fbpx
CrowdSrike updates

The Cyber Security Fallout of CrowdStrike Global IT Outage

Before I get into some of the cyber security fallout from the CrowdStrike global IT outage, you can read some of my thoughts on the incident here:

The Wednesday Bit on Monday – CrowdStrike Global IT Outage

In this article I look at just a couple of the cyber security implications of an IT issue on this scale and one that is widely reported in the non-technical media.

Threat Actors Strike

As with any high-profile incident, in which real people are suffering and there is uncertainty about what is happening, the threat actors took very little time to exploit it heartlessly. The BBC was already reporting on scams and phishing campaigns on the day after the news broke and computers started crashing (Tidy, 2024). The National Cyber Security Centre (NCSC) had already got its advice out there on Friday (NCSC, 2024).

This was followed up on Sunday by a report that data wiper and remote access malware had been detected in phishing emails pretending to be official sources of information and fixes for the CrowdStrike failed update (Ilascu, 2024).

There is only one source of information to fix this issue – CrowdStrike. If you need to, go there directly not via a link in an email. If you do not use CrowdStrike – which is probably the majority of my readers, this is your takeaway from this incident. Get your critical information, updates and fixes directly from the vendor, don’t follow “helpful” email links.

No Updates!

An extensively reported IT incident like this, hitting many ordinary people – chaos at airports and disruption in the NHS – has the effect that organisations may start to avoid updates and patches, not wanting to get caught up in some hypothetical future “global IT outage”. I am just going to quote the NCSC advice at this point:

“Installing security updates is still an essential security practice and organisations should continue to install them when they are available.” (NCSC, 2024)

You cannot stop applying updates and patches – this would just play into the threat actors’ hands.

CrowdStrike update incident

Have an incident response plan.

An incident response plan does not need to be complicated but it does need to address your mission-critical processes and have a pre-written selection of responses to stakeholders so everyone knows what is going on.

Next…

On one of the blogs I write there will be an article about “your inbox”!

Clive Catton MSc (Cyber Security) by-line and other articles

References

Tidy, J. (2024, July 20). Crowdstrike: Global cyber agencies warn about scammers. BBC News. https://www.bbc.co.uk/news/articles/cq5xy12pynyo

Ilascu, I. (2024, July 21). Fake CrowdStrike fixes target companies with malware, data wipers. BleepingComputer. https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/

NCSC. (2024, July 19). Statement on major IT outagehttps://www.ncsc.gov.uk/news/major-it-outage

Further Reading

For those of you who want more information here is an excellent article by Johannes Ullrich on SANS Internet Storm Diary:

CrowdStrike: The Monday After – SANS Internet Storm Center

…and if you get or your team get a phishing email?

Photo by Miguel Á. Padriñán