***Updated 07-29-2024 14:27 EDT***
Judo is a well-known martial art which centers on using an attacker’s momentum, weight, and even size against them with often brutal effect. The throws, tosses, holds are all designed to control or deflect your enemy with least amount of energy expended. When I first read the Guardio Labs paper on EchoSpoofing Judo came immediately to mind. After all attackers are leveraging the systems of ProofPoint to further their efforts. So, with this in mind, let’s step into the Dojo to dive into the details of this attack.

On Friday July 19th at 04:09 UTC (11:09 EST, 8:09PM PST Thursday July 18th) CrowdStrike pushed out an “update” heard round the world. This “update” consisted of a routine push of a sensor configuration file, called a channel update file. The configuration update includes changes to the behavioral analysis engine and other updates to how the Flacon Engine operates while it provides protection. This is nothing new and happens often with many EDR engines that are either ML based, or which contain behavior models. The problem this time is that there was a “logic error” in a file (C-00000291-.sys). This caused the agent to crash during the boot process. This logic flaw impacted roughly 8.5 million systems before CrowdStrike was able to correct the issue and replace the file.

As someone who has recently started their own business, the title of this article is one that I have seen in different formats in multiple courses, videos, webinars, etc. (I will just refer to them as courses moving forward) on what to do to get your business going. These courses talk about very important things when it comes to starting, funding, and running a business. A topic that is rarely covered (with a few exceptions) is how to properly protect and govern your business systems and client data. This omission has become more and more evident to me as I work with small businesses, especially when trying to help them navigate through a security incident. So, let’s see if I can add some information into the standard “start-up” process.

There is a bit of a tongue-in-cheek theory which states that politicians will often expend a lot of energy to appear to be going to great lengths to address a problem while actually doing very little to solve it. While this might bring a chuckle to some when mentioned, there are times when it seems sadly accurate. Some of the times are when we hear political talking heads discussing a complex and nuanced problem stampede towards a “ban” on something. There are examples of this throughout history and they keep popping up in modern times. A recent example is the “ban” on Kaspersky. On the surface the move is portrayed as a national security move due to perceived connections with the Russian Government. However, considering this is not the first time this has been talked about, I have to wonder if that is really what is going on.