This week:
3 – CrowdStrike strikes the crowd.
2 – Kaspersky says farewell to America.
1 – What KnowBe4 didn’t know before.
3 – CrowdStrike strikes the crowd.
“CrowdStrike’s Falcon software is used by businesses around the world to help manage against malware and security breaches on millions of Windows machines”. Unfortunately, a 40kb update file for the CrowdStrike software struck a large crowd recently.
Summary:
We all know that we need to keep our security and anti-virus software up to date. Enabling automatic updates is a great way to keep on top of this. But while that approach may work for small teams or small businesses with overworked IT staff, it’s not a great idea for large enterprises running hundred or thousands of devices.
In hindsight, allowing a third party to install software updates across all of the Windows devices in an organisation at any time of the day or night was a risky decision. And the risk became a major issue last week when the small update file was deployed by CrowdStrike. In less than 90 minutes, the update caused 8.5 million Windows devices across the world to shut down.
So what?
Security is not just about confidentiality. It is also about integrity and availability. And this CrowdStrike incident is a reminder that malicious activity is not the only risk to the security (in this case, the availability) of our systems.
It also reinforces why there is such a focus these days on operational resilience (Hint: It’s the ‘OR’ of ‘DORA’). This incident demonstrates why organisations need to think about how they can be more resilient when faced with these types of unexpected events.
Source: The Verge and CrowdStrike blog.
2 – Kaspersky says ‘da vstryechee’ to America.
“The manipulation of Kaspersky software [..] can cause significant risks of data theft, espionage, and system malfunction.”
Summary:
Kaspersky, a once well-known security software provider, has announced its exit from the U.S. market following a US ban on the sale of its software due to national security concerns which “risk the country’s economic security and public health, resulting in injuries or loss of life”.
So what?
A cynic may ask if there will be a similar ban on CrowdStrike, given its proven ability to cause “system malfunction” to millions of Windows devices around the world.
Luckily, I am not a cynic.
Source: The Hacker News
1 – What KnowBe4 didn’t know before.
“This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don’t let it happen to you.”
Summary:
KnowBe4, a well-known cyber security awareness training platform provider, has published detailed information after foiling an infiltration attempt by a North Korean fake IT worker. The attacker used stolen US-based identity and AI-enhanced photos to pass multiple interviews and background checks. On the day the new employee started, KnowBe4’s security team noticed malicious activity on the employee’s laptop and blocked their access within 30 minutes. The KnowBe4 incident report explains what happened and the lessons that we should all learn from the incident.
So what?
This a a reminder that robust vetting, continuous security monitoring, and strong access controls are all essential to prevent sophisticated infiltration attempts.
Source: KnowBe4 Blog