Story of the Year: global IT outages and supply chain attacks

Story of the Year: global IT outages and supply chain attacks

A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale security crises being one of the most relevant threats worldwide, it’s more important than ever to reflect on past events, assess emerging threats, and, most crucially, explore strategies to prevent future incidents.


As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them.


Let’s dive in!


Overview of 2024’s supply chain disruptions


CrowdStrike Linux outage


What happened? Just weeks before the Windows incident, CrowdStrike encountered issues with Linux. A software update in April caused problems in a number of distributions, such as Red Hat, Debian and Rocky.


Why does it matter? Linux is the operating system used by many key infrastructure and security facilities. A previous faulty update had already suggested broader problems with CrowdStrike’s security software at the time, though the problem didn’t receive that much publicity.


XZ backdoor to bypass SSH authentication


What happened? In March, the Opensource Software Security project by Openwall (oss-security) reported a backdoor in XZ, a compression utility and popular code library widely used in Linux distributions. Unlike past supply chain attacks on Node.js, PyPI, FDroid and the Linux kernel ..

Support the originator by clicking the read the rest link below.