Security experts say routine updates to CrowdStrike’s widely used cybersecurity software did not undergo proper quality checks before installation. The software crashed customers’ computer systems around the world on Friday.
The latest version of Falcon detection software was designed to make CrowdStrike customers’ systems more secure against hacker attacks by updating threat protection. However, the faulty code in the update files resulted in one of the most extensive technology outages in recent years for companies using the Microsoft Windows operating system. All over the world, banks, airlines, hospitals and government offices have stopped functioning. CrowdStrike has issued advice on how to repair affected systems, but experts say it will take time to bring them back online because of the need to manually sift through the faulty code. Companies now have to deal with late and canceled flights, back orders and other problems that drag on for days. Businesses must also deal with the question of how they can avoid outages caused by the technology used to protect their systems in the future.
“It appears that this file was somehow not included in the package or was slipped through the check when examining the codes,” said Steve Cobb, director of security at Security Scorecard. pictures of computers displaying error messages were posted on social media.The outage showed that many organizations are not properly prepared to implement emergency plans when an IT system or software goes down. However, experts say these outages will happen again. until more emergency backups are built into networks and organizations implement better backups.
Patrick Wardle, a security researcher specializing in the study of threats against operating systems, identified the code responsible for the outage. According to his analysis, the problem with the update was “in a file that contains configuration information or signatures,” he said. Such signatures are codes that recognize certain types of malware. “It’s very common for security products to update their signatures daily because they’re constantly monitoring new malicious code and because they want to ensure that their customers are protected against the latest threats,” he said. The frequency of updates “is probably one of the reasons why CrowdStrike didn’t test it that much,” he said.
It’s unclear how the faulty code got into the update and why it wasn’t detected before it was released to customers. “Ideally, this should have been released to a limited circle first,” said John Hammond, principal security researcher at Huntress Labs. “It’s the safer approach to avoid such a big mess.” “This event is a reminder of how complex and intertwined our global computing systems are, and how vulnerable they are,” said Gil Luria, senior software analyst at DA Davidson. “CrowdStrike and Microsoft will have a lot of work to do to prevent other systems and products from causing this type of failure in the future,” he said.
CrowdStrike isn’t a household name, but it’s an $83 billion company with more than 20,000 subscribers worldwide, including Amazon.com and Microsoft. CrowdStrike CEO George Kurtz on social media platform X he announced, that “we deeply regret the impact this has had on customers, travelers, everyone affected, including our company.” Other security companies have had similar episodes in the past. A botched McAfee antivirus update in 2010 shut down hundreds of thousands of computers. However, the global impact of this elimination reflects CrowdStrike’s dominance. The company’s software is also used by more than half of the world’s largest companies, i.e. companies on the Fortune 500 list, and many government agencies, such as the leading US cyber security agency, the Cybersecurity and Infrastructure Security Agency.
Source: sg.hu
