CrowdStrike CyberSecurity Platform Kills the Internet

Alternate Title: When Security Systems Cause Security Incidents

Summary

CrowdStrike is a cybersecurity company specializing in endpoint protection, threat intelligence, and cyberattack response services. A bad “update” to the CrowdStrike Falcon sensor didn’t play nice with Windows operating systems and caused them to BSOD (blue screen of death).

Breakdown

• The issue impacted various sectors, including airports, banks, and government services.

• The problem was first reported on the CrowdStrike subreddit (https://reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/) on July 18th, 2024.

• “Fix” that allows Windows to boot: Boot to Safe Mode or WinRE → launch cmd → del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys" → Reboot

• Note that the above “fix” also disables CrowdStrike endpoint protection services

Quotes

• "Everyone saying hey it's stuck in a boot loop it won't be able to get past the blue screen of death."

• "This is affecting us on a Friday and it's taken out an airport or a bank or whatever state municipality government 911 things."

• "It's wild to see maybe a good portion of the internet just sort of choke and fall over thanks to this."

• "Supermarkets going cash only in Sydney now."

• "It is going to take real people to actually solve the problem and fix it."

Recommendations for Businesses

• Maintain backups and contingency plans for critical systems to mitigate disruptions.

• Stay informed about cybersecurity best practices and emerging threats.

• Collaborate with industry peers to share knowledge and solutions during crises.

• Regularly monitor software updates for potential issues before widespread deployment.

• Engage with online communities for real-time problem-solving during technical outages.

References

• CrowdStrike subreddit

• Twitter/X

• Reddit thread by @Cyfi10 (Twitter/X handle)

• Reporting by @troyhunt (Twitter/X handle)

• Down Detector (https://downdetector.com)