How one faulty update killed half the world’s IT systems

Share via:


The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.

Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …

Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.

But the other half of it is the nature of the software, as Bloomberg explains.

Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.

But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.

One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.

But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.

At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out.

Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.

Macs aren’t affected because Apple offers its own Endpoint Security framework, so there’s no need to use CrowdStrike.

Photo by Ivan Vranić on Unsplash

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

How one faulty update killed half the world’s IT systems


The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.

Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …

Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.

But the other half of it is the nature of the software, as Bloomberg explains.

Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.

But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.

One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.

But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.

At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out.

Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.

Macs aren’t affected because Apple offers its own Endpoint Security framework, so there’s no need to use CrowdStrike.

Photo by Ivan Vranić on Unsplash

FTC: We use income earning auto affiliate links. More.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Apple @ Work: Understanding Apple’s Private Wi-Fi Address feature

Apple @ Work is exclusively brought to you...

Apple Card will soon stop offering 3% cash back...

Earlier this week, Apple announced some additional 3%...

Meet three incoming EU lawmakers in charge of key...

The European Union looks to have clinched political...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!