Showing posts with label Trust At Stake. Show all posts
Showing posts with label Trust At Stake. Show all posts

Thursday, September 19, 2024

CrowdStrike Unsecured: Striking Falcon Effects

Image credit: CrowdStrike


In the intricate dance of ones and zeros, a seemingly harmless glitch within CrowdStrike system set off a digital tempest. Windows systems faltered, and the dreaded Blue Screen of Death (BSOD) flashed across screens worldwide.

The Incident

On July 19, 2024, at 04:09 UTC, cybersecurity firm CrowdStrike rolled out a routine sensor configuration update to Windows systems. Unfortunately, this seemingly innocent update routine contained a flaw. At 07:15 UTC, Google said that the CrowdStrike update was at fault.[2] Within hours, CrowdStrike CEO George Kurtz.[1] confirmed that CrowdStrike's faulty kernel configuration file update had caused the problem.[3].[4] At 09:45 UTC, Kurtz confirmed that the fix was deployed[1].[5] and that the problem was not the result of a cyberattack.[4]

The Impact

Windows systems running Falcon Sensor version 7.11 and above, which had downloaded the update between 04:09 and 05:27 UTC, became vulnerable. The glitch caused system crashes—cue the dreaded Blue Screen of Death (BSOD). Thankfully, systems running Linux or MacOS remained unscathed.

The Fallout: A Global Disruption

Aviary passengers grounded. Hospitals in disarray. Supermarkets bewildered. Transportation have stopped. It is reported that Delta Airlines was hit hard, to be precise, grappling with a 5-day saga of delays and almost 3,000 flight cancellations. The financial toll? A staggering $325M to $475M in gross losses. All because of a faulty update. In large scale, roughly 8.5 million systems crashed, leading to largest IT outage in history. Financial losses were estimated to be at least $10 billion.

Lessons Echoing Across the Cyber Sky

• Operational Disruption: CrowdStrike’s clients felt the tremors firsthand. Operational setbacks rippled through their systems. The lesson? Frequent, automatic updates—while essential—carry risks. Like a tightrope walk, balance is key.

• Cyber Insurance Wake-Up Call: Policies designed for external attacks stumbled when faced with internal mishaps. Coverage gaps yawned wide. Loss of income due to software provider errors? Not always covered. Ambiguity reigned. The industry needs a tune-up.

• Legal Battle: Lawsuits loomed. Delta’s $500M lawsuit against CrowdStrike and Microsoft—David Boies leading the charge—showed that negligence claims could rain down. Regulatory scrutiny followed suit, reshaping standards. Some say Boies and Microsoft might tango again in 2024. Will it be a sequel, followed from their courtroom dueling in 1999 Microsoft Antitrust case? 

• Trust At Stake: Reputation—once pristine—now weathered. Trust eroded, like notes fading in the wind.

The Encore

CrowdStrike danced on the precipice. Lessons learned; scars etched. The Falcon’s wings clipped, but resilience intact. And as the digital orchestra plays on, we remember: Reliability—the heartbeat of cybersecurity—is non-negotiable. 


Stay tuned for more exciting news in fintech scene that matters


----------------------------------

https://en.wikipedia.org/wiki/2024_CrowdStrike_incident#cite_note-Browne-240719-8

2.  Google Cloud StatusArchived from the original on 19 July 2024. Retrieved 19 July 2024.https://en.wikipedia.org/wiki/2024_CrowdStrike_incident#cite_note-Browne-240719-8

3. "In 1st Statement After Outage, CrowdStrike CEO Says..." NDTV. 19 July 2024. Archived from the original on 25 July 2024. Retrieved 19 July 2024.

4. Jump up to:a b c Browne, Ryan (19 July 2024). "How a software update caused one of the world's biggest IT blackouts". CNBC. Archived from the original on 19 July 2024. Retrieved 19 July 2024.

5. "Microsoft IT outage latest: Security firm Crowdstrike finds cause of global IT 'disaster' – as cyber attack ruled out"Sky News. 19 July 2024. Archived from the original on 19 July 2024. Retrieved 19 July 2024.