Crowdstrike – Trusted Internet comments and recommendations

Cybersecurity AnalysisCyber Threats
Written By Jeff Stutzman

Situation Report: 

An update in Crowdstrike software has created mass outages in almost every corner of the world:  

  • Air Travel: Over 1,600 flight cancellations and nearly 19,000 delays globally. 

  • Healthcare Systems: Hospitals in the U.S. and U.K. are struggling with access to medical records. 

  • Public Services: Rail travel and metro services are affected in the U.S. and Australia. 

  • Payment Systems: Interruptions in global payment processing. 

  • Emergency Services: 911 services are experiencing outages in several U.S. states. 

CEO’s Comments and Recommendations: 

The largest and smallest of us have occasionally had update issues. While this is a bad one, I’d hate to throw the baby out with the bath water. Crowdstrike is an amazing tool, hence the market share. They touch every critical infrastructure.   Today’s event is unfortunate. There is a workaround for restoration, but there is a manual component. So, what should affected Crowdstrike clients be thinking about during restoration? Here’s what we think:

Security teams must be on alert. Through the restoration process, there will be times when devices will be without protection. We believe there is a probability that this gap may be exploited. Border protection is a must until clients know they’re protected post-fix.  

·       Security teams must continue monitoring (scrutinizing) and defending every Crowdstrike client's edge.

·       Temporarily deploy an independent EDR package that might help offset any gaps in protection that Crowdstrike users might want during the interim. Even if users decide to continue with Crowdstrike (I’m sure most will), there will be a gap, as clients might want to hold off on restoring Crowdstrike until they feel more comfortable in its stability. Security teams should be prepared with an alternative.  

·       For providers offering Crowdstrike or enterprise clients deploying the fix, test for stability before deploying. This should be the norm, but it may not be in smaller shops. This is one of the most important issues as Crowdstrike MSSPs move to restoration. 

For companies needing assistance or fast access to a third-party alternative, even temporarily while performing restorations, contact Trusted Internet at staysafeonline@trustedinternet.io.  

Jeff Stutzman
Previous

Ransomware-as-a-Service 'Eldorado' Targets Windows & Linux Systems 

Next

AT&T Data Breach