CrowdStrike and Microsoft

08/09/2024 2:22 PM By Chuck F

CrowdStrike and Microsoft Outage: Next Steps

Gone Phishing
The CrowdStrike and Microsoft Outage Aftermath: Next Steps by Jeff Hathcote, Solution Architect – Security

CrowdStrike and Microsoft: Hard at work

While unintentional in nature, the recent CrowdStrike outage caused disruptions that reverberated throughout the globe. While CrowdStrike and Microsoft are hard at work to rectify an estimated 8.5 million computers affected worldwide, guess who’s hard at play taking advantage of the situation? The bad guys and their phishing schemes. 

Now is the time to work with Cloud 9 to help you understand the implications of the outage, and the importance of prioritizing your resiliency plans. 

The vital role of Cloud 9 Advisers and Essential Discussion Points: 

In the aftermath of the CrowdStrike outage, Cloud 9 has a critical role to play as your trusted adviser. We can help with guidance on navigating this crisis in two ways: 1) Helping you comprehend the situation, and 2) Advising you on how to strengthen your defenses to avoid a similar disaster from impacting your organization (any sized company is vulnerable to modern cyber threats.)

1. Understanding the Outage

It is important to note that the CrowdStrike/Microsoft outage was NOT a cyberattack. The incident began with a software update. As part of its ongoing threat protection, CrowdStrike regularly updates its sensor with the latest threat data. In this instance, the update violated a protected memory address within the Microsoft Windows environment, causing the operating system to encounter a critical error, resulting in the ubiquitous “blue screen of death” where an affected device is unable to recover on its own. 


The workaround to the issue involved a very manual process, requiring users/admins to log in to each machine under “safe mode” and remove the registry key that contains the faulty code. This event shows just how connected technology products are within our ecosystem, and one failure can cause a cascade of devastating impact on an entire infrastructure. 


While both CrowdStrike and Microsoft are working diligently to assist in recovery efforts, we all need to be aware of the potential for secondary attacks from cybercriminals based on information collected via a phishing attack.

Learning from the Incident: How to Outsmart the Bad Guys 

Within hours of the incident on July 19, 2024 CrowdStrike warned of malicious activity trying to exploit the outage. One primary method that cybercriminals are using is to send phishing emails purportedly from CrowdStrike (or Microsoft) using “spoofed” addresses (i.e., somebody@crowdstrikeoutage.com) with malicious attachments or simply to gather information for a later compromise. 


CrowdStrike and Microsoft are working around the clock to provide guidance as well as potential tools to assist with recovery. Some good, free advice: DO NOT OPEN any emails from unofficial addresses posing as CrowdStrike or Microsoft support and thoroughly questioning any potential phone calls you may get from CrowdStrike staff; they are likely impersonators. 


Additionally, this unfortunate incident opens up the conversation for developing (or revisiting) a robust cybersecurity prevention and recovery plan. With access to a breadth of cybersecurity providers, solution architects, and managed services, Cloud 9 has the opportunity to help you with your entire strategy – from organization-wide cyber training, to IT outage response plans, to infrastructure automation for disaster recovery, to third-party risk management and consulting programs. 


Or, if you’re a maverick and really want to stir the pot, we can even help you switch it all over to Google and Chromebooks!

Final Thoughts 

“This high-impact event emphasizes the urgency to keep resiliency plans current, communicated, and understood within the organization to avoid the types of customer disruptions experienced since July 19. Like other industry disruptions this year, this event creates conversational opportunities about how to best prepare organizations for these inevitabilities.” – Koby Phillips, VP of Advanced Solutions

While the CrowdStrike outage presents significant challenges, Cloud 9 is ready, willing, and able to offer expert guidance. We can assist you in navigating this crisis and help you emerge stronger and more resilient. To that end I ask: Which components or upstream service providers in your environment are you dependent on? Are you considering additional resiliency around your mission critical vendors?