Gartner has released a research note outlining short-term, intermediate, and long-term measures CrowdStrike users can implement to deal with what’s become the update from hell.
Since Friday, organizations have been struggling to get their operations up and running after a software update by security vendor CrowdStrike set off an epidemic of “blue screens of death” globally, commonly known as the screen of death for Windows users.
On Monday, global technology advisory firm Gartner released a research note outlining short-term, intermediate, and long-term measures CrowdStrike users can implement to deal with what’s become the update from hell.
One of the firm’s recommendations for immediate action is to make sure security teams are on the lookout for new threat intelligence related to opportunistic attacks. “In panic mode, people begin clutching at straws,” explained Sumed Barde, head of product at Simbian, an AI security company in Mountain View, Calif.
“They’re looking for any help they can get online,” he told TechNewsWorld. “So what we’re seeing is a bunch of fake websites popping up by scammers.”
Barde explained that one form of scam is a website that does nothing but demands upfront payments. Other websites offer free advice but contain malware.
Chris Morales, CISO at Netenrich, a security operations center services provider in San Jose, Calif., cited several kinds of opportunistic attacks organizations should be on high alert for during this initial period of the CrowdStrike outage. “Phishing campaigns are big,” he told TechNewsWorld. “Attackers love to take advantage of the confusion by sending emails that look like they’re from CrowdStrike or related companies.”
“Credential stuffing and brute-force attacks are common, too, as attackers try to exploit any temporary security gaps,” he added.
“And, of course, there’s always the risk of known vulnerabilities being targeted more aggressively during the chaos,” he said.Potential for Ransomware Surge
The outage may also fuel another online scourge. “Ransomware attacks could surge as attackers leverage the weakened security postures of affected organizations,” said Tim Freestone, chief strategy and marketing officer of Kiteworks, a secure content communications provider in San Mateo, Calif.
“Data exfiltration attempts may increase, targeting the temporarily vulnerable systems,” he told TechNewsWorld. “The outage might also inspire DDoS attacks to further overwhelm already strained networks.”
Invitations for opportunistic exploits by hackers may also be created as security operations center teams implement ad hoc measures to get systems operational quickly.
