On the 19th of June 2024, Various Companies and infrastructures around the world, including health-care corporations suffered a huge loss economically and experienced a massive decline in their routine mode of operation. All these was due to a single windows update which obviously had some defective code.
in this article, we look at the technical side of this disaster and find out how this catastrophic mistake can still occur in our modern world.
Who is Crowdstrike?
Crowdstrike is a renowned Cybersecurity firm, they are famous for their involvement in the Democratic National Committee(DNC) hack in 2016, where they were able to quickly alert the FBI on the note that the hackers were identified as being affiliated with the Russian government.
Crowdstrike high repute has attracted collaboration with many top organizations including Microsoft, to help protect these organisations against cyber attacks.
How does Crowdstrike work?
Crowdstrike has a primary sensor tool called Falcon which provides endpoint protection using artificial intelligence and analytics to detect real-time threats.
The Falcon sensor is installed like regular software but later integrates with the operating system (Windows) at a low-level, often using kernel node drivers and basically just sits at the background looking for anomalies. This also explains why the error didn't affect Mac OS and Linux users.
How is Crowdstrike connected to this?
As stated above, Crowdstrike also works with Microsoft as their Cyber Defense Monitor, they released an update that was automated and had some bugs in it, which led to every windows system displaying a blue error screen or the "blue screen of death" as it's commonly called. This is because it serves as a third party which sits in a critical path of a Windows computer, which simply means, if it fails....then the entire computer fails
- Windows blue screen of death
How was it resolved?
Crowdstrike were quick to release a "how to fix" guide which is as follows;
- Detach the Operating System disk from your computer and create a backup of the disk
- Navigate to the WindR drivers directory
- Delete the bad file (C-00000291.sys)
- Detach the volume from the new virtual server and,
- Reattach the fixed volume to the impacted virtual server
"Don't worry if it doesn't work out, if everything did, you'll be out of a job."
— The Motivational speaker of that Crowdstrike Programmer..
Summary
The Crowdstrike incident caused a huge blow to economic activities,it affected healthcare as hospitals were unable to operate smoothly, the london stock exchange was disrupted,most indian airports went down, it also saw crowdstrike's stock market share reach an all time low.
This can always be tagged as the consequence of big companies and organizations putting their Cybersecurity trust in the hands of just one firm, because one little mistake (some bad code) could end the probably end the world....