Corporate Windows has come to a standstill this Friday. As a result, private companies around the world such as banks, airlines or media outlets, as well as public entities, whether they were administrations, hospitals or transport operators, ports, railways and airports, have seen their computer systems collapse. More than 3,000 flights cancelled worldwide, waiting rooms collapsed, stranded goods, blocked finances. The kind of chaos that the digital industry has feared most since 2017.

So it was WannaCry, the first major global cyberattack, that caused it. The fear of a repeat occurrence has turned the cybersecurity sector into one of the most profitable and its members into some of the highest-paid professionals in the world. This Friday, however, the tables have turned. The computer blackout was not caused by a virus or a gang of cybercriminals, but by one of those companies that are responsible for protecting digital networks from their threats.

“Our worst nightmare is exactly what happened to CrowdStrike today: killing the patient we want to protect,” laments Sancho Lerena, CEO of the Spanish technology company Pandora FMS. One of the updates to the developer’s Falcon system, one of the most advanced antiviruses (which professionals call EDR), has turned out to be defective. This has caused a critical error in Windows and Azure, Microsoft’s cloud systems service, which in turn has led to chain failures and the collapse of computer systems around the world.

“CrowdStrike is one of the most powerful security manufacturers in the world,” Lerena recalls, but “technology and especially software are becoming more and more complex. It is not about choosing the best supplier, it is about understanding that the more technology there is, the more likely it is to fail,” he says.


It is a bitter reminder for thousands of passengers, patients in healthcare waiting rooms and those affected by a paralysed financial system. Falcon is an extremely comprehensive threat detection platform, using artificial intelligence and real-time monitoring to detect attacker tactics, anticipate them and design possible responses and counter-offensives automatically. It operates in the cloud, which further increases its ability to respond quickly to a cyber attack.

Falcon is the shield that any cybersecurity manager would have longed for in 2017. Seven years later, it has been largely responsible for another global blackout. The failure in its update has caught Microsoft off guard, which despite the worldwide chaos generated by the failure in Windows has taken several hours to report what was happening and has not been able to contain the incident before it turned into global chaos. An incident that once again highlights the fragility of a digital environment dependent on a handful of private companies.

Global “Blue Screen of Death”

This critical error is the most feared by any user and developer. Its official code is BSOD (Blue Screen of Death) and implies that the device must be manually restarted in safe mode and the file that is causing the problems must be deleted. Despite being one of the oldest, this is the first time it has occurred on this scale. “The update was launched at night and what happened was that it failed to synchronise with all Windows systems,” explains Rafael López, cybersecurity expert at the firm Perception Point, in conversation with this medium.


“The problem is that the solution has to be applied manually to each of the affected devices. What happens? It is not the same if I have a plant with 50 devices than if I have 100,000, as is happening throughout the world. There are organizations in which 300 people at a time have to go into each device to implement this solution proposed by the manufacturer. It is very laborious,” explains the expert.

“CrowdStrike is an EDR that is used by virtually all large companies worldwide, because it may be one of the best, if not the best EDR in the world. That is why there has been such a large impact,” López continues.

Responsibilities

The sequence of events indicates a more than likely negligence in the CrowdStrike update. These types of updates are tested in controlled environments before being implemented throughout the system. Once it has been verified that everything works correctly with them in place, the green light is given to execute them at a general level. Not carrying out this procedure or not thoroughly reviewing its results is considered bad practice, not only in the cybersecurity sector but in the entire digital industry. Even more so with critical updates such as Falcon.

CrowdStrike has acknowledged the flaw but has not explained how it could have happened. “There is a possible fault here on the part of CrowdStrike in not having done the tests properly in pre-production. It is true that you cannot reproduce absolutely everything, but you should have possibly done some more tests, because it is clear that they have not calculated well the impact of everything that could happen on Windows systems when launching it, because it has broken everything,” says the specialist from Perception Point.

The incident will go down as one of the most serious in history, and one of its hallmarks is the very poor communication from both CrowdStrike and Microsoft. The former in particular, the original cause of the failure, is being heavily criticised for its public reaction to the incident.

Neither the company nor George Kurtz, its president, have made any statement until more than 10 hours after the failures became apparent in stations and airports. Kurtz then posted a message on X where he acknowledged the failure, but did not provide any information or apologize to those affected. “Let’s be clear. Legal doublespeak is designed to avoid and obfuscate rather than inform or communicate. Obviously, this statement was drafted by a committee of lawyers and middle managers whose only objective was to avoid legal risks and threats to their own job security,” he stressed. Lulu Chengspecialist in corporate communications.

“The first words should be ‘I’m sorry,’ but you won’t find that anywhere in this statement. Not the watered-down ‘I take responsibility.’ Not even the bland ‘We regret…’ Nothing!” Cheng added: “CrowdStrike has caused a power outage that brought down airlines, a stock exchange, hospitals, ICUs. People could have died.”

About six hours after his first post, Kurtz has reappeared to publish a new message in which he apologizes, but also takes the opportunity to pass the buck. “Today was not a security or cyber incident. Our customers remain fully protected,” he recalled. “We understand the seriousness of the situation and deeply regret the inconvenience and disruption. We are working with all affected customers to ensure that systems are back up and running and can provide the services their customers count on.”

Beware of scams

Experts remind that this chaotic situation can be exploited by cybercriminals both during the outage and in the coming days, so they call for increased precautions. We are currently in the midst of one of the largest global computer blackouts in history. Remember: verify that people are who they say they are before taking sensitive actions,” he advised. Rachel Tobacprofessor of computer security.

“Criminals will try to take advantage of this disruption to impersonate you as members of the IT department or you as your team in order to steal access, passwords, codes, etc.”, he continued. The Windows bug scam, now directly linked to reality, remains one of the most common scams in the world.

Source: www.eldiario.es



Leave a Reply

Related News

Netanyahu confirms authorization of pager attack against Hezbollah in Lebanon

Netanyahu confirms authorization of pager attack against Hezbollah in Lebanon

November 23, 2024
the left held a public hearing against layoffs and privatization of the railway

the left held a public hearing against layoffs and privatization of the railway

November 23, 2024