CrowdStrike’s Self-Inflicted Wound: Worse Than Malware for 8.5 Million PCs

Crowdstrike Outage

The recent CrowdStrike outage, impacting an estimated 8.5 million* Windows computers, has sent shockwaves through the cybersecurity world. The irony is stark: a company renowned for its endpoint protection solutions caused a global disruption far exceeding the damage of many malware attacks. But how does it really compare?

What Happened During the Crowdstrike Outage?

On July 19, 2024, at 04:09 UTC, CrowdStrike released a Rapid Response Content update for the Falcon sensor targeting Windows hosts running sensor version 7.11 and above. This update aimed to enhance telemetry gathering on new threat techniques. However, it inadvertently triggered system crashes (Blue Screen of Death or BSOD) on affected Windows systems that were online between 04:09 and 05:27 UTC. Notably, Mac and Linux systems were not impacted, nor were Windows hosts that were offline or did not connect during this period.

CrowdStrike Report – https://www.crowdstrike.com/wp-content/uploads/2024/07/CrowdStrike-PIR-Executive-Summary.pdf

The Unprecedented Scale of the CrowdStrike Outage

The CrowdStrike incident wasn’t a malicious attack, but a faulty update that triggered widespread “blue screens of death.” Yet, its impact was massive:

  • Global Reach: Systems across continents ground to a halt, disrupting businesses, government services, and individuals alike.
  • Critical Infrastructure: Reports suggest hospitals, airports, and other essential services were affected, raising serious concerns about the fragility of modern technology.
  • Financial Impact: The downtime and recovery costs are still being tallied, but the losses are likely to be significant.

Comparing the CrowdStrike Incident to Major Malware Attacks

To put the CrowdStrike outage in perspective, let’s look at some notorious malware events:

  • WannaCry (2017): This ransomware infected over 200,000 computers in 150 countries, causing billions in damages.
  • NotPetya (2017): Disguised as ransomware, this wiper malware crippled businesses worldwide, with estimated losses of over $10 billion.
  • SolarWinds (2020): A sophisticated supply chain attack that compromised numerous government agencies and businesses, highlighting the risks of interconnected systems.

While these attacks were devastating, the CrowdStrike outage arguably had a broader, more immediate impact due to its sheer scale and disruption of critical systems.

Key Takeaways and Lessons Learned

The CrowdStrike incident serves as a stark reminder of several crucial points:

  1. Single Point of Failure: Relying heavily on one vendor, even for security, can create vulnerabilities. Diversifying solutions is essential.
  2. Patch Management: Even legitimate updates can wreak havoc if not thoroughly tested. Rigorous QA processes are non-negotiable.
  3. Incident Response: Having a well-defined, practiced incident response plan is crucial for minimising downtime and damage.
  4. Cybersecurity Awareness: The threat landscape is constantly evolving. Organisations and individuals must remain vigilant and informed.
  5. Malware Protection has full control: Malware protection has ultimate control to a system, more than an administrator.

Looking Ahead: What Next

CrowdStrike has taken responsibility for the outage and is working on remediation. However, this incident will undoubtedly have lasting repercussions, particularly regarding trust in the company’s products plus it raises many questions….
Should organisations consider moving to malware protection that doesn’t have the same risks as Crowdstrike?
Does this mean CrowdStrike will lose it’s customers?
Must companies using CrowdStrike look for alternatives?
Should organisations using CrowdStrike manage the risk of CrowdStrike and look at diversifying and using a different brand malware protection for sections of their organisation?

Reach out to Vertex if you want some Expert Cyber Security Advice on the best approach and solution for your organisation’s Malware protection or to avoid being impacted by these type of outages.

* Estimate by Microsoft – https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/

CATEGORIES

-

TAGS

- -

SHARE

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • Level 4, 11 York Street Sydney NSW 2000 Australia
  • Goods Shed North, 710 Collins St Docklands, Melbourne, VIC 3008 Australia
  • Lot Fourteen, North Terrace Adelaide SA 5000 Australia
  • 44 Montgomery St San Francisco California USA
  • 9 Raffles Place #14-05 Republic Plaza Singapore 048619

(c) 2024 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.