Blog

Crowdstrik Latest News

Update 21 July 2024

CrowdStrike has released further technical advice to support customers who may be experiencing remediation difficulties due to Bitlocker implementations. 

Affected customers should review CrowdStrike’s Bitlocker guidance available at Falcon Content Update Remediation and Guidance Hub.

Global IT outages latest: Security firm Crowdstrike rules out cyber attack as world copes with tech ‘disaster’

Microsoft blamed a third party for the disruption and said it was working to restore services – after airports around the world were affected. GP surgeries across England are also impacted, the NHS has confirmed.

Source: https://news.sky.com/story/outages-latest-airports-business-and-broadcasters-experiencing-issues-worldwide-13180821

Microsoft Windows computers glitching across the world with BSOD, CrowdStrike issue likely reason

A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users worldwide. This update is leading to blue screen of death (BSOD) loops and making systems inoperable.

The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation.

CrowdStrike has acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are working to resolve the issue.

The company advises affected users not to open individual support tickets now. This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected.

IT departments are scrambling to mitigate the damage, with some resorting to removing CrowdStrike-related files from affected systems to restore functionality.

This incident highlights the potential risks associated with automatic updates for security software, especially in enterprise environments. Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future.

Risk management

Risk management in the context of Information Security Management Systems (ISMS) is a fundamental process aimed at identifying, assessing, and mitigating risks that could impact the confidentiality, integrity, and availability of an organization’s information assets. Here’s how risk management is typically carried out as per ISMS:

  1. Establishing the Context:
    • Define the scope of your ISMS, including the assets to be protected and the boundaries of your system.
    • Identify relevant legal, regulatory, and contractual requirements that impact your organization’s information security.
  2. Risk Identification:
    • Identify potential threats, vulnerabilities, and risks to your information assets. This can involve various methods such as risk assessments, vulnerability assessments, and penetration testing.
    • Categorize information assets based on their criticality and sensitivity.
  3. Risk Assessment:
    • Assess the likelihood and impact of each identified risk. This assessment helps in determining the level of risk associated with each threat.
    • Assign a risk rating to each risk based on the likelihood and impact assessments.
  4. Risk Evaluation:
    • Evaluate the identified risks in the context of your organization. Consider risk tolerance, compliance requirements, and other relevant factors.
    • Prioritize risks based on their potential impact on your organization’s objectives.
  5. Risk Treatment:
    • Develop a risk treatment plan that outlines how each risk will be managed. This can include strategies like risk avoidance, risk mitigation, risk transfer, or acceptance.
    • Define security controls and measures to address and reduce the identified risks.
  6. Monitoring and Review:
    • Continuously monitor and review the effectiveness of the implemented risk treatment measures.
    • Update the risk management process as necessary to address new threats or changes in the organization’s environment.
  7. Documentation:
    • Maintain thorough records of the risk management process, including risk assessments, treatment plans, and monitoring activities.
  8. Communication and Training:
    • Ensure that all relevant stakeholders are aware of the identified risks, treatment plans, and security measures.
    • Provide training to employees to ensure they understand their roles in risk management.
  9. Integration with ISMS:
    • Integrate risk management activities seamlessly into your organization’s ISMS. This ensures that risk management becomes an ongoing and integral part of your security framework.
  10. Continuous Improvement:
    • Use the results of risk assessments and monitoring to inform the continuous improvement of your ISMS and information security practices.

In summary, risk management in accordance with ISMS is an iterative and proactive process that helps organizations identify and mitigate information security risks. By systematically evaluating threats and vulnerabilities and implementing appropriate controls, organizations can protect their sensitive data and maintain the confidentiality, integrity, and availability of their information assets.

How to Improve Cyber Security

Establish explicit central contacts for advice
To serve as a bridge between various business areas and IT and to provide informal guidance, you could select IT guardians or mentors. Setting up an email address can be all that is necessary.

Empower your team to recognise cybersecurity warning signs
For instance, a generic greeting (Dear Customer), subpar logos, spelling errors, a deadline, phoney domain names, inconsistent sender information, etc. All of these are indicators of a cyberattack. If your staff is aware of these symptoms, you can act swiftly to prevent more damage.

Verify the password
Weak passwords are one of the most frequent reasons for a cybersecurity breach, and people frequently reuse them across all of their accounts. According to a survey by Specops Software, 51.61% of respondents reveal the passwords to their streaming websites, while another 21.43% are unsure if the passwords are then shared with others.

Put multi-factor authentication to use
With multi-factor authentication, at least one additional method of personal identification is required in order to access software or complete a transaction.

It might be as easy as keying in a word that comes to mind or using a passcode from a text message or special app.

Maintain software updates
Any software that isn’t company-wide or available on mobile devices should be avoided. Patches to address security flaws are frequently released, and failing to use them puts you vulnerable to intrusions. Not only are software updates crucial for system performance, but they are also essential for cybersecurity.

Deploy only authorised connections and equipment
With the popularity of hybrid working, cyberattacks are becoming more dangerous than ever. Nowadays, employees work increasingly frequently from home or while travelling. They can be tempted to utilise their own gadgets or connect to unsecured networks at home. To enhance security against cyber dangers, this must be avoided.

Make a “culture of challenge” for new people.
Encourage all employees to carry identification or a security permit at all times so that others may quickly determine who is authorised and who is not.

Although you might be reluctant to act because of the bystander effect and it might be embarrassing, doing so is necessary to protect the business.

Don’t assume someone walking in with a colleague is with them, be extra cautious when entering access codes to a door or building in public spaces, and be aware of tailgaters.

Watch out for imitation
You are more susceptible to impersonation if your name and job title are known to the general public. Establish ground rules with your coworkers if you are in a senior position or have the authority to request payments. As an illustration, always reach out to them directly by phone, codewords, etc. Dual authorization should be used for significant payments. To stop CEO fraud, demand PO numbers for all significant payments.

Clearly define your procedures with customers and suppliers
Insist on direct contact through designated individuals or codewords for significant changes in terms, payments, etc. when speaking with or exchanging information with new customers and suppliers.

Make sure to carry out due investigation and vetting before allowing any third party access to your property to avoid physical risks.

Check your systems for weaknesses
What flaws are hidden in your own systems? Are you aware? If there is any slack or a break from “business as usual” chores, now might be a good moment to strengthen security, secure the parameter, and perform penetration testing. Sounds like a wise financial move?

Keep important personal verification information separate
Make that the right organisational or technical safeguards are in place to protect personal data. This can both prevent and lessen the effects of cyberattacks (by, for instance, storing CVV codes apart from other card information).

Purchase related domains for the web
To lessen the possibility that customers, suppliers, or your team would be deceived by emails from fake addresses or links to spoof websites, think about purchasing a number of related domain names. This is a financial investment in cyber threat defence.

Want to learn more about Information Security?

Received a suspicious email? Pause to think before you act.

Ask yourself these questions if you receive a suspicious email before you engage with the email:

Does this message make sense?
Why am I receiving this email?
Does the tone seem unnecessarily rushed or urgent?
Am I being asked to download an attachment or click on an unknown link?
Am I being asked for information that is personal or sensitive?

If your answers don’t clear your suspicions, then report the email immediately.

Learn more about how to identify and report a phishing attempt.
be Assured, Be Secured