Content update causes global IT outage, and other cybersecurity news to know this month
Over 8.5 million computers were affected on Friday 19 July. Image: Unsplash/Markus Spiske
- This monthly round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: Global IT outage; 10 billion passwords leaked in historic data breach; Paris Olympics – insurers fear AI disruptions; US increases cybersecurity spend.
- The World Economic Forum’s Centre for Cybersecurity drives global action to address cybersecurity challenges and improve digital trust.
1. Content update causes global IT outage
On Friday 19 July, over 8.5 million computers were hit in what is being described as one of the worst cyber-incidents in history.
Security company CrowdStrike issued a content update for Windows hosts that contained a 'defect'.
In a statement, the company said: "We understand the profound impact this has had on everyone. We know our customers, partners and their IT teams are working tirelessly and we’re profoundly grateful. We apologize for the disruption this has created. Our focus is clear: to restore every system as soon as possible."
The outage impacted a range of industries, with flights grounded, health services hit, and payment services unavailable.
2. RockYou2024: Historic leak exposes 10 billion passwords
Analysts have warned of "severe dangers to users prone to reusing passwords" after a hacker exposed nearly 10 billion passwords in potentially the largest leak of its kind.
An internet user posted the passwords in a file titled “RockYou2024” on a hacking forum on 4 July, according to Cybernews. The dataset includes 1.5 billion new plain text passwords added to a previous compilation from 2021, “RockYou2021”.
“Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts used by individuals who employ passwords included in the dataset,” Cybernews explained.
It advised those affected to immediately reset passwords, choose strong, unique passwords, enable multi-factor authentication, and use a password manager to securely generate and store passwords.
3. Paris 24: Insurers concerned over potential AI threats
Insurers are worried about potential disruptions to the Paris Olympics this summer from militant attacks or AI-generated fake images, according to Reuters, as they could lead to event cancellations and substantial claims.
The 2020 Tokyo Olympics’ postponement due to COVID-19 resulted in significant losses for insurers.
Heightened concerns stem from ongoing conflicts in Ukraine and Gaza and the politically charged climate, with numerous elections around the world this year, including in France this month.
German insurer Allianz, the official insurance partner for the Games, and Lloyd's of London are among those providing coverage. Allianz's head of the Olympic programme, Eike Buergel, expressed confidence in the security measures being implemented around the event.
"We are convinced that the IOC (International Olympic Committee), Paris 2024 and the national organizing committees, together with the French authorities, are taking the right measures when it comes to challenges on the ground."
4. News in brief: Top cybersecurity stories this month
A new report in the US has found an almost 60% increase in cybersecurity budgets in 2023, with data breaches and security incidents also showing a “significant rise”.
A group that launched a ransomware attack on Indonesian government data centres, disrupting more than 200 agencies and services, has apologized to citizens – saying its motives were to highlight the need for specialists in the industry.
UK businesses faced new cyberattacks every 44 seconds in the second quarter of 2024, new analysis has revealed.
Cyber insurance premiums are falling across the globe as businesses step up their security efforts, a new report says. This is despite a rise in ransomware attacks.
The EU has said it is taking restrictive measures against cybercriminals that use ransomware campaigns against essential services, such as health and banking – the first time it has done so. It has approved additional restrictive measures against six persons involved in cyberattacks.
The UK's health service remains vulnerable to cyberattacks despite $433m in cybersecurity investments, according to a leading cybersecurity expert. This warning follows a major ransomware incident in June that disrupted the NHS' London healthcare services, the BBC reports.
How is the Forum tackling global cybersecurity challenges?
5. More about cybersecurity on Agenda
Learn more about the cybersecurity risks facing major events like the Olympic Games, which has long been a target of cyber threats. The World Economic Forum's Spencer Feingold analyzes the different types of threats faced, and the impact of new technologies on their prevalence and prevention.
Cyberattacks in the financial sector threaten global stability, according to an IMF report highlighting the sector's unique exposure to cyber risks. Read more on how these incidents could disrupt financial institutions' operations and impact overall macro-financial stability.
Cybersecurity was a major topic at the Forum's Annual Meeting in Davos this year and in its Global Risks Report 2024, which cites malware, deepfakes and misinformation as some of the key risks contributing to global cyber insecurity. Here's what the delegates had to say.