{"id":12025,"date":"2024-07-22T12:16:34","date_gmt":"2024-07-22T10:16:34","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=12025"},"modified":"2024-11-21T13:47:04","modified_gmt":"2024-11-21T12:47:04","slug":"wake-up-call","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2024\/07\/22\/wake-up-call\/","title":{"rendered":"THREAT INTEL: A Wake-Up Call Long Overdue: The Cost of Ignoring Cybersecurity Failures."},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\"Image\t\t\t\t\t\t\t\t\t\t\t
Image_Technpreneur_Flickr<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t<\/a>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Helping keep European SMEs CYBERSafe!
\n<\/strong>Gibraltar: Monday 22 July 2024 at 12:50 CET<\/p>\n

THREAT INTEL: A Wake-Up Call Long Overdue: The Cost of Ignoring Cybersecurity Failures.<\/span><\/span><\/strong><\/p>\n

By Andy Jenkinson \u2013 Guest Contributor |\u00a0 Group CEO\u00a0Cybersec Innovation Partners<\/a>
\nvia CYBERInsights<\/a>
\nFirst for\u00a0SME Cybersecurity News<\/a>
\nGoogle Indexed on 220724 at 14:00 CET<\/a><\/p>\n

#CyberInsights #SMECybersecurityNews #Cybersecurity #WhitethornShield #InternetSecurity #DNS #PKI<\/em><\/p>\n

\n
\n
\n

A Wake-Up Call Long Overdue: The Cost of Ignoring Cybersecurity Failures.<\/strong><\/span><\/span><\/p>\n

Last Week’s global IT outages may not have been as a result of a cyberattack, but the fallout was just as catastrophic.<\/p>\n

George Kurtz<\/a>\u2019s<\/strong> apology for CrowdStrike<\/a>‘s<\/strong> flawed software updates, which crashed millions of Wintel Operating Systems, underscores a glaring oversight in our Quality Control and digital defenses.<\/p>\n

Whilst the incident may not have been a hack, it was, and is a colossal security failure and issue. It is one that echoes the infamous SolarWinds<\/strong><\/a> debacle of December 2020.<\/p>\n

The similarities do not end there.<\/p>\n

SolarWinds<\/strong><\/a>, whose subdomains and DNS<\/strong> servers were exploited provided complete access to SolarWinds<\/strong><\/a> infrastructure due to their insecurity resulting in the largest Cyberattack<\/strong> in history. Despite warnings and insights we shared with Tim Brown<\/strong><\/a> of SolarWinds<\/a><\/strong> and thereafter with George Kurtz<\/a><\/strong> of CrowdStrike<\/strong><\/a>, both companies exhibited a staggering lapse in addressing those vulnerabilities.<\/p>\n

On the 14 May 2021 SolarWinds<\/a><\/strong> addressed their DNS<\/strong>. It wasn\u2019t until nearly two years later on March 11, 2023, that CrowdStrike<\/a><\/strong> finally tackled their insecure DNS<\/strong> servers\u2014after multiple notifications from us about the exposure.<\/p>\n

These incidents reveal a systemic problem: arrogance in the industry, and software vendors\u2019 updates lack rigorous quality control. Clients naively assume updates are secure. It does not matter if it is an Orion<\/strong> or Falcon<\/strong>, or any other software for that matter.<\/p>\n

Software, like all digital packets, go from A to B and typically require servers to do so. If those servers are compromised, so can the update be.<\/p>\n

Both companies\u2019 servers remain on the DNS blacklist<\/strong>, indicating they\u2019ve been misused for malicious activities. We have continuously informed SolarWinds<\/strong><\/a> and CrowdStrike<\/a><\/strong>.<\/p>\n

 <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"crowds\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n
\n


\nThe rush to register domains like crowdstrike-bsod.com<\/strong><\/a> and crowdstrikefix.com<\/strong><\/a> during the outage signals the danger for exploitation by bad actors preying on user desperation and their intentions to exploit DNS<\/strong> to redirect users to malicious domains. There is no better way to do this by using compromised, Blacklisted DNS<\/strong> servers.<\/p>\n

Last Week’s events, along with the massive aftermath, must serve as a clarion call for world leaders, decision-makers, and citizens alike.<\/p>\n

The chaos and disruption from these preventable incidents could cost hundreds of billions of dollars, possibly more. It\u2019s time to demand higher standards in Cybersecurity<\/strong>, prioritize quality control in software updates, and hold companies accountable for their negligence.<\/p>\n

Last Week demonstrated that our Digital World literally hangs by a thread. Complacency should no longer be an option.<\/p>\n

Cybersec Innovation Partners<\/a>
\nGCHQ<\/a>
\nNational Cyber Security Centre<\/a>
\nFederal Bureau of Investigation (FBI)<\/a>
\nFBI Cyber Division<\/a>
\nCentral Intelligence Agency<\/a>
\nUnited States Department of Defense<\/a>
\nU.S. Department of Homeland Security<\/a>
\nABC News<\/a>
\nCNN<\/a>
\nCNBC<\/a>
\nFox News Media<\/a>
\nBBC News<\/a>
\nITV News<\/a>
\nInternetSecurity<\/a>
\nDNS<\/a> PKI<\/a><\/span><\/span><\/p>\n

 <\/p>\n<\/div>\n<\/div>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

About Andy Jenkinson<\/span><\/strong><\/p>\n

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.<\/span><\/strong><\/p>\n

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years\u2019 experience as a hands-on lateral thinking CEO, coach, and leader. A \u2018big deal\u2019 business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100\u2019s \u00a3 millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world\u2019s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLearn More \/...<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Image_Technpreneur_Flickr Learn More \/… Learn More \/…<\/p>\n","protected":false},"author":2,"featured_media":7773,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[440],"tags":[439],"ppma_author":[415],"class_list":["post-12025","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberthreat-intel","tag-cyberthreat-intel"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr.jpg",800,600,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr-150x150.jpg",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr-300x225.jpg",300,225,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr-768x576.jpg",640,480,true],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr.jpg",640,480,false],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr.jpg",800,600,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr.jpg",800,600,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr.jpg",800,600,false],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/05\/Image_Technpreneur_Flickr-540x340.jpg",540,340,true]},"author_info":{"display_name":"Cybersecurity Journalist - Iain Fraser","author_link":false},"category_info":"SME CYBER\/THREAT INTEL<\/a>","tag_info":"SME CYBER\/THREAT INTEL","comment_count":"0","authors":[{"term_id":415,"user_id":0,"is_guest":1,"slug":"cybersecurity-journalist-iain-fraser","display_name":"Cybersecurity Journalist - Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/12025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=12025"}],"version-history":[{"count":12,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/12025\/revisions"}],"predecessor-version":[{"id":12074,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/12025\/revisions\/12074"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/7773"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=12025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=12025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=12025"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=12025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}