Introduction
After my third trip to LAX in a single day to drop off a friend battling endless flight delays and cancellations due to the global Crowdstrike Incident, my mind began to wander. First, will my repeated treks through LAX’s notorious traffic to save my friend cab fare earn me some angelic wings in the afterlife? And second, how would the world respond to a genuine coordinated attack on our critical infrastructure? The latter question weighs heavily, especially after navigating the chaos sparked by a mere software outage.
On Friday, July 19, 2024, CrowdStrike pushed out a faulty update to their Falcon Endpoint Detection and Response (EDR) causing an estimate of 8.5 million devices to crash:
“July 20 (Reuters) – A global tech outage that was related to a software update by cybersecurity firm CrowdStrike (CRWD.O), opens new tab affected nearly 8.5 million Microsoft (MSFT.O).” (https://www.reuters.com/technology/microsoft-says-about-85-million-its-devices-affected-by-crowdstrike-related-2024-07-20/) Microsoft further amplifying this in a blog post on the same day that, affected Windows devices [equated to] less than one percent of all Windows machines. “A software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as healthcare or banking.”
Due to the massive scale of the outage, many of these affected industries are still not running at full capacity, causing a major strain in the global population’s day-to-day affairs. Some of the major concerns experienced by Redbot Security’s clients; and witnessed first-hand while senior testing consultants were onsite for penetration testing of Critical Services with Industrial Control Systems and SCADA environments, concluded that the media only mentioned the main industries, such as travel, shipping, and financial, but failed to mention or highlight any impact to power, water, electricity, waste treatment facilities, etc., which could have had incredibly alarming effects on the global population.
As of writing this blog post, the CEO of CrowdStrike released a statement addressing the incident and providing guidance on how to mitigate the corrupted update: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/. However, due to the scope of the damage, the need for manual intervention to correct these devices may be another factor in why the world will be feeling the sting from this event for days to come. Yes, you read that correctly, AI and automation did not save IT and security teams from a loss of sleep and exhaustion as they manually went machine-to-machine to issue repairs. These are our unsung heroes and heroines; for which, we salute you.
Interestingly enough, sighs of relief were expressed on the news and the tech blog-o-sphere because the outage wasn’t from the actions of malicious actors. I think this cautionary tale should illicit great concern for what our ever-growing technological futures look like when facing real and potentially damaging cyber threats.
Here at Redbot Security, we specialize in performing penetrations tests against Operational Technology (OT) Networks, targeting SCADA and Industrial Control System (ICS) environments. Our team has had remarkable success compromising these networks due to outdated software in use, lack of proper network segmentation between the IT network to the OT network, default admin credentials for SCADA devices, and lack of endpoint security solutions to detect and prevent malicious threats. Take into consideration, these have been assessments for organizations that have the time and resources to include third-party penetration tests in their security program. Globally, many ICS and SCADA environments do not have the budget or personnel to ensure a robust security posture to defend against Advance Persistent Threats (APTs), especially those funded by nation-state threat actors.
In March 2024, The U.S. Department of the Treasury sanctioned the Chinese company Wuhan Xiaoruizhi Science and Technology, and individuals Zhao Guangzong and Ni Gaobin, for cyberattacks targeting U.S. critical infrastructure. These actors were linked to the Chinese state-sponsored APT 31 hacking group.
https://home.treasury.gov/news/press-releases/jy2205
Even abroad we see similar attacks taking place. An article from UC Santa Cruz details malware attacks on Ukraine’s power grid, specifically Industroyer One and Two, which caused significant blackouts in 2016 and 2022. These attacks, attributed to Russian military intelligence, highlight the evolving threat of cyberattacks on physical infrastructure.
https://news.ucsc.edu/2024/05/ukraine-cybersecurity.html
It does not come as a surprise, that most successful attacks against Industrial Control Systems often originate from social engineering tactics, where attackers manipulate individuals to gain initial access. This could involve phishing emails, pretexting, or baiting to trick employees into revealing sensitive information or granting access to the network. Once the initial foothold is established, attackers can move laterally within the network, exploiting vulnerabilities and escalating privileges to reach and compromise critical systems. The human element remains a significant vulnerability, emphasizing the need for comprehensive security awareness training and robust phishing defenses in ICS environments.
As global conflicts intensify, the frequency and sophistication of cyberattacks against Industrial Control Systems are poised to rise. Critical infrastructure, such as power grids and water supplies, are increasingly at risk, exacerbated by the shortage of cybersecurity professionals and limited resources dedicated to defense. This alarming trend underscores the urgent need for robust cybersecurity measures and international cooperation to safeguard essential services from disruptive and potentially devastating cyber incidents. Proactive investment in cybersecurity talent and technology is crucial to counter these growing threats.
Protecting Industrial Control Systems (ICS) and SCADA systems from cyberattacks is critical for maintaining the integrity of essential services. Organizations can take the following steps to safeguard their critical assets, tailored to their budget and personnel capabilities:
For Organizations with Sufficient Budget and Personnel:
For Organizations with Limited Budget and Personnel:
While defending your network from cyber threats is more crucial than ever, having the right team to navigate through the myriads of roadblocks is the perfect start. At Redbot Security, we specialize in providing expert consultation and guidance on the best practices to secure your infrastructure. Our team of seasoned professionals can help identify vulnerabilities, fortify defenses, and ensure your systems are resilient against attacks. Do not wait for a breach to happen—contact us today for a comprehensive security consultation and request a quote for a penetration test to uncover and address potential weaknesses before they can be exploited. Your security is our priority.
As we reflect on the CrowdStrike incident, we can see it as a mild preview of potential cyber disasters. Flight delays and cancellations are inconvenient, but they pale in comparison to the havoc a cyberattack on critical infrastructure would wreak. People lose their collective minds every time popular social media platforms go down for an hour. Imagine a national blackout or a crippled water plant: transportation, healthcare, and communication systems would collapse, leading to chaos and life-threatening situations. The risk to public health and safety is immense. This underscores the urgent need for robust cybersecurity measures. Hopefully, my frustration from wasted trips to the airport is just fuel for awareness, because we still have time to act!
Keith’s 8-plus years as a security professional has bolstered his ability to effectively demonstrate risk to clients, covering a diverse range of assessment types. Learning new techniques and new technologies is a passion and Keith loves to share knowledge, helping to mentor new cybersecurity engineers.
Keith has worked as an expert Penetration Testing Engineer for CynergisTek, Inc. and Rapid 7. Keith Attended the University of California and takes pride in Mentoring junior Security Associates and Security Analyst team members, distributing knowledge to peers about newly created or discovered tools, techniques and procedures.
Book a discovery call or request a rapid quote for services, tailored to your priorities and budget.
From manual testing of IT Networks and Web / Mobile Applications to advanced Red Team operations, Cloud Security, and OT-network assessments, Redbot Security delivers laser-focused, senior-level expertise, without breaking the bank.
America’s critical infrastructure faces rising cyber threats while legacy OT systems and shrinking federal support leave operators exposed. This article explores how Redbot Security uses Purdue and NIST methodologies to deliver safe, manual, and holistic OT network testing that protects ICS environments from real-world disruption.
SOC 2 compliance is now essential for building trust with clients. This step-by-step guide explains the process and how consulting services accelerate success.
Dynamic Application Security Testing (DAST) goes beyond tools. Discover how Redbot Security combines automated scanning with expert penetration testing for proven results.
Zero Trust requires strict verification of people as well as technology. Allowing foreign or crowdsourced hackers into your environment opens the door to sanctions violations, insider threats, and export-control breaches. Learn why U.S. companies should restrict penetration testing to vetted U.S.-based experts.
U.S. critical infrastructure is facing unprecedented cyber risk. This article explores ICS/SCADA security, the Purdue Model, and safe OT penetration testing practices. Discover why layered testing is essential and how Redbot Security helps organizations strengthen defenses against ransomware, remote access threats, and operational disruption.
Prompt injection attacks are a rising AI security risk in 2025. Learn how attackers manipulate LLMs to exfiltrate data, bypass safeguards, and cause real damage, and how Redbot Security uses penetration testing, OWASP frameworks, and risk assessments to defend against this evolving threat..
Redbot Security explains how RAG (Retrieval-Augmented Generation) Testing protects AI systems from prompt injection, data poisoning, and hallucinations
APIs power today’s digital economy but are prime targets for attackers. Redbot Security delivers advanced API penetration testing and compliance-ready reports for PCI DSS, HIPAA, and ISO 27001.
Political shutdowns are dismantling U.S. cyber defenses at the very moment attackers are escalating. Redbot Security warns why proactive penetration testing is critical in 2025.
Red team testing, also called a red team test, simulates real-world cyberattacks to measure detection and response. Discover the process, benefits, common scenarios, and how to choose the right red team testing provider for your organization’s cybersecurity resilience.
Redbot Social