After a security vendor’s software update, many organizations have struggled to restore their operations since Friday. CrowdStrike The “blue screen of death” (also known as the Windows screen of death) has caused a worldwide epidemic.
On Monday, global technology consulting firm Gartner Released a research note outlining the short-term (short-term), intermediate-term (intermediate-term), and long-term (long-term) measures that CrowdStrike users could implement to cope with what has now become “the update from hell”.
The firm recommends that security teams be on the alert for any new threat intelligence relating to opportunistic threats. “People start clutching at anything in panic mode,” said Sumed Barde. Head of product at SimbianMountain View, Calif., has an AI-based security company.
He told TechNewsWorld, “They are looking for any online help they can find.” “What we see is that scammers are creating fake websites.”
Barde said that a scam website is one that demands payments upfront. Other websites may offer free advice with malware.
Chris Morales at NetenrichA security operations center service provider in San Jose (California) cited a number of types of opportunistic threats that organizations should be alert to during the initial period of CrowdStrike’s outage. He told TechNewsWorld that phishing campaigns were a big deal. “Attackers take advantage of confusion by sending emails which look like they are from CrowdStrike and related companies.”
He said that attackers also try to exploit temporary security holes by using brute-force and credential stuffing attacks.
He said: “There’s also the danger that known vulnerabilities will be targeted more aggressively in the chaos.”
Ransomware: Potential Surge
Another online threat may be fueled by the outage. Tim Freestone is the chief strategy and marketing director of KiteworksSan Mateo, California, is a provider of secure content communications.
He told TechNewsWorld that “data exfiltration efforts may increase,” targeting temporarily vulnerable systems. “The outage may also inspire DDoS (Denial of Service) attacks that will further overwhelm already stretched networks.”
As security operations centers implement ad-hoc measures in order to get systems up and running quickly, they may create invitations for hackers to take advantage of opportunistic exploits.
Josh Thorngren’s, a security strategy at ForAllSecurePittsburgh-based software security testing agency.
He told TechNewsWorld that if there is activity on these networks or devices in two weeks, it will be a serious problem.
Gartner has also provided some recommendations on midterm actions. It explained that the focus of midterm action is to look at exposed vulnerabilities and assess the impact on the secondary systems.
Manage Fatigue and Burnout
Gartner suggested that organizations review anomalies and unusual trends with their SOC teams in order to reduce the risk of undetected opportunistic attacks.
SOC teams need to be alert to unusual data transfers or removals from repositories. They should also look out for users who request access to drives or files they do not normally want to or need access to, as well as any changes to permissions and configurations. OX SecurityTel Aviv is home to a developer in Israel of Active Application Security posture Management platforms
“IT and security teams can also help their organizations by adding any known fake domains, like crowdstrikebluescreen[.]Com or crowdstrike helpdesk[.]Com, to their blocking lists to prevent users accidentally visiting these sites,” she said to TechNewsWorld.
Gartner also suggests actively managing employee burnout. This outage is not just a security issue, it affects every machine in the company.
He told TechNewsWorld that this is a time-consuming and tedious process. “The staff of most businesses are stressed to the limit right now. I hear about companies that hire armies of contractors to work 24/7 and touch machines. You’re more likely to get fatigued the longer you continue. Burnout is a sure thing.”
Morales said that burnout, fatigue, and other issues are frequently overlooked during events such as CrowdStrike’s outage. He said, “Think about that.” “Our security team is suddenly facing a huge surge in workload. They are trying to keep up with all of the normal operations while managing the incident response. “It’s like trying put out a blaze while cooking dinner.”
“This type prolonged stress can lead serious decision fatigue. The quality of the choices begins to drop,” he said. “Weary employees may miss important alerts or subtle signals of an attack.”
“And let’s face it,” he added, “we’re all humans — the chances of making a mistake skyrocket when you’re exhausted. “And let’s face it,” he added, “we’re all humans — the chances of making a mistake skyrocket when you’re exhausted.”
Resilience for the Long Term
Gartner has developed a series of long-term measures to reduce or mitigate the risk that future events will be similar to the CrowdStrike incident. Gartner said that the CrowdStrike event reinforced the need for a focus on resilience. They recommended using a top-down strategy to connect this approach to the overall strategic goals.
Maurice Uenuma is the vice president and general manger at the Blancco Technology Group, a company that is specialized in mobile device diagnostics and data erasure.
“Because of this, we must focus on resilience — the ability to survive and recover when the inevitable crisis comes,” he told TechNewsWorld.
He said that resilience is achieved when you have redundant, separate ways of performing critical tasks. You also need to ensure continuous data backup, build alternate communication channels, practice operating under adverse conditions, and prepare for it.
Jenna Wells said, Chief Customer and Product Officer at Supply WisdomNew York City’s, a platform for real-time intelligence on risk.
She told TechNewsWorld: “If you have a full understanding of your supply chains, you will save time by knowing the points of failure and you’ll be more resilient.” “You can put proactive plans in place to ensure business continuity when an event occurs.”
“Whether it be a cyber event — or, as in this case, a human error — you need to be able to react in any type of incident with the snap of a finger,” she said. “Afterall, it’s never a question of if an event will happen but when.”