Read more about Kroll’s global response to this issue. Click Here.
Tue, Jul 23, 2024
Read more about Kroll’s global response to this issue. Click Here.
CrowdStrike customers experienced a large-scale outage on Friday, July 19 due to an issue in a routine content update deployed overnight. The content update glitch has affected millions of Microsoft Windows systems, rendering them inoperable until a fix is executed manually on each system.
CrowdStrike continues to develop and refine technical remediation guidance, which is posted on their website. Our teams have studied this guidance, are currently working with several clients that utilize CrowdStrike software to remedy their specific situations and are prepared to assist others in their recovery efforts onsite or remotely as needed.
Our experts continue to monitor the situation and have highlighted the following areas:
Despite the non-malicious nature of the outage, threat actors are attempting to exploit the situation. Kroll’s Threat Intelligence analysts have observed phishing and social engineering campaigns leveraging the disruption. Organizations should remain vigilant and consult their cybersecurity teams if they encounter suspicious activity.
Software update failures are nothing new – they will happen. At the same time, our digitally-interconnected world has increased the impact of such outages. Remote and distributed workforces exacerbate the challenge, especially when offline interventions may be necessary to recover. Technical challenges to business operations may arise, requiring additional technical and cybersecurity expertise.
Mass IT outages underscore the importance of having continuity plans. To navigate disruptions efficiently in the future, businesses can learn from this experience to enhance resilience in their operations. External review of existing business continuity plans is an important step and ensures alignment with evolving industry best practices and business needs, while limiting impact from future events.
While it is too early to estimate the size of the disruption caused by this outage, it is already being compared to NotPetya, a global ransomware attack that took place in 2017 which caused billions in losses. Insurers are bracing for an influx of claims, but not all cyber or business interruption policies may cover an event like this. There could also be legal action as victims seek financial or other remuneration. Kroll experts can advise on options and potential courses of action for those impacted. It’s important to reach out to an expert as soon as possible to ensure the best outcome.
Kroll is aware of multiple domains being created shortly after the incident started, which purport to be related to CrowdStrike. Kroll knows that attackers frequently leverage large-scale events like this for phishing and scam activity. Organizations should instruct their staff to:
The UK National Cyber Security Centre also confirmed a rise in phishing based on the incident, reporting: “Note that an increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals.”
In any situation like this, the focus needs to be on quickly remedying the immediate impact and ensuring business operations continue. However, it’s also critical to be aware of emerging security threats and bad actors that will use this opportunity to further introduce new scams and phishing schemes. Additionally, if there has been organizational impact, it’s critical to reach out to experts as early as possible to identify potential solutions that could help reduce downtime and mitigate financial impact from an outage. Finally, conducting an external review of business continuity plans to ensure that plans address evolving cybersecurity and technology challenges while aligning to individual business needs and risk tolerances.
The UK National Cyber Security Centre also confirmed a rise in phishing based on the incident, reporting: “Note that an increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals.”
In any situation like this, the focus needs to be on quickly remedying the immediate impact and ensuring business operations continue. However, it’s also critical to be aware of emerging security threats and bad actors that will use this opportunity to further introduce new scams and phishing schemes. Additionally, if there has been organizational impact, it’s critical to reach out to experts as early as possible to identify potential solutions that could help reduce downtime and mitigate financial impact from an outage. Finally, conducting an external review of business continuity plans to ensure that plans address evolving cybersecurity and technology challenges while aligning to individual business needs and risk tolerances.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Our valuation experts provide valuation services for financial reporting, tax, investment and risk management purposes.
Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.
In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.
Providing exceptional results for all types of class action administrations through our expert team, consultative approach and unrivaled proprietary data security and technology.