ICE Cybersecurity

Nearly a week after the Crowdstrike content update crashed 8.5 million Windows computers, the IT world is still in recovery mode. Each computer requires 10 to 30 minutes of IT attention, translating to over $46 million in unplanned labor costs in California alone, not to mention other expenses and lost revenue, pushing the total impact into the billions. Crowdstrike acted promptly by making immediate announcements and issuing an apology, but referring to the issue as a “bad content update” misled the public and failed to absolve Microsoft or clients from blame. This incident highlights the importance of clear communication and taking full responsibility. Crowdstrike's initial "all clear" statement came off as dismissive to IT teams who were working tirelessly to fix the problem. This situation underscores the need for a solid business continuity plan. At ICE Cybersecurity, we’re here to help you prepare and respond to such incidents. Share your experiences or questions about the Crowdstrike issue with us. Together, we can build resilience and reduce risk. #Cybersecurity #IT #BusinessContinuity #CrisisManagement #ICECybersecurity

In a significant development for the business community, AT&T recently disclosed a data breach that compromised the call and text records of nearly all its cellular customers. This breach, which occurred between May and October 2022, affected millions of customers, including those using AT&T's network through mobile virtual network operators (MVNOs) and landline customers who interacted with cellular numbers during this period. What Happened: Hackers illegally downloaded records identifying the telephone numbers involved in calls and texts but did not access the content of these communications. Despite this, the breach has raised substantial privacy concerns as publicly available tools can often associate these numbers with specific individuals. Ramifications for the Business Community: Customer Trust: The breach has eroded trust among AT&T's customer base, with privacy concerns now more pronounced. Businesses must prioritize robust cybersecurity measures to maintain customer confidence. Customer Privacy: While no Personally Identifiable Information (PII) or payment card information was reported to be breached, Individuals can expect to see an uptick in SMS phishing (Smishing) and Voice phishing (vishing) attacks. Attackers can use this data to improve their Tactics, Techniques and Procedures (TTPs) in both traditional and AI-based attacks. Legal and Financial Implications: The breach has opened up AT&T to potential lawsuits and regulatory scrutiny, highlighting the importance of compliance with data protection regulations. Businesses must ensure they meet these standards to avoid similar liabilities. Market Impact: The breach may affect AT&T's market position, with possible repercussions for its stock performance and investor confidence. It serves as a reminder of the critical importance of safeguarding sensitive data to protect business value and stakeholder trust. Our Opinion: The AT&T data breach underscores the increasing sophistication of cyber threats and the need for enhanced security protocols. It is a wake-up call for all businesses to review and strengthen their cybersecurity frameworks. Proactive measures, including regular security audits, employee training, and robust incident response plans, are essential to mitigate such risks. For more information on the breach and how to protect your data, visit AT&T's official statement. #CyberSecurity #DataBreach #BusinessImpact #Privacy #CustomerTrust https://lnkd.in/eUWyFXSG

CrowdStrike status as of Monday morning 7/22: Crowdstrike has issued an updated file and is no longer distributing the bad update. Crowdstrike customers are still dealing with the aftermath due to the manual steps required to fix the issue. What is the fix? There are multiple resolution paths. Microsoft has released a fix tool and other companies have issued checklists with the steps to take. What should I do to protect myself against this in the future? This is not an easy question to answer as each company relies on technology in different ways and has different partners. In all cases, however, the path to risk reduction starts with a business continuity plan and a business continuity test. From there, companies can take pragmatic steps to optimize their risk. No company will ever be free of risk, but through continuous risk assessment, measurement and reduction, companies can be confident that they are knowledgeable, accepting the right risks and focusing precious resources on the right risk mitigations. Questions? Want to schedule a business continuity test? Email us or ask your vCISO. Why are airlines and other companies still impacted? Unfortunately the fix has manual steps that do not scale well. Already asked to do more with less, coupled with the recent trend to remote work, It teams are faced with a long work queue that will take weeks if not months to complete. Is this a Microsoft problem or a crowdstrike problem? This is a crowdstrike problem. Microsoft is not at fault here. Windows acted as it should… failing secure when a software component misbehaves. In this case crowdstrike falcon, which operates at a very deep level of the operating system (called the zero ring or kernel), began misbehaving when crowdstrike pushed out a regular content update. This tripped the guardrails built into windows causing the blue screen of death. This only impacts windows computers running crowdstrike falcon. Why doesn’t this issue impact non-windows computers? The malicious content was only present in the windows version of the content update. Had the same flaw been present in the apple, android, Linux or other versions, those systems would be impacted too. Has this ever happened before? Yes. Almost 25 years ago, Microsoft updates pushed out malware as part of a regular update. About 10 years ago, Webroot did nearly the exact same thing… pushing out a content update that crashed most of their clients’ computers. Again in 2019/20 solarwinds pushed out a hacked update that allowed attackers a back door into their computers. Be on the lookout for fake fixes Reports are starting to surface about malware or ransomware masquerading as a fix for the crowdstrike issue. If you are looking for a fix tool, download it directly from the Microsoft site. Do not trust downloads from third party sites. If you question the validity of a fix, contact your support team at ICE or check the url / file on viristotal.

Late Thursday / early Friday Microsoft / CrowdStrike customers around the world were hit with an outage that crippled some companies and brought global industries like airlines to a halt. What happened? An update to CrowdStrike’s Falcon sensor software running on Windows computers was pushed out late Thursday. This update put windows systems running CrowdStrike Falcon sensors into a Blue Screen of Death (BSoD) loop rendering those systems non-functional. What was the impact? Computers running CrowdStrike falcon on Windows were taken offline including systems like ticketing and check-in kiosks used by airlines and other large companies. This created a cascading failure that disrupted many businesses including Delta Airlines which issued a global ground stop for all flights worldwide. Microsoft also reported outages for some cloud-based services like Teams, however the extent of these outages is unknown at the time of writing. What’s the fix? Crowdstrike issued a new content update without the BSoD loop flaw. Customer who could re-build or could recover systems quickly are back up and running. For Microsoft customers without the ability to re-deploy desktop builds quickly, some had to boot into safe mode and remove the bad Crowdstrike file. What’s the root cause? It is unknown if the update from Crowdstrike is the result of malicious activity or an error in the release testing process. Those details will come, but either way, this speaks to an opportunity for Crowdstrike to improve QA testing / release process. Key Takeaways: In today’s interconnected world, a single disruption can send shockwaves across industries globally. This incident underscores some key best practices for all of us: Have a Business Continuity Plan (BCP): No customer of Microsoft or Crowdstrike could have prevented this outage, however, having a plan to deal with outages like this is important for every company. Test your BCP: Having a plan is good, but not good enough. Without testing your plan, you won’t know how you’ll actually respond. 3rd Party Risk Management: The modern digital landscape is a web of interconnected systems. A failure in one part can affect the entire network. This outage serves as a stark reminder to evaluate your digital supply chain and the systems you rely on. Communication is Key: CrowdStrike's swift response and transparent communication with their customers illustrate the importance of timely updates during a crisis. Keeping stakeholders informed helps manage expectations and maintain trust. Invest in Resilience: As cybersecurity professionals, we must advocate for and invest in resilient systems that can withstand and quickly recover from unexpected outages. Redundancy, regular updates, and comprehensive security protocols are non-negotiable. https://lnkd.in/gtZQ5TD4

Happy 4th! May you enjoy some BBQ with family and friends!

A new security flaw called "regreSSHion" has been found in OpenSSH, a tool used for secure remote access to computers. This vulnerability can let attackers take over affected Linux systems, giving them full control to install malware, manipulate data, and spread the attack to other systems. It affects OpenSSH versions 8.5p1 to 9.8p1 on Linux, but is hard to exploit without advanced tools. To protect against it, users should update OpenSSH to the latest version, use network controls to restrict access, or adjust specific settings if immediate updating isn't possible. #LetYourIT know or call us https://lnkd.in/gpxhFq3i

Thinking of buying a car this #July4th weekend? You might face issues due to a recent hack on CDK Global, a software used by car dealerships. The attack on 6/19 by Blacksuit has disrupted nearly 15,000 dealerships in North America, forcing them to revert to traditional methods to protect customer information. Impact on Customers: - Delayed Purchases & Extended Transaction Times: Manual processes are causing extended wait times. - Limited Access to Deals & Inventory Information: Challenges accessing factory rebates, special deals, and up-to-date vehicle info. - Registration & Financing Issues: Manual methods causing delays in registration and difficulties in securing loans. - Service Appointment & Communication Disruptions: Challenges in scheduling services and maintaining customer communication. - Privacy Concerns: Raised concerns about the security of customer data. Economic impact: Car sales, worth $122 billion last month and 17% of all retail sales in May, are significantly affected. If the outage continues, billions in sales could be lost, impacting the GDP and potentially causing market volatility. Retail sales are crucial for consumer spending, a key driver of the US GDP. The FTC Safeguards Rule, which became fully effective in June 2023, emphasizes robust cybersecurity measures for financial institutions, including: - Developing and maintaining a comprehensive information security program. - Designating a qualified individual to oversee the program. - Conducting a written risk assessment and implementing multi-factor authentication. - Encrypting sensitive information and training security personnel. Notifying the FTC within 30 days of a breach affecting 500 consumers. This rule underscores the importance of protecting customer data and reflects the evolving landscape of cyber threats. #CyberSecurity #AutoIndustry #Economy #RetailSales #GDP #July4th

It was great to have Paul Johnson and Bill York, Board member and CEO of 211 San Diego stopping by our booth as a show of appreciation for our team’s excellent service. Go Team!

One of the verticals our team is most proud of serving is providers in the Community Information Exchange, CIE, community. They are the unsung heroes who serve those in need in our major US cities. We look forward to seeing you at this year's #CIE2024 summit. #211LA #211SD #SDHC #SkinnyGene #DiabetesCarePartner Why is a CIE important? It enables the sharing of data among multiple stakeholders – providers who need to share data to provide holistic care, people in need who must navigate complex systems of care, and researchers and decision-makers. Doing so in a shared language and across integrated technology, having a visible resource database, and enabling community care planning. It's an honor to serve you.

"Sunday, Sunday, Sunday! C'mon down to..." Remember those commercials back in the 90s that stick in your head? Well, we feel that applies to Ai now. You can't go anywhere without hearing about Ai. Is it here? How will it impact us? What are the risks? Our very own Phu Nguyen led a panel to discuss that! Here is a quick recap. https://lnkd.in/g225Ra7h