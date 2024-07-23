Cybersecurity

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Gartner IDs Recovery Steps for CrowdStrike ‘Screen of Death’ Disaster

CrowdStrike Windows Blue Screens at Denver International Airport
A global system outage on the morning of July 19, 2024, caused by a CrowdStrike Windows update, left gate screens blue and blank at airports worldwide. CrowdStrike clients experienced failures with Windows servers, virtual machines, and endpoint systems, resulting in "blue screens of death" and inoperable systems.

Since Friday, organizations have been struggling to get their operations up and running after a software update by security vendor CrowdStrike set off an epidemic of “blue screens of death” globally, commonly known as the screen of death for Windows users.

On Monday, global technology advisory firm Gartner released a research note outlining short-term, intermediate, and long-term measures CrowdStrike users can implement to deal with what’s become the update from hell.

One of the firm’s recommendations for immediate action is to make sure security teams are on the lookout for new threat intelligence related to opportunistic attacks. “In panic mode, people begin clutching at straws,” explained Sumed Barde, head of product at Simbian, an AI security company in Mountain View, Calif.

“They’re looking for any help they can get online,” he told TechNewsWorld. “So what we’re seeing is a bunch of fake websites popping up by scammers.”

Barde explained that one form of scam is a website that does nothing but demands upfront payments. Other websites offer free advice but contain malware.

Chris Morales, CISO at Netenrich, a security operations center services provider in San Jose, Calif., cited several kinds of opportunistic attacks organizations should be on high alert for during this initial period of the CrowdStrike outage. “Phishing campaigns are big,” he told TechNewsWorld. “Attackers love to take advantage of the confusion by sending emails that look like they’re from CrowdStrike or related companies.”

“Credential stuffing and brute-force attacks are common, too, as attackers try to exploit any temporary security gaps,” he added.

“And, of course, there’s always the risk of known vulnerabilities being targeted more aggressively during the chaos,” he said.

Potential for Ransomware Surge

The outage may also fuel another online scourge. “Ransomware attacks could surge as attackers leverage the weakened security postures of affected organizations,” said Tim Freestone, chief strategy and marketing officer of Kiteworks, a secure content communications provider in San Mateo, Calif.

“Data exfiltration attempts may increase, targeting the temporarily vulnerable systems,” he told TechNewsWorld. “The outage might also inspire DDoS attacks to further overwhelm already strained networks.”

Invitations for opportunistic exploits by hackers may also be created as security operations center teams implement ad hoc measures to get systems operational quickly.

“One of the biggest things for SOCs is going to be to ensure that any temporary systems, temporary permission elevations or other workarounds that have been put into place have been decommissioned,” observed Josh Thorngren, a security strategist at ForAllSecure, a software security testing company in Pittsburgh.

“When there’s activity on these devices or networks two weeks from now, that’s likely to be a problem,” he told TechNewsWorld.

Gartner also made some recommendations for midterm actions. “The focus for midterm actions is to assess the impact on secondary systems, look for exposed vulnerabilities, and ensure you have visibility into planned systemwide updates and releases in the coming week,” it explained.

Manage Fatigue and Burnout

Among the midterm actions suggested by Gartner was for organizations to review anomalies or unusual trends with the SOC teams to minimize the risks of an undetected opportunistic attack.

“SOC teams should be on the lookout for unusual amounts of data going into or being taken out of repositories, higher-than-usual access requests, users seemingly requesting access to files or drives they don’t usually want or need to access, and any changes in permissions or configurations that don’t fit into previous baselines or trends,” said Katie Teitler-Santullo, a cybersecurity strategist for OX Security, a developer of active application security posture management platforms, in Tel Aviv, Israel

“IT and security teams can also help their organizations by adding any known fake domains, like crowdstrikebluescreen[.]com or crowdstrike-helpdesk[.]com, to their blocklists to prevent users from inadvertently visiting those sites,” she told TechNewsWorld.

Another midterm action proposed by Gartner is actively managing employee burnout and fatigue. “This outage goes beyond security teams because it touches every single machine in a company,” noted Gartner Senior Director Analyst Jon Amato.

“That creates a laborious, time-consuming, tedious process,” he told TechNewsWorld. “The help desk staffs at most businesses right now are strained to the breaking point. I’m hearing about companies hiring armies of contractors coming to touch machines and working 24/7. The longer that goes on, the more likely you’re going to have fatigue set in. It’s a recipe for burnout.”

Morales explained that burnout and fatigue are huge issues during events like the CrowdStrike outage and are often overlooked. “Think about it,” he said. “Our security teams are suddenly dealing with a massive surge in workload. They’re trying to manage the incident response while keeping all the regular operations going. It’s like trying to put out a fire while still cooking dinner.”

“This kind of prolonged stress can lead to serious decision fatigue, where the quality of choices starts to nosedive,” he continued. “Tired employees might miss critical alerts or subtle signs of an attack.”

“And let’s face it,” he added, “we’re all humans — the chances of making a mistake skyrocket when you’re exhausted. One small error could lead to a misconfiguration or a delayed response, and suddenly, we’ve got a much bigger problem on our hands.”

Resiliency for the Long-Term

Gartner’s long-term actions aim to mitigate or reduce the risk of future events like the CrowdStrike event. “The CrowdStrike outage reinforces the need to focus on resilience,” Gartner noted, and recommended, “Use a top-down approach to connect the approach to overall strategic objectives.”

“For all the efforts to prevent such mistakes from happening again, we should anticipate that these cascading errors will increase in frequency and impact in the years to come as the world becomes even more interconnected and interdependent,” said Maurice Uenuma, vice president and general manager at the Blancco Technology Group, a global company that specializes in data erasure and mobile device diagnostics

“Because of this, we must focus on resilience — the ability to survive and recover when the inevitable crisis comes,” he told TechNewsWorld.

“Resilience is achieved by having separate, redundant ways to perform critical tasks, ensuring continuous backup of data, building alternate communication channels, and rehearsing for operating with diminished capabilities under adverse conditions,” he explained.

“If companies want to be more resilient, they must first have full oversight and awareness of their supply chain,” added Jenna Wells, chief customer and product officer at Supply Wisdom, a real-time risk intelligence platform in New York City.

“If you have full oversight and awareness of your supply chain, you are saving time and increasing your resilience by already knowing your points of failure,” she told TechNewsWorld. “You can then proactively put a business continuity plan in place for when events do happen.”

“Whether it be a cyber event — or, as in this case, a human error — you need to be able to react in any type of incident with the snap of a finger,” she said. “After all, it’s not if but when an event happens.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
view all
job candidate interview with human resources recruiter
Workers Using AI To Snag Pay Raises, Promotions: Survey
July 16, 2024
Meta AI
Meta Wants To Get Small With Its AI Language Models
July 10, 2024
electric cars charging
Charging Station Software Essential to Sustainable EV Growth
July 9, 2024
emerging technologies
AI, IoT, Quantum Security Among Top 10 Emerging Technologies: Forrester
June 26, 2024
Stacks of old computers in a landfill symbolizing the IT e-waste crisis.
Windows 10 End of Life Could Flood Landfills With E-Waste
June 18, 2024
woman with laptop reading news online
‘Pink Slime’ Sites Outnumber Daily Newspapers on the Web
June 12, 2024
Apple Intelligence
Apple Intelligence Headlines WWDC24 Kickoff Event
June 11, 2024
Intel CEO Pat Gelsinger kyenote at COmputex Taiwan
Intel Announces New Tech To Battle in AI Market
June 5, 2024
student and parent using computer
Balance, Not Mandates, Needed To Keep Kids Safe Online: Report
June 4, 2024
Acer Chromebook Plus Spin 714
Google Joins AI Laptop Party With Chromebook Plus
May 29, 2024
More in Cybersecurity
cybercrime hackers
Bring Your Own AI to Work Creates a Field Day for Cyberattackers
July 8, 2024
Bridgewater State University Cyber Range
Bridgewater State Cybersecurity Program Sets Bar for Applied Training
June 10, 2024
Paris 2024 Olympics flags
Gearing Up for the 2024 Olympics: Bring Your Cyber-Protection Game
June 3, 2024
A team of developers working on artificial intelligence projects
Website Impersonation Scams Surge, Solutions Fall Short: Study
May 21, 2024
information technology professional usinging artifical intelligence to monitor a computer network
Cat-Phishing, Living-Off-The-Land, Fake Invoices Top Q1 Cyberthreats: Report
May 16, 2024
Deepfake AI face swap
Addressing the Deepfake Risk to Biometric Security
May 7, 2024
weak password credentials on a sign in screen
Brute Force Password Cracking Takes Longer, But Celebration May Be Premature
April 24, 2024
passkey, passwordless security
Proton Adds Passkey Support to Password Manager, Knocks Big Tech
April 9, 2024
cybercrime hackers
Hacker Nation: The World’s Third-Largest Economy
April 8, 2024
hacked computer hardware
Ransomware Gangs Targeting Backups To Maximize Payoffs
April 2, 2024

How much has the July 18 global tech outage affected you?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

Apple Goes All-In on a Privacy-Based AI Experience

Audio/Video

Audio/Video

Compelling New Headphones From Heavys and Sonos

Chips

Chips

Intel Announces New Tech To Battle in AI Market

Computing

Computing

AI, IoT, Quantum Security Among Top 10 Emerging Technologies: Forrester

Cybersecurity

Cybersecurity

Bring Your Own AI to Work Creates a Field Day for Cyberattackers

Data Management

Data Management

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Developers

Developers

Post-Open Licensing Could Offer Software Devs Funding Alternatives

Emerging Tech

Emerging Tech

Charging Station Software Essential to Sustainable EV Growth

Exclusives

Exclusives

More Linux Malware Means More Linux Monitoring

Gaming

Gaming

Next-Generation Wi-Fi 7 Standard Expected To Be Finalized in Early 2024

Hacking

Hacking

Cat-Phishing, Living-Off-The-Land, Fake Invoices Top Q1 Cyberthreats: Report

Hardware

Hardware

The Copilot+ PCs Arrive: My Initial Impressions

Health

Health

SevaCare Blood Pressure Monitor Offers Affordable Home Health Assurance

Home Tech

Home Tech

For Infineon, AI Is the Key to IoT’s Potential

How To

How To

Upgrading to Ubuntu 24.04 LTS Noble Numbat: Step-by-Step Guide

Internet of Things

Internet of Things

Qualcomm Makes the Smart Home Work

IT Leadership

IT Leadership

Our Entire Approach to AI Is Flawed

Malware

Malware

Mobile Security Firms Fortify Defenses as App Attacks Accelerate

Mobile Apps

Mobile Apps

Balance, Not Mandates, Needed To Keep Kids Safe Online: Report

Operating Systems

Operating Systems

Windows 10 End of Life Could Flood Landfills With E-Waste

Privacy

Privacy

Mozilla Waves Red Flag Over Data Hungry Dating Apps

Reviews

Reviews

Beatbot AquaSense Pro: Just in Time for Summer, the Ultimate Robot Pool Cleaner

Science

Science

AI-Powered Software Offers Breakthrough for Treating Dyslexia

Search Tech

Search Tech

AI-Enhanced Searches May Pose Threat to Creators, Publishers

Servers

Servers

Disorganization, Not Cost, Fuels the IT E-Waste Crisis

Smartphones

Smartphones

Pundit Predicts Apple AI Will Be Bound to iPhone, Analysts React

Social Networking

Social Networking

Tech Coalition Launches Initiative To Crackdown on Nomadic Child Predators

Space

Space

Amazon’s Competitor to Musk’s Starlink Takes Critical Step Toward Deployment

Spotlight Features

Spotlight Features

How To Leverage Gen AI Without Losing the Corporate Shirt

Tablets

Tablets

Apple Muscles Up iPad Pro With M4 Silicon and Tandem OLED Display

Tech Buzz

Tech Buzz

How Apple Outperformed Google and Microsoft in AI Rollout

Tech Law

Tech Law

The Case Against Noncompete Agreements

Transportation

Transportation

New DOT Safety Rule Will Save Electric Car Drivers’ Lives

Virtual Reality

Virtual Reality

Vision Pro Revives One-and-Done App Purchases

Wearable Tech

Wearable Tech

Apple Vision Pro Impressions: One Week Later

Women In Tech

Women In Tech

‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry

More from ECT News Network

E-Commerce Times

Solving the Profitability Challenge in Cross-Border E-Commerce
Solving the Profitability Challenge in Cross-Border E-Commerce
July 17, 2024
Amazon Sellers Gain Insight From Free Prime Day Playbook
Amazon Sellers Gain Insight From Free Prime Day Playbook
June 21, 2024
Surge in Bad Bot Threats Forces Retailers To Bolster Cyber Defenses
Surge in Bad Bot Threats Forces Retailers To Bolster Cyber Defenses
June 19, 2024

LinuxInsider

Wolfi Linux Might Be the Next Cloud Security Savior
Wolfi Linux Might Be the Next Cloud Security Savior
July 18, 2024
Enhancing Web Performance With Nginx Load Balancing on Linux Systems
Enhancing Web Performance With Nginx Load Balancing on Linux Systems
July 9, 2024
Essential Tips for Reliable Linux Backups
Essential Tips for Reliable Linux Backups
June 25, 2024

CRM Buyer

Coveo Report Reveals AI Search Enriches Customer Engagement
Coveo Report Reveals AI Search Enriches Customer Engagement
July 23, 2024
Next-Gen Super Bots Built To Enhance Customer Communications
Next-Gen Super Bots Built To Enhance Customer Communications
July 15, 2024
Negative Online Experiences Drive Customers To Competitors: Study
Negative Online Experiences Drive Customers To Competitors: Study
June 25, 2024