Internet Outages suspected to be linked to CrowdStrike update

July 19, 2024

Global disruptions to Microsoft Windows systems are currently affecting businesses, airports, and broadcasters, among others. The widespread outages are suspected to be linked to a flawed update to CrowdStrike, a prominent malware and endpoint protection tool utilised by enterprises worldwide.

Ilkka Turunen, Field CTO at Sonatype, provided technical insights into the issue: “The suspected update may have caused a BSOD (Blue Screen of Death) loop on affected Windows machines, resulting in an infinite boot and crash cycle. The problem is exacerbated by the fact that the update was auto-installed on numerous machines overnight. Although there are manual workarounds available, they are labor-intensive for customers to implement.”

“This incident highlights a critical supply chain vulnerability,” Turunen continued. “It demonstrates how a single popular vendor’s update can have extensive repercussions on its customers and underscores the rapid spread potential of targeted attacks on widely-used vendors. While it’s unclear if this was due to malicious intent, the incident clearly shows how quickly such issues can escalate.”

Al Lakhani, CEO of IDEE, commented on the broader implications: “While some may appreciate an unplanned day off, countless businesses are facing significant operational challenges due to Microsoft’s and their partners’ inability to maintain reliable service. This incident emphasises the necessity for businesses to rigorously evaluate and vet their cybersecurity solutions before implementation. Microsoft’s oversight in this situation has led to a cascade of failures globally.”

Lakhani critiqued CrowdStrike’s platform approach: “CrowdStrike’s reliance on a single agent for detection may seem advantageous initially, but as evidenced here, it introduces substantial risks. The need for installing and maintaining software across various OSes adds complexity and potential failure points. Furthermore, such agents can become single points of failure, as seen previously with the SolarWinds attack.”

He stressed the importance of more resilient cybersecurity strategies: “The lesson is clear: investing in cybersecurity requires not only acquiring the latest tools but ensuring those tools are dependable and robust. Businesses should prioritise agentless solutions like MFA 2.0 to mitigate the risk of widespread failures and maintain stronger defences.”

The ongoing situation serves as a stark reminder of the intricate dependencies in modern cybersecurity and the necessity for vigilant, comprehensive protection measures.

Read more exclusives and news in our latest issue here.