CrowdStrike outage underscores digital vulnerabilities
Friday's CrowdStrike outage demonstrates how single point of failure (SPoF) outages can affect the global digital economy, a cyber security company has warned.
CyberCube, which operates in Bermuda, said it is advising clients on how to use SPoF Intelligence to identify exposed insureds and estimate the exposure footprint of the event.
Cyber Cube said the global IT system outage was triggered by a faulty software update from CrowdStrike, causing widespread disruptions across various Windows operating system (OS) types. The issue originated from a defective kernel driver included in the update, which led to numerous systems crashing globally and displaying the “Blue Screen of Death” (BSoD).
The issue began with a CrowdStrike update that was intended to enhance security but inadvertently included a logic error in a configuration file. Invalid operations caused by the logic error led to the OS encountering conditions it cannot resolve. This resulted in system crashes, manifesting as the BSoD. The BSoD is a protective measure to prevent further damage to the OS by stopping all operations.
The update affected companies using CrowdStrike’s Falcon software on machines running Windows OS, both desktop (including Windows 10 and 11) and Windows Server.
"These are the primary companies affected by the event," CyberCube said. "With its global position in cybersecurity, CrowdStrike’s own customer base includes many other organizations that CyberCube identifies as SPoFs. Companies relying on one of these SPoFs may be secondary victims of the event, even if they do not use CrowdStrike and Windows directly.
"Additionally, CrowdStrike Falcon is deployed by managed security service providers (MSSPs) on the networks of other – typically smaller – organisations they oversee. These organisations using such MSSPs are also secondary victims of the event. Notably, financial institutions, healthcare providers, and transportation networks have all experienced disruptions."
CyberCube said its intelligence tool showed it was likely that all users of the core components of the CrowdStrike Falcon platform in conjunction with Windows OS were impacted.
"Analysis of the count of companies exposed across CyberCube’s US Industry Exposure Database (IED) identifies large companies in Manufacturing, IT, Healthcare, and Financials as the most likely to be exposed. Examination of exposed limits shows an outsize exposure in the Aviation, Banking, and Retail sectors."
CyberCube said it had provided clients with a list of SPoFs that are dependent both on CrowdStrike Falcon and Windows OS. The outage affects various versions of Windows operating systems. This broad scope means that any organisation or individual using these operating systems alongside CrowdStrike Falcon is at risk of experiencing system crashes and operational disruptions.
The company added: "Affected organisations can expect a series of remediation and recovery efforts to take place immediately. Companies with the IT resources to handle large-scale incidents are expected to recover faster. There may be ongoing disruptions as companies implement patches and verify their systems' stability.
"Rolling back the update and applying patches requires specialised knowledge. For small and medium-sized companies, a lack of access to IT staff could delay the remediation process. Companies lacking robust contingency or IT backup plans could also face additional disruptions."
Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
