Category: Digital Trust Center

There are several media reports of a global computer outage following an update from cybersecurity company CrowdStrike. Windows computers in particular show a ' Blue screen of death ' (BSOD) / blue screen. This prevents the computers from starting up.

What is going on?

The most recent update of Crowdstrike Agent causes a Blue Screen of Death (BSOD).
Crowdstrike acknowledges the issues and is currently conducting research to resolve the issues.
patch been made available at this time However, a workaround been made available by CrowdStrike, which we share below in the action perspective.

The National Cyber ​​Security Center (NCSC) has confirmed that the workaround provided by CrowdStrike works. This is very labor intensive and must be carried out per system. The NCSC currently has no indication that the situation is the result of actions by malicious parties.

What can you do?

If you have not yet performed the latest update to Crowdstrike agent, we recommend that you do not do so until a verified solution is available. If the systems 'loop crash', it is advisable to take the following steps to perform a manual intervention:

Boot Windows to Safe Mode
Navigate to C:WindowsSystem32driversCrowdStrike directory in Explorer
Locate file “C-00000291-00000000-00000032.sys” file, right click and rename the file to “C-00000291-00000000-00000032.renamed” (the version may differ from your host)
Boot the host

Not sure how to apply this workaround? Then ask your IT service provider for help in carrying out the workaround. The Digital Trust Center (DTC) advises you to follow the NCSC reporting for the latest news.  

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Two vulnerabilities have been fixed in Cisco Secure Email Gateway. This Cisco environment is intended to protect a user's email in the cloud. The vulnerabilities are classified as CVE-2024-20401 and CVE-2024-20429 .

The Cisco vulnerabilities receive a CVSS score of 9.8 (CVE-2024-20401) and a CVSS score of 6.5 (CVE-2024-20429), the vulnerabilities are rated as 'High/High' . This means that both the chance of misuse and the chance of damage are high. So far, Cisco indicates that it is not aware of any exploitation of this vulnerability.

What's the risk?

The most critical vulnerability (CVE-2024-20401) allows an unauthenticated attacker to send an email with a specially prepared (malicious) attachment:

Add users with root rights;
Adjust the device configuration;
Run arbitrary code;
and Cause a permanent Denial of Service (DoS).

The second vulnerability (CVE-2024-20429) concerns a so-called 'Server-Side Template Injection'. This allows an authenticated attacker with 'operator' privileges to remotely execute code with root privileges on the underlying system.

What can I do?

Cisco has released software updates for CVE-2024-20401 and CVE-2024-20429 to address the vulnerabilities. The Digital Trust Center (DTC) recommends implementing the recommended mitigation measures as soon as possible. If necessary, ask your IT service provider to help you with this.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Information and communications sector most often sets automatic updates

The 'information and communications' sector most often reports having automatic updates set up on all internet-connected devices. Nearly three-quarters (73%) of entrepreneurs in this sector have set up automatic updates. Entrepreneurs in the 'business services' and 'financial services' industries also score relatively high on this at 66%.

Agriculture, forestry and fishing sectors are the least likely to set automatic updates

Entrepreneurs in the 'agriculture, forestry and fishing' sector are the least likely to set up automatic updates. Just over half of this sector (55%) has done this, followed by the sectors 'real estate' (57%) and 'industry and energy' and 'trade, transport and catering' (both 58%).  
 

More than one in three small businesses do not have automatic updates set up on all their internet-connected devices (36%). This is evident from data from the CyberSafe Check tool of the Digital Trust Center (DTC). The CyberSafe Check has been completed more than 9,000 times by self-employed people and SMEs from various sectors.

The CyberSafe Check for self-employed persons and SMEs has been specially developed for smaller companies that do not yet have much knowledge and experience in the field of cybersecurity. Within 5 minutes, entrepreneurs know what they can do today to get started with the digital security of their company. At the end of the check, entrepreneurs download their own action list and get started with practical instructions and tips.

Update automatically

The CyberSafe Check inventories the extent to which self-employed people and SMEs take the basic measures necessary for the basis of their cyber security. One of the questions asked in the tool is: “Is automatic updating enabled on all internet-connected devices?” Software updates often contain important improvements and security updates for the user. Delaying the installation of security updates can make your device's security vulnerable.

Adversaries are actively looking for ways to penetrate through these types of security holes. The advice for self-employed people and small SMEs is therefore not to wait to update devices that are connected to the internet and to preferably set automatic update This includes not only your computer or smartphone, but also your printer, smart doorbell, routers and other smart devices that are connected to the internet.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs or the Basic Cyber ​​Resilience Scan .

Comparison with the Safe Digital Entrepreneurship report

In the recently published TNO research report Safe Digital Entrepreneurship , which provides insight into motivations and barriers of entrepreneurs to take cybersecurity measures, a question was also asked about the application of automatic updates to company equipment and software. To the statement “My company/organization ensures that automatic updating is enabled on equipment and software within the organization.”, 795 respondents from various sectors provided an answer.

It is striking that these data also show that the 'agriculture, forestry, fishing and mineral extraction' sector (60%), followed by the real estate sector (61%), seem to apply this measure least often. The financial services sector also scores relatively high (84%), just as in the CyberSafe Check data.  

However, the energy sector scores remarkably higher in the data from the TNO study than in the data from the CyberSafe Check. A possible explanation for this may be that the research groups cannot be fully compared, for example due to differences in company size. The CyberSafe Check is aimed at self-employed people and small SMEs (1-50 employees), where the TNO research has a research group from self-employed persons to large companies (1-400 employees).  

The TNO data shows that the companies from the industry and energy sector that participated in the research are significantly underrepresented by self-employed people, and significantly overrepresented by employees with a company size of 50-249 employees. Previous research has shown that larger companies take more cybersecurity measures than smaller companies .
 

 Although the data from the CyberSafe Check does not come from a scientific study, the high response rate can provide insight into the behavior surrounding the execution of automatic updates in the various sectors. The CyberSafe Check tool had to be completed last year by, among others, small companies that wanted to use the My Cyber-resilient Business subsidy .

The recently published CBS Cybersecurity Monitor shows that companies that are more involved with ICT or have a major interest in securing their data, such as the ICT sector or the financial sector, generally take more basic measures than companies in sectors where this seems less important. The CBS Cybersecurity Monitor has not published any figures about companies' update policies after 2020.

As of today - July 2, 2024 - the Internet consultation of the Cybersecurity Act is closed. The consultation period ran from May 21, 2024 to July 2, 2024. The bill is the conversion of the European Network and Information Security Directive (NIS2) directive into national legislation. This directive aims to strengthen digital and economic resilience against increasing threats.

In order to involve the largest possible group in the development of legislation, citizens, companies and institutions could make suggestions via internetconsultatie.nl for improving legislation and regulations. There were 111 public responses to the consultation.

Reactions received

After the consultation period has closed, a further assessment will be made as to whether – and how – the bills should be amended. The result of the consultation and its processing will in any case be stated in broad terms in a report on this website.

The ministries involved and the NCTV are currently also working together on the General Administrative Order; a form of subordinate legislation in which the law is elaborated in more detail. Among other things, the responses to the bills received via the internet consultation serve as input for what is further elaborated in the General Administrative Order. This applies to the Cybersecurity Act and the Critical Entities Resilience Act .

The Cybersecurity Act

The Cyber ​​Security Act is the national legislation arising from the European Network and Information Security Directive ( NIS2 Directive ). The aim of this bill is to strengthen digital and economic resilience against increasing threats. The law will apply to companies and organizations that are active in certain 'critical' sectors and have a certain size. The Cyber ​​Security Act replaces the Wbni.

The Cyber ​​Security Act is the successor to the so-called Network and Information Systems Security Act ( Wbni ) and contains a number of changes compared to the Wbni. First of all, the number of sectors and therefore the number of organizations that will fall under the law has been expanded. The bill also contains rules in the areas of duty of care (cybersecurity measures), reporting obligation (reporting incidents), and monitoring compliance.

Who does the Cybersecurity Act apply to?

Wondering whether your company must comply with this new law? Do the quick checks. Who does the NIS2 apply to? or go through NIS2 Self-Assessment Tool to find out.

Prepare yourself in advance

A resilient digital Netherlands is always important. Now and in the future. There are many measures that organizations can take now, even before they are required to do so by law.

The measures that organizations must take based on their duty of care take time and attention. That is why the Digital Trust Center advises organizations not to wait until legislation is introduced, but to make preparations in advance. View the NIS2 starting point with 10 measures that…