CrowdStrike and Microsoft Outage: Next Steps
CrowdStrike and Microsoft: Hard at work
The vital role of Cloud 9 Advisers and Essential Discussion Points:
1. Understanding the Outage
It is important to note that the CrowdStrike/Microsoft outage was NOT a cyberattack. The incident began with a software update. As part of its ongoing threat protection, CrowdStrike regularly updates its sensor with the latest threat data. In this instance, the update violated a protected memory address within the Microsoft Windows environment, causing the operating system to encounter a critical error, resulting in the ubiquitous “blue screen of death” where an affected device is unable to recover on its own.
The workaround to the issue involved a very manual process, requiring users/admins to log in to each machine under “safe mode” and remove the registry key that contains the faulty code. This event shows just how connected technology products are within our ecosystem, and one failure can cause a cascade of devastating impact on an entire infrastructure.
While both CrowdStrike and Microsoft are working diligently to assist in recovery efforts, we all need to be aware of the potential for secondary attacks from cybercriminals based on information collected via a phishing attack.
Learning from the Incident: How to Outsmart the Bad Guys
Within hours of the incident on July 19, 2024 CrowdStrike warned of malicious activity trying to exploit the outage. One primary method that cybercriminals are using is to send phishing emails purportedly from CrowdStrike (or Microsoft) using “spoofed” addresses (i.e., somebody@crowdstrikeoutage.com) with malicious attachments or simply to gather information for a later compromise.
CrowdStrike and Microsoft are working around the clock to provide guidance as well as potential tools to assist with recovery. Some good, free advice: DO NOT OPEN any emails from unofficial addresses posing as CrowdStrike or Microsoft support and thoroughly questioning any potential phone calls you may get from CrowdStrike staff; they are likely impersonators.
Additionally, this unfortunate incident opens up the conversation for developing (or revisiting) a robust cybersecurity prevention and recovery plan. With access to a breadth of cybersecurity providers, solution architects, and managed services, Cloud 9 has the opportunity to help you with your entire strategy – from organization-wide cyber training, to IT outage response plans, to infrastructure automation for disaster recovery, to third-party risk management and consulting programs.
Or, if you’re a maverick and really want to stir the pot, we can even help you switch it all over to Google and Chromebooks!