investigation into Ticketmaster Canada following a major cybersecurity breach that affected millions of people worldwide. This probe comes as data breaches continue to rise in both frequency and complexity.

The investigation will examine Ticketmaster’s compliance with Canada’s federal privacy law, PIPEDA, focusing on the company’s security measures and how it handled breach notifications. Ticketmaster’s parent company, Live Nation Entertainment, manages ticket sales and distribution in Canada but is headquartered in the United States.

Privacy Commissioner Philippe Dufresne emphasized the gravity of the situation, stating: “Data breaches have surged over the last decade, and we have seen a significant increase in the scale and complexity of these incidents. Ticketmaster holds the personal information of millions of Canadians.”

The commissioner added that the investigation aims to uncover why this cyber incident occurred and determine necessary steps to prevent future occurrences.

As the investigation is ongoing, the Privacy Commissioner’s office has not released further details.

Sources include: Government of Canada

A ransomware attack on OneBlood, a major blood donation nonprofit, has severely disrupted blood supply operations across four southeastern U.S. states. The cyberattack has forced OneBlood to revert to manual processes, significantly slowing down their ability to collect, test, and distribute blood to over 250 hospitals in Florida, Georgia, North Carolina, and South Carolina.

OneBlood spokesperson Susan Forbes explained the impact: “These manual processes take significantly longer to perform and impact inventory availability.” As a result, hospitals have been asked to activate their critical blood shortage protocols.

In response, blood centers nationwide are rallying to support OneBlood, coordinated by the AABB Disaster Task Force. There’s an urgent need for O Positive, O Negative, and platelet donations.

While cybersecurity specialists and government agencies work to restore OneBlood’s systems, details about the attack’s origin and potential data theft remain unclear. This incident echoes a similar attack on NHS England’s pathology services in June, highlighting the growing vulnerability of healthcare systems to cybercrime.

As the investigation continues, OneBlood emphasizes the critical need for blood donations to manage the ongoing shortage caused by this cyberattack, underscoring the real-world impact of digital threats on public health.

Sources include: Tech Newsday

In a series of escalating events, cybersecurity firm CrowdStrike is facing legal challenges on multiple fronts following a disastrous software update in July. The company is now battling both corporate giants and individual investors over the incident that crashed millions of Windows systems worldwide.

Delta Air Lines CEO Ed Bastian publicly criticized CrowdStrike and Microsoft for the outage that reportedly cost the airline $500 million. Speaking on CNBC, Bastian said, “If you’re going to have priority access to the Delta ecosystem in terms of technology, you’ve got to test this stuff.” Delta has hired high-profile attorney David Boies to pursue compensation.

Suing Crowdstrike on the basis of the update might be an uphill battle as most license agreements contain a “limitation of liability” clause which limits damages, usually to either the amount paid in licenses or some predictable multiple of that amount. But given the stakes, we may be in a position to find out how well those clauses will hold up in a situation like this.

But there’s another type of lawsuit that could come from companies who have not signed licenses.

Adding to CrowdStrike’s woes, the Plymouth County Retirement Association filed a class-action lawsuit in Texas federal court. The pension fund accuses CrowdStrike, CEO George Kurtz, and CFO Burt Podbere of defrauding shareholders with false claims about their Falcon software’s reliability.

The lawsuit alleges that CrowdStrike’s lack of proper testing procedures led to substantial reputational harm and financial losses for investors. According to the complaint, CrowdStrike’s stock tumbled more than 11 percent following the incident, with further drops after Congressional inquiries and analyst downgrades.

CrowdStrike maintains that the investor lawsuit “lacks merit” and promises to “vigorously defend the company.” Which they have to do – this is only one investor of many, and lawsuits of this nature could be extremely costly.

We’ll be digging deeper into these issues on our weekend show with our expert panel. Please join us when the Week in Review is launched late tonight for early Saturday morning.

That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick. Cybersecurity returns to its three shows a week.

I’m your host Jim Love.  Thanks for listening.

 

 

 

 

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Can Canada Get Its Mojo Back? Interview with Senator Colin Deacon

In this weekend edition of Hashtag Trending, host Jim Love delves into the challenges Canada faces as it...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways