Deep Dive – CrowdStrike auto-update disaster
CrowdStrike Auto-Update Disaster
The Fallacy of automatic updates
Last July’s CrowdStrike outage led to closed airports, inaccessible bank accounts and hospitals that were only delivering emergency care that did not require any computers. What exactly happened has been discussed at length, but could anything have been done to prevent this outage from having such a disastrous impact on so many people and companies?
In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Rob Maas and Jeroen Scheerder as they discuss the misconfiguration in CrowdStrike’s QA process that led to a faulty file going undetected, eventually leading to the by now infamous 8.5 million blue screens of death.
Taking CrowdStrike as an example, they discuss the inherent risks of automatic updates, especially for critical systems, where even minor oversights can result in significant operational disruptions.
Explore the Hack’s Route in Detail
Find a complete overview of the CrowdStrike Auto-Update Disaster and other attacks featured in Breaking the Illusion: Exposing Security Fallacies:
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO, ON2IT Group
Luca Cipriano
Threat Intel Specialist, ON2IT
Rob Maas
Field CTO, ON2IT
Episode details
Crowdstrike Falcon is an XDR platform which specializes in endpoint detection and remediation (EDR).
On July 19, 2024, Crowdstrike released an automatic update for their Falcon product, which contained a defective file that impacted over 8.5 million systems and led to an estimated financial loss of at least $10 billion globally.
Due to a misconfiguration in the Quality Assurance (QA) process, the faulty file went undetected, leading to widespread system crashes and Blue Screen of Death (BSOD) errors across various sectors, including hospitals, airports, banks and government agencies.
This incident highlights the risks inherent in automatic updates, especially for critical systems, where even a minor oversight can result in significant operational disruptions.
Enter the dynamic world of cybersecurity
Subscribe to our channels, and stay on to it!