HashBringing Breach Blog

‹ Back

CrowdStrike Shuts Down the Internet

 

 

 

 

Late Thursday night into the early hours of Friday morning, countless IT professionals were abruptly awoken by system issues. Overnight, millions of Windows computers worldwide were blue-screening, and at first, no one knew why. Most probably initially assumed that Microsoft had some kind of large-scale cyber attack, or some novel exploit had been released, but it turns out the issue was spawned from the very tool that was supposed to protect systems.

 

 

 

What happned?

 

As the dust settled, it was determined that a CrowdStrike update had been pushed that was causing a "boot loop" on Windows systems. As the update was applied, machine after machine output the blue screen of death. Teams scrambled to remove mission-critical machines from the network to prevent the update from being pushed, but the damage had been done. Hospitals were shut down, flights grounded, and millions of websites were left unreachable. While CrowdStrike did eventually release a break fix, their communication was disjointed and often unclear. Their communications rolled out at a sporadic pace, and the guidance didn't seem to do much good. Eventually, systems were rolled back and much of the damage was undone, but the outage cost billions worldwide in what looks to be one of the largest IT outages in history.

 

 

 

Whats Next?

 

CrowdStrike evidently held a significant market share, judging by the wide range of industries and devices impacted by the outage. While I recognized their reputation as a strong company with an excellent product, I hadn't fully grasped the extent of their penetration across various industries. While I think they will certainly lose business and take a dive in the stock market (they lost about 14% of their value in a single day because of this), I know they will take the lessons learned from this incident and ensure their code review process is completely revamped. Overall, I think the company will fully rebound, and while I've already seen other EDR companies use this as a marketing technique, I'm confident CrowdStrike will continue to dominate the industry.

My bigger concern with the outage overall is it revealed, like so many other outages, just how dependent we are on technology. While this was a simple mistake that in most cases was resolved within the day, the outage affected millions of lives. As we continually become more and more dependent on technology, our vulnerability to these disruptions only grows, highlighting our urgent need for robust backup systems and contingency plans to mitigate the impact of these events in the future.