Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

Gartner Details Recovery Steps for CrowdStrike’s ‘Screen of Death

Since Friday, organizations have been struggling to get their operations up and running after a software update by security vendor CrowdStrike set off an epidemic of “blue screens of death” globally, commonly known as the screen of death for Windows users.

On Monday, global technology advisory firm Gartner released a research note outlining short-term, intermediate, and long-term measures CrowdStrike users can implement to deal with what’s become the update from hell.

One of the firm’s recommendations for immediate action is to make sure security teams are on the lookout for new threat intelligence related to opportunistic attacks. “In panic mode, people begin clutching at straws,” explained Sumed Barde, head of product at Simbian, an AI security company in Mountain View, Calif.

“They’re looking for any help they can get online,” he told TechNewsWorld. “So what we’re seeing is a bunch of fake websites popping up by scammers.”

Barde explained that one form of scam is a website that does nothing but demands upfront payments. Other websites offer free advice but contain malware.

Chris Morales, CISO at Netenrich, a security operations center services provider in San Jose, Calif., cited several kinds of opportunistic attacks organizations should be on high alert for during this initial period of the CrowdStrike outage. “Phishing campaigns are big,” he told TechNewsWorld. “Attackers love to take advantage of the confusion by sending emails that look like they’re from CrowdStrike or related companies.”

“Credential stuffing and brute-force attacks are common, too, as attackers try to exploit any temporary security gaps,” he added.

“And, of course, there’s always the risk of known vulnerabilities being targeted more aggressively during the chaos,” he said.

The outage may also fuel another online scourge. “Ransomware attacks could surge as attackers leverage the weakened security postures of affected organizations,” said Tim Freestone, chief strategy and marketing officer of Kiteworks, a secure content communications provider in San Mateo, Calif.

“Data exfiltration attempts may increase, targeting the temporarily vulnerable systems,” he told TechNewsWorld. “The outage might also inspire DDoS attacks to further overwhelm already strained networks.”

Invitations for opportunistic exploits by hackers may also be created as security operations center teams implement ad hoc measures to get systems operational quickly.

“One of the biggest things for SOCs is going to be to ensure that any temporary systems, temporary permission elevations or other workarounds that have been put into place have been decommissioned,” observed Josh Thorngren, a security strategist at ForAllSecure, a software security testing company in Pittsburgh.

“When there’s activity on these devices or networks two weeks from now, that’s likely to be a problem,” he told TechNewsWorld.

Gartner also made some recommendations for midterm actions. “The focus for midterm actions is to assess the impact on secondary systems, look for exposed vulnerabilities, and ensure you have visibility into planned systemwide updates and releases in the coming week,” it explained.

Among the midterm actions suggested by Gartner was for organizations to review anomalies or unusual trends with the SOC teams to minimize the risks of an undetected opportunistic attack.

“SOC teams should be on the lookout for unusual amounts of data going into or being taken out of repositories, higher-than-usual access requests, users seemingly requesting access to files or drives they don’t usually want or need to access, and any changes in permissions or configurations that fit into previous baselines or trends,” said Katie Teitler-Santullo, a cybersecurity strategist for OX Security, a developer of active application security posture management platforms, in Tel Aviv, Israel.

“IT and security teams can also help their organizations by adding any known fake domains, like crowdstrikebluescreen[.]com or crowdstrike-helpdesk[.]com, to their blocklists to prevent users from inadvertently visiting those sites,” she told TechNewsWorld.

Another midterm action proposed by Gartner is actively managing employee burnout and fatigue. “This outage goes beyond security teams because it touches every single machine in a company,” noted Gartner Senior Director Analyst Jon Amato.

“That creates a laborious, time-consuming, tedious process,” he told TechNewsWorld. “The help desk staffs at most businesses right now are strained to the breaking point. I’m hearing about companies hiring armies of contractors coming to touch machines and working 24/7. The longer that goes on, the more likely you’re going to have fatigue set in. It’s a recipe for burnout.”

Morales explained that burnout and fatigue are huge issues during events like the CrowdStrike outage and are often overlooked. “Think about it,” he said. “Our security teams are suddenly dealing with a massive surge in workload. They’re trying to manage the incident response while keeping all the regular operations going. It’s like trying to put out a fire while still cooking dinner.”

“This kind of prolonged stress can lead to serious decision fatigue, where the quality of choices starts to nosedive,” he continued. “Tired employees might miss critical alerts or subtle signs of an attack.”

“And let’s face it,” he added, “we’re all humans — the chances of making a mistake skyrocket when you’re exhausted. One small error could lead to a misconfiguration or a delayed response, and suddenly, we’ve got a much bigger problem on our hands.”

Gartner’s long-term actions aim to mitigate or reduce the risk of future events like the CrowdStrike event. “The CrowdStrike outage reinforces the need to focus on resilience,” Gartner noted, and recommended, “Use a top-down approach to connect the approach to overall strategic objectives.”

“For all the efforts to prevent such mistakes from happening again, we should anticipate that these cascading errors will increase in frequency and impact in the years to come as the world becomes even more interconnected and interdependent,” said Maurice Uenuma, vice president and general manager at the Blancco Technology Group, a global company that specializes in data erasure and mobile device diagnostics.

“Because of this, we must focus on resilience — the ability to survive and recover when the inevitable crisis comes,” he told TechNewsWorld.

“Resilience is achieved by having separate, redundant ways to perform critical tasks, ensuring continuous backup of data, building alternate communication channels, and rehearsing for operating with diminished capabilities under adverse conditions,” he explained.

“If companies want to be more resilient, they must first have full oversight and awareness of their supply chain,” added Jenna Wells, chief customer and product officer at Supply Wisdom, a real-time risk intelligence platform in New York City.

“If you have full oversight and awareness of your supply chain, you are saving time and increasing your resilience by already knowing your points of failure,” she told TechNewsWorld. “You can then proactively put a business continuity plan in place for when events do happen.”

“Whether it be a cyber event — or, as in this case, a human error — you need to be able to react in any type of incident with the snap of a finger,” she said. “After all, it’s not if but when an event happens.”


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x