Windows TCO: Ransomware, Malware, and Complete Meltdown
-
NPR ☛ Delta canceled hundreds of flights Monday as it recovers from CrowdStrike failures
Delta Air Lines has canceled hundreds of flights for the third day in a row, as the airline is struggling to recover from Friday’s global software outage — even as other U.S. airlines are bouncing back and returning to normal operations.
-
Scoop News Group ☛ CrowdStrike outage briefly impacted national organ transplant matching system
The U.S. government continues to deal with the aftermath of the CrowdStrike IT failure Friday that created major issues for businesses around the world and impacted many federal institutions, ranging from the agency that handles critical immigration services to a network used to help facilitate organ transplants.
-
India Times ☛ US congressional panel calls on CrowdStrike CEO to testify on outage
The U.S. House Homeland Security Committee has requested CrowdStrike CEO George Kurtz to testify on the recent global tech outage caused by a glitchy update. The incident impacted millions of Windows devices and disrupted various industries. The committee aims to address the magnitude of the outage and discuss future prevention measures.
-
Security Week ☛ CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm's Role in Global Tech [sic] Outage
U.S. House leaders are calling on CrowdStrike CEO George Kurtz to testify to Congress about the cybersecurity company’s role in sparking the widespread tech [sic] outage that grounded flights, knocked banks and hospital systems offline and affected services around the world.
-
Cyble Inc ☛ Russia-Linked FrostyGoop Malware Poses Threat To ICS
Researchers from Dragos noted that the FrostyGoop malware had been written in Golang and compiled for Windows systems, and is able to read and write to ICS devices that often hold various registers containing crucial input, output, and configuration data with the use of the Modbus TCP protocol.
-
The Register UK ☛ FrostyGoop malware used to shut down heat in Ukraine attack
Dragos uncovered multiple FrostyGoop binaries in April. Its malware analysts noted that the attack code is written in Golang for Windows systems, and it communicates directly with industrial control systems using Modbus TCP over port 502.
-
The Record ☛ FrostyGoop malware left 600 Ukrainian households without heat this winter
“This led to a temporary shutdown of heating and hot water supply for more than 600 households in the city,” the agency’s spokesperson said. “The consequences of the cyberattack were quickly neutralized, and services were restored. The company continued to work as usual.”
-
Security Week ☛ FrostyGoop ICS Malware Left Ukrainian City's Residents Without Heating
Later that month, the [intruders] deployed a webshell, but then apparently took a break until November, when they obtained user credentials from the SAM registry hive. In December, they again attempted to obtain credentials, and on January 22, 2024, they initiated the disruptive attack.
-
Wired ☛ How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter
The malware, which Dragos is calling FrostyGoop, represents one of less than 10 specimens of code ever discovered in the wild that's designed to interact directly with industrial control-system software with the aim of having physical effects. It's also the first malware ever discovered that attempts to carry out those effects by sending commands via Modbus, a commonly used and relatively insecure protocol designed for communicating with industrial technology.
-
Buttondown ☛ My patented Miracle Tonic would have prevented the CrowdStrike meltdown
Last Friday CrowdStrike did something really bad and it destroyed every airport in the world. I didn't bother to learn anything else about it because I was too busy writing my 10k whitepaper about how all the problems were all caused by one simple mistake: not drinking my patented Miracle Tonic™®.
Developers who drink my Miracle Tonic write code 100% faster with 100% fewer bugs. This would have prevented the CrowdStrike outage, the 2016 DNC hack, Ariane 5, Therac-25, and that one moth caught in the Harvard Mark II. Developers are also happier at work, suffer no burnout, and keep all standups to exactly five minutes.
The Miracle Tonic is so effective that it should be immoral not to drink it. It's like if surgeons didn't wash their hands. If you write code for a living and you don't drink my Miracle Tonic, do us all a favor and never touch a computer again. You idiot. You absolute moron. I can't believe you call yourself a "professional".
-
Bitdefender ☛ DDoS-for-hire site DigitalStress taken down by police, suspected owner arrested
It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers.
Anyone visiting DigitalStress's website today will no longer be greeted with messages bragging about its ability to "stress-test networks for ease" for as little as $80 per month, while promising "no logs."
-
The Record ☛ Ransomware ecosystem fragmenting under law enforcement pressure and distrust
The economic chain of the RaaS ecosystem starts with initial access brokers buying and selling access to victims’ vulnerable computer networks. This access is then exploited by the “affiliates” of the RaaS program who use the ransomware gangs’ platforms to steal and encrypt files, as well as for the infrastructure for the extortion negotiations, in exchange for a commission on the final payment.
In recent months several of these platforms, including Hive, LockBit, and AlphV/BlackCat, have been hit by law enforcement operations. In the case of the AlphV group, the criminals attempted to return following the takedown only before “exit scamming” its affiliates and disappearing with a $22 million extortion payment.