CrowdStrike Update Causing Global IT Outage Likely Skipped in Quality Checks: Experts

Washington:

Security experts said CrowdStrike’s routine update of its widely used cybersecurity software, which caused the global failure of customer systems on Friday, apparently did not undergo adequate quality checks before being deployed.

The latest version of Falcon sensor software is designed to make CrowdStrike customers’ systems more secure against hackers by updating the threats it defends against. But faulty code in update files resulted in one of the most widespread technology outages in years for companies using Microsoft’s Windows operating system.

Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information to fix the affected systems, but experts said bringing them back online would take time as it would require manually eliminating the faulty code.

“What it looks like is, potentially, the scanning or the sandboxing that they do when they look at the code, maybe somehow this file didn’t make it into it or it slipped through,” said Steve Cobb, chief security officer at Security Scorecard, who also There were some systems affected by the problem.

Problems emerged quickly after the update was released on Friday, and users posted photos on social media of computers with blue screens displaying error messages. They are known in the industry as “blue screens of death”.

Patrick Wardle, a security researcher who specializes in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The update problem was “in a file that contains configuration information or signatures,” he said. These signatures are codes that detect specific types of malicious code or malware.

“It’s very common for security products to update their signatures once a day… because they continually monitor for new malware and because they want to make sure their customers are protected from the latest threats,” he said.

The frequency of updates “is probably the reason why (CrowdStrike) hasn’t tested as much,” he said.

It’s unclear how this faulty code made it into the update and why it wasn’t detected before it was released to customers.

“Ideally, this would have been implemented in a limited group first,” said John Hammond, principal security researcher at Huntress Labs. “This is a safer approach to avoid a big mess like this.”

Other security companies have had similar episodes in the past. McAfee’s 2010 antivirus update paralyzed hundreds of thousands of computers.

But the global impact of this outage reflects CrowdStrike’s dominance. More than half of Fortune 500 companies and many government bodies, such as the US’s top cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, use the company’s software.

(Except the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)