Did CrowdStrike update causing global IT outage bypass quality checks?
A routine update of cybersecurity software by CrowdStrike, led to a global IT outage on Friday, causing widespread disruption for companies using Microsoft's Windows. Experts claim that the update did not receive sufficient quality checks before deployment. A faulty code in the update files resulted in this extensive tech outage. The incident affected operations at global banks, hospitals, airlines, and government offices.
Experts question quality checks of CrowdStrike update
Security experts have raised concerns about the quality checks performed on the update before its deployment. The latest version of CrowdStrike's Falcon Sensor software was intended to enhance security against hacking threats. However, a faulty code disrupted operations globally. Users reported problems soon after the update was rolled out on Friday, with computers displaying Blue Screens of Death (BSOD).
Faulty code identified, recommendations for future updates
Steve Cobb, Chief Security Officer at Security Scorecard, suggested that the file containing the faulty code might have been overlooked during the vetting or sandboxing process. John Hammond, Principal Security Researcher at Huntress Labs, recommended that such updates should be initially rolled out to a limited pool to avoid widespread issues.
How did the update miss on quality checks?
Acoording to security researcher Patrick Wardle, the update's problem was "in a file that contains either configuration information or signatures." These signatures are pieces of code designed to identify particular types of malicious software or malware. "It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware" he said. The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," Wardle added.
Restoration requires time
Despite CrowdStrike releasing information to fix affected systems, experts warned that restoration would require time as it involved manually removing the flawed code. The exact reason why the faulty code was included in the firmware and why it wasn't detected before release remains unclear. This incident mirrors a similar situation in 2010 when a faulty antivirus update from McAfee stalled hundreds of thousands of computers.
CrowdStrike CEO confirms defect, CISA issues warning
CrowdStrike CEO George Kurtz confirmed that a "defect" in a content update for Windows hosts caused the outage, ruling out a cyberattack. He stated that the firm was rolling out a fix and that Mac and Linux hosts were not affected. Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) warned of threat actors exploiting the incident for phishing and other malicious activities, despite no link to any suspicious activity.