And I want to clear my security story backlog here with some good ones.
Delta Air Lines has received the green light from a federal judge to proceed with its lawsuit against cybersecurity firm CrowdStrike, following a significant outage last summer that resulted in the cancellation of 7,000 flights. The outage, described as the largest IT failure in history, was attributed to a faulty software update, costing U.S. Fortune 500 companies an estimated $5.4 billion, with Delta facing $550 million in lost revenue and additional costs. Judge Kelly Lee Ellerbe of the Fulton County Superior Court noted that CrowdStrike’s president admitted the company made a “horribly wrong” mistake, which is a critical point in Delta’s case claiming gross negligence. Furthermore, CrowdStrike contends that Delta’s own operational issues contributed to the severity of the disruptions.
Over 394,000 Windows devices have been infected with Lumma Stealer malware, prompting a significant response from Microsoft and Europol. In a collaborative operation, the two organizations have successfully disrupted the malware’s communication channels and seized more than 1,300 related domains, which will now redirect to research-focused sinkholes. Lumma Stealer has been marketed as a Malware as a Service, allowing cybercriminals to customize and distribute the tool easily. The malware has been linked to various cybercriminal activities, including the harvesting of sensitive information such as passwords and credit card details. According to Europol, the main developer of Lumma operates from Russia and claims to serve around 400 active clients.
The Federal Bureau of Investigation has issued a warning about a malicious campaign in which hackers use artificial intelligence-generated voice clones to impersonate senior U.S. government officials. This campaign has reportedly been ongoing since April and aims to access personal accounts by leveraging these convincing voice simulations. In recent years, high-profile incidents have highlighted the dangers of AI-generated attacks, such as a $25 million fraud case involving a British engineering firm that was targeted through a false video call. The FBI describes these tactics as “smishing” and “vishing,” which blend social engineering with advanced technology, making it increasingly difficult for victims to discern real communications from fraudulent ones. According to recent research, nearly 70% of businesses are developing response plans for deepfake threats as the trend continues to rise, indicating a growing awareness and proactive stance against these sophisticated scams.
North Korean hackers have successfully stolen approximately $88 million by creating fake identities to secure remote IT jobs at U.S. companies and non-profits over a span of six years. The U.S. Department of Justice indicted fourteen North Korean nationals in December 2024 for their involvement in this elaborate scheme. According to an investigation by the security firm Flashpoint, the hackers utilized fake companies and identities to craft convincing resumes and references. Their tactics included using remote desktop software, which allowed them direct access to sensitive U.S. company networks. The investigation revealed that the hackers communicated extensively in both English and Korean, using methods to avoid detection while expressing frustration over poor remote worker performance.
Why do we care?
Cybersecurity is about resilience, responsibility, and response. Each incident reveals a failure or risk vector that matters to IT service providers and the customers they support.
Crowdstrike’s failure is one of the manufacturer having accountability. Producing cybersecurity software, yet having no liability in how effective it is, is insane. Cybersecurity companies make money if their stuff works or not. There have to be minimum requirements for effectiveness, and hiding behind risk management doesn’t cut it. I’m uncomfortable rooting for Delta, but here I am.
I’m also highlighting the risks of AI voice generation now. Clients increasingly rely on trust-based systems (like email or voice approvals). As AI removes the friction in faking authority, every customer becomes vulnerable to engineered fraud. While there is a risk of overreacting – you can’t assume every call is a fake – the goal should be systematic validation.
The connecting thread here is failure at the seams between trust and verification — between internal systems and third-party platforms, between legitimate access and malicious use, between voice and identity. IT service providers must rebuild their value narrative around trust governance — not just managing tech, but securing relationships.