Air travel, trains, payment systems, hospitals and media services are among the services disrupted by a “Blue Screen of Death” that started appearing on boot of Microsoft powered IT systems today.
George Kurtz, the CEO of CrowdStrike said the problems were caused by a defect in an update for Microsoft Windows devices.
According to Kurtz, the issue has been identified, and isolated and a fix has been deployed, and it does not represent a security incident or a cyber-attack.
Still, the impact of the bug has been significant and has led the industry to think in broader terms about cyber security architecture.
Expanding further on the likely cause, Kevin Reed, CISO at data protection and cybersecurity firm Acronis, told Capacity the outage appears to stem from a bug in CloudStrike’s Endpoint Detection and Response (EDR) agent, adding that it appears this was unfortunately not thoroughly tested.
“An outage of this global scale and scope sharply reminds us of the interconnectedness of modern digital infrastructure,” Mark Boost, CEO of UK Cloud provider Civo told Capacity.
Because of this, issues can rapidly escalate, causing widespread disruption across industries and geographical borders.
To give an example of the disruption caused, Jake Edwards, a heating engineer from Welling in London told Capacity, "I just tried to buy lunch from Co-op, it was cash only, but I didn't have any cash."
“This incident underscores the critical importance of robust crisis management plans that are regularly tested and updated,” Boost told Capacity.
“The scale of this outage also highlights the risks associated with over-reliance on a single system or provider. Implementing redundant systems and failover protocols is not just a best practice but a necessity for maintaining critical operations. It's a sobering reminder that size and reputation do not guarantee invulnerability to significant technical issues or security breaches. Even the largest and most established companies must be vigilant, continuously updating and securing their systems.”
Al Lakhani, CEO of IDEE, which provides a passwordless, phish-proof multi-factor authentication solution agreed that the incident “underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation.”
Lakhani said Microsoft clearly fell short in this regard, and the industry is witnessing a cascade of operational failures around the world as a result.
Flacon Sensor is described by CrowdStrike as a platform “purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks, including malware and much more.”
Lakhani believes this platform approach which relies on a single agent focused on detection, might seem good at first glance but can create significant issues.
“For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure.”
Reed added that the flawed update “necessitates manual intervention to resolve, specifically rebooting systems in "safe mode" and deleting the faulty driver file.”
He described this process as “cumbersome” and leaving systems vulnerable in the interim, potentially inviting opportunistic attacks.
“This incident highlights the importance of rigorous testing and staged updates for EDR agents. Normally, testing is done with every release and can take days to weeks, depending on the size of the update or changes. The ease with which their driver files can be deleted also raises questions about the self-protection mechanisms of CrowdStrike's software,” Reed continued.
