CrowdStrike IT outage report released, and other cybersecurity news to know this month

Following July's global IT outage, which affected millions of Windows users, CrowdStrike has released a root cause analysis of the "Channel File 291" incident, explaining the software update crash.

Summarizing this update to a preliminary post-incident report, Security Week said: "The new CrowdStrike root cause analysis documents a combination of factors that caused the Falcon EDR sensor crash – a mismatch between inputs validated by a Content Validator and those provided to a Content Interpreter, an out-of-bounds read issue in the Content Interpreter, and the absence of a specific test – and a vow to work with Microsoft on secure and reliable access to the Windows kernel."

The analysis comes as the cybersecurity firm faces legal challenges, including action from its shareholders, WIRED reported.

Aviation was impacted heavily by the event and, on 29 July, CNBC reported that Delta Air Lines had announced its intent to pursue CrowdStrike and Microsoft for damages over a "$500 million loss".

Both companies have strongly defended their positions, with Microsoft highlighting the airline's own systems as a possible reason for its slow recovery from the outage, according to Computer Weekly.

In the analysis document, CrowdStrike confirmed its commitment "to working directly with Microsoft on an ongoing basis as Windows continues to add more support for security product needs in userspace”.

Hundreds of digital systems controlling US infrastructure are vulnerable to cyberattacks, according to research by cybersecurity firm Censys, shared with Bloomberg News.

Over 430 industrial software controls were found to be accessible online, with more than half lacking authentication protections. Lead researcher Emily Austin stated, "There’s no password. They are quite literally sitting on the public internet for anybody who happens to find them to come and manipulate them as they will."

These 'human machine interfaces' control systems like dams, water pumps and oil wells, and hackers could disrupt supply or production by exploiting these vulnerabilities, warns Censys CEO Brad Brooks.

There’s no evidence of widespread hijacking, but "hackers have manipulated them", Bloomberg reports.

The US Environmental Protection Agency has contacted operators of vulnerable water systems to improve cybersecurity practices after Censys identified around 18,000 exposed systems across the US.

The UK's cybersecurity industry remains male-dominated, with women comprising just 17.9% of the sector in May 2024, according to LinkedIn's Economic Graph team.

Enterprises are grappling with cybersecurity 'tool sprawl', managing ever-increasing numbers of products to protect their infrastructure, according to a new report from SiliconANGLE. This complex landscape is expected to grow, it says, citing a 2024 survey which found that 51% of respondents planned to increase their security providers over the next year.

The US, UK and South Korea have warned in a joint advisory of a global cyber espionage campaign by North Korean hackers to steal military secrets for Pyongyang's banned nuclear weapons programme, Reuters reports.

Eurozone banks have "room for improvement" in their cybersecurity, particularly in post-hack recovery plans, according to the European Central Bank (ECB). Following its first cyber-risk stress test in July, the ECB reviewed 109 banks' responses to cyberattacks and issued recommendations for improving emergency procedures and recovery.

A "global stop-payment mechanism" developed by INTERPOL has facilitated the largest-ever recovery of funds from a business email compromise scam, with $41 million reclaimed for a Singapore-based commodity firm, according to The Hacker News.

Cybersecurity risk presents opportunities for SMEs if they approach it as a strategic business issue rather than merely a technical one, making informed decisions accordingly, explains Akhilesh Tuteja, Global Cyber Security Leader, KPMG.

The proposed Spacecraft Cybersecurity Act aims to enhance NASA's mission protection by integrating cybersecurity from the design phase, addressing gaps in current protections that only cover operational spacecraft. Learn more about how the US could set a global benchmark for space mission security.