A recent update from CrowdStrike caused significant issues for Windows computers, leading to crashes and the Blue Screen of Death (BSOD). This is one of the largest outages in history affected various organizations worldwide. The issue was due to a faulty file in CrowdStrike's Falcon Sensor product, not a cyberattack, as confirmed by CEO George Kurtz.
Key Points:
- Impact: The outage disrupted operations at airports, banks, businesses, and broadcasters. Planes in the U.S. and trains in the U.K. were notably affected.
- Response: CrowdStrike engineers are working on resolving the issue, which has been isolated and fixed.
- Workaround: Users can manually delete a specific file in Safe Mode to restore functionality, though this isn't scalable for larger organizations.
- Microsoft's Role: Microsoft is also taking mitigation actions and investigating related issues with its cloud.
Recommendations:
- Follow the steps provided by CrowdStrike to manually fix affected systems.
- Ensure communication with CrowdStrike representatives through official channels for updates.
Caution About Malware Exploitation:
- Increased Risk: Lowered security system sensitivity can be exploited by malware, posing a critical risk as cybercriminals may take advantage of reduced defenses.
- Preventive Measures: Remain vigilant, monitor for unusual activities, and ensure robust security protocols. Incorporating prevention-first security strategies like Automated Moving Target Defense (AMTD) can help mitigate the exploitation of vulnerabilities by constantly changing the attack surface, making it more difficult for malware to find and exploit weaknesses.
The Problem With Signatures and Updates in Cybersecurity Software:
The recent CrowdStrike incident underscores the inherent flaws in traditional detection methods, which rely heavily on updates. These approaches are vulnerable to failures and can lead to widespread disruptions. Automated Moving Target Defense (AMTD), offered by Morphisec, stands out as the only viable alternative, offering robust protection by continuously changing the attack surface and making it significantly harder for malware to exploit vulnerabilities. With AMTD, organizations can avoid the pitfalls of static detection methods and ensure a higher level of security and resilience.”
Michael Gorelik | CTO Morphisec
Conclusion:
The reputational impact on CrowdStrike will be closely monitored. The ability to change kernel drivers globally without IT approval raises serious concerns about security and control. This issue was caused by a faulty channel file in the registry that now requires administrators to manually fix. This was not tied to an automatic software update that could have been prevented. Organizations may need to consider alternative and/or additive solutions to avoid similar issues in the future. Morphisec is here to help with this process and ensure our customers our protected at all times.
Morphisec pairs with Crowdstrike to fill the gaps and protect against the threats that are missed by relying on signatures. Organizations that have lowered security system sensitivity can be exploited by malware - Morphisec can harden the attack surface for these organizations thanks to prevention-first security that doesn't rely on signatures. Read to learn how Morphisec closes the Crowdstrike security gap.
.png?width=571&height=160&name=iso27001-(2).png)