Windows TCO: Human Casualties, Random, Downtime, and More

posted by Roy Schestowitz on Aug 02, 2024

• The Hindu ☛ Small Indian banks hit by ransomware attack; NPCI suspends payment

  NPCI temporarily closed all retail payments in the affected banks and customers of will not be able to access the payment systems until restoration is complete. Only small RRBs and co-operative banks are affected, said an official at NPCI who spoke to The Hindu on condition of anonymity. “The problem will be contained hopefully by tomorrow” he added. The Reserve Bank of India did not respond immediately to a request for a comment.

• The Register UK ☛ Ransomware disrupts blood supply to 250+ US hospitals

  In a notice today, OneBlood revealed the intrusion disrupted a "software system," and had forced the organization to use manual processes and procedures to remain operational. The outfit provides blood for healthcare facilities across Florida, Georgia, North Carolina, and South Carolina.

• Security Week ☛ Ransomware Attack Hits OneBlood Blood Bank, Disrupts Medical Operations

  OneBlood, a non-profit blood bank serving a major chunk of U.S. southeast medical facilities, has been hit by a disruptive ransomware attack.

  The organization, which provides blood services to more than 300 hospitals in Florida, Georgia and the Carolinas, said the security breach impacted its software system and slowed down operations.

• Silicon Angle ☛ Florida-based blood donation nonprofit OneBlood struck by ransomware attack

  According to a statement from OneBlood, the ransomware attack is impacting its software system and the organization is working closely with cybersecurity specialists and law enforcement as part of a “comprehensive response to the situation.” The statement noted that although OneBlood remains operational and continues to collect, test and distribute blood, operations are at a “significantly reduced capacity.”

• Cyble Inc ☛ Ransomware Strikes U.S. Non-profit Blood Center 'OneBlood'

  A ransomware attack is impacting the software system of OneBlood, a blood donation non-profit that serves hundreds of hospitals in the southeastern U.S.

  “Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event. Our comprehensive response efforts are ongoing and we are working diligently to restore full functionality to our systems as expeditiously as possible,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.

• The Record ☛ CISA, FBI warn of potential DDoS attacks on 2024 elections

  CISA Senior Advisor Cait Conley said DDoS attacks are a tactic election agencies have seen in the past and “will likely see again in the future, but they will NOT affect the security or integrity of the actual election.” DDoS attacks typically overload websites with requests, knocking them offline for several minutes or hours.

  “They may cause some minor disruptions or prevent the public from receiving timely information,” she said. “It is important to talk about these potential issues now, because nefarious actors, like our foreign adversaries or cybercriminals, could use DDoS incidents to cast doubt on the election systems or processes.”

• Cyble Inc ☛ Western Sydney University Data Breach Exposes Personal Data

  In a follow-up to the May 2024 announcement regarding a Western Sydney University data breach of its Microsoft Office 365 environment, WSU has now confirmed that personal information stored in its Isilon storage platform was also subjected to unauthorized access. This platform holds ‘My Documents’ information, departmental shared folders, and some backup and archived data.

• Kalzumeus Software LLC ☛ Why the CrowdStrike bug hit banks hard

  In modern software design, programs running in userspace (i.e. almost all programs) are relatively limited in what they can do. Programs running in kernelspace, on the other hand, get direct access to the hardware under the operating system. Certain bugs in kernel programming are very, very bad news for everything running on the computer.

  CrowdStrike Falcon is endpoint monitoring software. In brief, “endpoint monitoring” is a service sold to enterprises which have tens or hundreds of thousands of devices (“endpoints”). Those devices are illegible to the organization that owns them due to sheer scale; no single person nor group of people understand what is happening on them. This means there are highly variable levels of how-totally-effed those devices might be at exactly this moment in time. The pitch for endpoint monitoring is that it gives your teams the ability to make those systems legible again while also benefitting from economies of scale, with you getting a continuously updated feed of threats to scan for from your provider.

• Cyble Inc ☛ Medusa Ransomware Group Commits OPSEC Failure

  The threat actors’ mistake was leaving behind a configuration file after dropping rclone.exe in the C:\Windows\AppCompat\ directory. This file contained the put.io token, which typically requires additional credentials for full access. Rclone which provides support for the integration with over 70 cloud providers, seeing increased usage among ransomware groups.

• Bruce Schneier ☛ Nearly 7% of Internet Traffic Is Malicious

  [...] It claims that 6.8% of Internet traffic is malicious. [...]

• Cloudflare ☛ Application Security report: 2024 update

  Throughout the report we discuss various insights. From a global standpoint, mitigated traffic across the whole network now averages 7%, and WAF and Bot mitigations are the source of over half of that. While DDoS attacks remain the number one attack vector used against web applications, targeted CVE attacks are also worth keeping an eye on, as we have seen exploits as fast as 22 minutes after a proof of concept was released.

  Focusing on bots, about a third of all traffic we observe is automated, and of that, the vast majority (93%) is not generated by bots in Cloudflare’s verified list and is potentially malicious.

• Computers Are Bad ☛ 2024-07-31 just disconnect the [Internet]

  The idea that computer systems just "shouldn't be connected to the [Internet]," for security or reliability purposes, is a really common one. It's got a lot of appeal to it! But there's not really that many environments where it's done. In this unusually applied and present-era article, I want to talk a little about the real considerations around "just not connecting it to the [Internet]," and why I wish people wouldn't bring it up if they aren't ready for some serious considerations.

• Tech Central (South Africa) ☛ The true cost of a data breach in South Africa

  In 2024, the 19th year of IBM’s annual report, South Africa was ranked the 14th most expensive country by cost of a data breach out of 16 countries studied. The US was the most expensive, with the average data breach costing US$9.36-million, or more than three times the cost in South Africa.

  Other countries/regions in the IBM study include: the Middle East, Benelux (Belgium, the Netherlands and Luxembourg), Canada, the UK, Japan, India and Brazil.

• The Register UK ☛ Delta Air Lines may sue CrowdStrike, Microsoft over outage

  CNBC broke the news yesterday that Delta had hired famed lawyer David Boies to look into what the airline could do to recoup as much as an estimated $500 million in operational losses due to the July 19 CrowdStrike outage. Millions of Windows machines around the world were knocked offline due to what we now know was a bad Channel File update, with Microsoft sharing some of the billions of dollars in blame for the incident with CrowdStrike.

  For those who don't recognize Boies's name, you'll likely be aware of his work – and so will Microsoft. Boies was appointed as special trial counsel for the Department of Justice's 1998 antitrust fight against the Windows maker, and has represented Microsoft opponents in other cases as well.

• The Stack ☛ DDoS attack triggered Azure outage, Microsoft's defences finished the job

  Now Microsoft has revealed the the incident's "trigger event" was a DDoS attack. Unfortunately, an implementation error with its defences then "amplified the impact of the attack rather than mitigating it."

  [...]

  The incident brought down Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, as well as the Azure portal itself and "a subset" of Microsoft 365 and Microsoft Purview services.

• CBS ☛ Microsoft experiencing outages for some 365 Office and cloud programs

  The Microsoft 365 outage comes less than two weeks after the service experienced a massive crash caused by a bug in a program update from cybersecurity company CrowdStrike. The glitch crippled computers across the globe, causing thousands of flights and train services to be canceled, while leading to disruptions in many other industries, such as health care and banking.

• Windows Central ☛ Microsoft 365 and Azure gets hit with a big new server outage, as Microsoft investigates (update)

  Now, services tied to Azure, including Microsoft 365, Xbox network, Outlook, OneDrive, and others have been experiencing issues, with Down Detector experiencing a spike in connection issue reports.

• Computer World ☛ Microsoft 365 suite suffers outage due to Azure networking issues

  Last year was also riddled with outages for Microsoft 365 users. Azure’s service page shows that the last incident reported in 2023 was in September, when the US East region faced issues.

• PC World ☛ The cause of Microsoft's global cloud services outage revealed

  According to initial reports, the outage mainly involved Microsoft 365 products, but eventually problems also surfaced with the Admin Center, Intune, Entra, and Power Platform services.

• The Register UK ☛ 'Error' in Microsoft's DDoS defenses amplified Azure outage

  A DDoS attack aims to overwhelm the resources of the targeted system. It usually involves multiple machines infected with malware flooding the victim with network traffic. Admins employ various methods to differentiate real requests from malicious traffic, but according to F5 Labs, there was still an explosive growth in DDoS attacks in 2023.

• Cyble Inc ☛ Ransomware Report 2024: $75 Million Paid By Single Company

  Ransomware payments have touched a new milestone — with many hacker groups claiming large sums of ransom payments that were never seen before. According to a recent ransomware report, a single company recently paid a ransom of $75 million, highlighting the dramatic rise in financial demands.

  This increase in ransom amounts reflects a broader trend of escalating financial demands. In 2023, total ransomware payments exceeded $1 billion, emphasizing the severe economic impact of these cyber threats.

  Ransomware attacks have become more frequent and severe, with the report indicating a 17.8% increase in blocked ransomware attempts and a 57.8% rise in attacks identified through data leak sites. The manufacturing, healthcare, and technology sectors have been particularly targeted, with the manufacturing industry bearing the brunt of these attacks.

• Cyble Inc ☛ Microsoft Cyberattack Causes Outage, Defensive Error Worsens Impact

  Days after Microsoft experienced a major global outage that disrupted its services, the company is grappling with another setback as a cyberattack has caused nearly ten hours of service disruption. The Microsoft cyberattack has disrupted several services, including the popular email platform Outlook and the widely played video game Minecraft, according to a company disclosure.

  Preliminary findings indicated that a Distributed Denial-of-Service (DDoS) attack had initially triggered the outage, but an error in Microsoft’s defensive measures exacerbated the situation. The cyberattack on Microsoft began on July 30, 2024, and led to widespread issues across various Microsoft services.

• Cyble Inc ☛ OneDrive Phishing Campaign Guides Users To Paste PowerShell Scripts

  A new phishing campaign targeting Microsoft OneDrive users has been observed, employing social engineering tactics to trick victims into executing malicious PowerShell scripts. The campaign exploits users’ urgency to access files and their trust in legitimate-seeming software interfaces.