It probably hasn’t been too long ago that you saw a headline about a major company that has experienced an impactful cybersecurity incident. One of the most recent headlines has been the crowdstrike outage. A report from Guy Carpenter unveiled that insured losses could accumulate to as much as $1 billion not considering the losses incurred by uninsured companies. News like these mostly cover the impact these events have on the business rather than explaining the root cause. We took a look at some of the most recent incidents and analyzed how simple cyber security measures such as penetration testing could have prevented the cause of the problem.

1. CrowdStrike Global IT Outage (July 2024)

Impact: A CrowdStrike software update caused a global IT outage, affecting over 8.5 million devices, with significant disruptions in multiple sectors, including aviation and corporate operations. The financial losses for top US companies were estimated at $5.4 billion.

Root Cause: The root cause was a faulty software update that caused widespread system crashes.

Pen-testing Prevention: Rigorous pentesting, particularly focusing on update deployment processes and rollback procedures, could have identified potential issues with the update before it was released. Additionally, testing the resilience of systems under unexpected failures would have helped mitigate the impact of such a widespread outage.

2. Microsoft Azure Data Breach (February 2024)

Impact: A zero-day vulnerability in Microsoft Exchange servers was exploited, leading to a breach affecting hundreds of executive Azure accounts. The attackers accessed sensitive information and misused NTLM hashes to impersonate legitimate users.

Root Cause: The exploitation of a zero-day vulnerability (CVE-2024-21410) and inadequate protection against such attacks.

Pen-testing Prevention: Pentesting could have uncovered vulnerabilities in the Exchange servers and provided insights into potential zero-day attack vectors. Regular pentests, especially in high-risk areas like cloud services, could have highlighted weak points that needed more robust security measures.

3. MITRE R&D Network Breach (April 2024)

Impact: State-sponsored hackers exploited zero-day vulnerabilities in Ivanti VPN software to infiltrate MITRE’s NERVE network, which is used for critical R&D projects for the US government. The attackers deployed sophisticated malware and compromised administrator credentials.

Root Cause: Exploitation of vulnerabilities in third-party software (Ivanti VPN) and compromised administrator credentials.

Pen-testing Prevention: Pentesting focusing on third-party software and supply chain vulnerabilities could have identified the weak points in the VPN software. Additionally, pentesting the network’s defense against advanced persistent threats (APTs) could have revealed gaps in the security measures and led to better protection strategies.

4. Trello Data Leak (January 2024)

Impact: A public API was exploited to leak 15 million Trello accounts. The breach exposed user emails, usernames, and other account information, leading to potential phishing and other malicious activities.

Root Cause: The exploitation of a public API without sufficient authentication measures.

Pen-testing Prevention: API-focused pentesting could have identified the lack of authentication and other security weaknesses. By simulating attacks on the API, pentesters could have recommended stronger security measures, such as mandatory authentication for accessing sensitive endpoints.

5. VARTA Cyber Attack (February 2024)

Impact: A cyber attack on the German battery manufacturer VARTA caused the shutdown of five production plants, disrupting supply chains and potentially leading to significant financial losses.

Root Cause: The attack involved breaking through VARTA’s IT systems despite high-security standards, likely through a sophisticated attack that overwhelmed existing defenses.

Pen-testing Prevention: Comprehensive pentesting, including stress-testing the resilience of the network and systems under sustained attacks, could have identified potential vulnerabilities that were exploited. Additionally, simulating various attack vectors could have helped VARTA’s IT team to prepare and reinforce their defenses.

I hope we could give you some insights into the topic and maybe you just found a new way to secure your business digitals assets:)

Be sure to follow us on LinkedIn to not miss out on future posts✌️