Daniel Elice

“CrowdStrike Outage Could Be Biggest IT Outage In History As Update Sparks Global Chaos For Airlines, Hospitals and Banks” – The Cyber Security Hub Newsletter

Now that the fallout of the CrowdStrike outage largely subsided, I wanted to share my thoughts on the incident.

What happened?

The bug, found in a content update for Windows hosts, caused an out-of-bounds memory exception resulting in widespread system crashes that ultimately led to the infamous Blue Screen of Death (BSOD).

CrowdStrike attributed the issue to a flaw in the test software, which failed to properly validate the content update that was pushed out.

My Analysis – The Broader Implications

1. Emergence of Malicious Domains

In the wake of the CrowdStrike outage, cybercriminals were quick to exploit the chaos by setting up malicious domains. These domains were designed to mimic legitimate sites (such as CrowdStrike or Microsoft Support) and trick users into downloading malware or disclosing sensitive information.

The rapid response of hackers highlights the need for heightened awareness and adaptive cybersecurity measures during and after such incidents. Organizations should closely monitor domain registrations and traffic to detect and mitigate these threats early.

2. The Rarity of Such Updates

While updates to antivirus software are routine and generally go unnoticed, this incident was a reminder that even well-tested (or at least we think well-tested) updates can sometimes fail. This was indeed a “one in a million” event, but it underscores the importance of robust testing environments and fallback mechanisms. Vendors must ensure that updates can be rolled back quickly and without causing additional disruptions.

3. Business Continuity and Disaster Recovery Plans

The widespread impact of the outage demonstrated the critical need for effective business continuity and disaster recovery (BC/DR) plans. Businesses affected by the outage struggled to maintain operations, underscoring the importance of having plans that include regular backups, clear communication channels, and frequent tabletop scenarios and updates to BC/DR plans to adapt to new threats.

4. Supply Chain Vulnerabilities

This incident exposed vulnerabilities in the supply chain, as many organizations rely on third-party software and services for their operations. It highlights the need for rigorous vetting of vendors, redundant systems to avoid single points of failure, and enhanced communication from vendors during incidents (I must say that CrowdStrike has done a tremendous job being transparent throughout the entire incident).

5. Ethical Considerations: Who Pays for the Damage?

Businesses lost revenue, emergency services were disrupted, and public safety was potentially compromised. Who should bear the cost? I don’t have a definitive answer, but I believe the responsibility lies on both the vendor and customer. The vendor has a responsibility to ensure the reliability of their updates and may need to offer compensation to affected customers. Customers have a responsibility to maintain BC/DR plans and cannot solely rely on vendors for their resilience.

The CrowdStrike outage serves as a critical learning experience for the cyber community and businesses worldwide. I’d love for you to share your thoughts and experiences about the outage in the comments below. How can organizations better prepare for and mitigate such widespread IT issues in the future?