Cybersecurity company Hornetsecurity has warned of new skeleton key attacks, critical vulnerabilities and Crowdstrike incident fallout threatening Microsoft 365 (M365) environments.
In its monthly threat report, Hornetsecurity labs researchers said multiple threats continue to strike M365 environments, including Crowdstrike.
“The CrowdStrike incident continues to have fallout within the cybersecurity industry,” Hornetsecurity said. “Microsoft is moving forward with some changes and guidance on kernel access as a direct response.”
On 19 July a “botched” CrowdStrike update struck myriad networked Windows machines globally with ‘blue screen of death’ errors.
“The tech press has grabbed onto the mention of ‘only’ one percent of Windows machines being affected, according to Microsoft,” said Hornetsecurity.
“The machines that made up that one percent, it turns out though, are very important. As CrowdStrike is a software suiteaimed at the enterprise space, some pretty big names were heavily impacted.”
Many major organisations affected
Enterprises affected included Delta Airlines, American Airlines, Air-France-KLM, the UK’s Royal Surrey Hospital, the UK National Health Service, Allianz and NBC Universal.
Delta Airlines cancelled around 5000 flights as a result, according to Hornetsecurity.
Also, not all machines affected were Windows-based, the vendor added.
Since then, commentators have speculated about likely flawed updates from other vendors.
Additionally, a new AI jailbreak attack has been found in the wild. Known as a skeleton key attack, it can subvert protections.
This can let users generate content censored by an organisation, according to Hornetsecurity.
Meanwhile, a new critical vulnerability, now patched by Broadcom, in the VMware ESXi Hypervisor was found that bypasses authentication.
“We’ve identified over a year of reporting on these statistics that email-threat trends shift subtly unless there is a new emerging trend, vulnerability, attack type, or threat actor,” Hornetsecurity said.
Security awareness needed in M365 environments
The vendor has also noted that getting cyber insurance now means meeting stricter criteria. This may include mandatory security awareness training.
“Without it, your business could face gaps in your policy, leaving you exposed when an attack occurs,” Hornetsecurity’s Nikola Talevski said in a blog post.
“Unless you’re running a cash-only food business with no internet connection, you probably need cyber liability insurance. [This is] a safety net that guards against responsibility and financial loss if a cyberattack against you succeeds.”
Hornetsecurity offers MSP and enterprise cyberprotection targeting M365 environments. It also offers security awareness training for businesses.
