Last week’s global IT system outage, triggered by a faulty software update from CrowdStrike, caused widespread disruptions across various Windows operating system (OS) types.
The faulty CrowdStrike Falcon Sensor update and subsequent outage – the CrowdOut Event – underscore the potential for Single Point of Failure (SPoF) technology outages to impact the global digital economy, according to CyberCube’s analysis of the event.
The issue began with an update that was intended to enhance security but inadvertently included a logic error in a configuration file.
Invalid operations caused by the logic error led to the OS encountering conditions it cannot resolve, CyberCube said. This resulted in system crashes, manifesting as the BSoD. The BSoD is a protective measure to prevent further damage to the OS by stopping all operations.
A defective kernel driver included in the update led to the dreaded”Blue Screen of Death” (BSoD) in systems across the globe.
The faulty update affects companies using CrowdStrike’s Falcon software on machines running Windows OS, both desktop (including Windows 10 and 11) and Windows Server, CyberCube said. These are the primary companies affected by the event.
“With its global position in cybersecurity, CrowdStrike’s own customer base includes many other organizations that CyberCube identifies as SPoFs. Companies relying on one of these SPoFs may be secondary victims of the event, even if they do not use CrowdStrike and Windows directly,” the cybersecurity risk firm added.
Additionally, CrowdStrike Falcon is deployed by managed security service providers (MSSPs) on the networks of other – typically smaller – organizations they oversee. These organizations using such MSSPs are also secondary victims of the event, CyberCube said.
Financial institutions, healthcare providers and transportation networks have all experienced disruptions.
The SaaS risk analytics firms is advising clients on how to use SPoF Intelligence to identify exposed insureds and estimate the exposure footprint of the event.
It is likely that all users of the core components of the CrowdStrike Falcon platform in conjunction with Windows OS are impacted, CyberCube added.
Analysis of the count of companies exposed across CyberCube’s US Industry Exposure Database (IED) identifies large companies in Manufacturing, IT, Healthcare, and Financials as the most likely to be exposed.
Examination of exposed limits shows an outsize exposure in the Aviation, Banking and Retail sectors.
CyberCube provided clients with a list of SPoFs that are dependent both on CrowdStrike Falcon and Windows OS and noted that the outage affects various versions of Windows operating systems.
The CrowdOut Event appears to be “mainly a system failure or business interruption (BI) event,” CyberCube said.
Customers may experience secondary impacts by way of additional SPoFs that fall within this primary footprint, mainly related to financial services and payment system technologies have been observed, exposing companies that rely on these SPoFs to possible contingent business interruption (CBI) outages, the cybersecurity risk modeling firm added.
Affected organizations can expect a series of remediation and recovery efforts to take place immediately.
Companies with the IT resources to handle large-scale incidents are expected to recover faster.
There may be ongoing disruptions as companies implement patches and verify their systems’ stability.
Rolling back the update and applying patches requires specialized knowledge. For small and medium-sized companies, a lack of access to IT staff could delay the remediation process.
Companies lacking robust contingency or IT backup plans could also face additional disruptions, CyberCube added.