While not a cyberattack, CrowdStrike outage ‘no less damaging’

To avoid massive IT outages like the one that hit Windows users starting Thursday evening and continuing on Friday, business and organizations need to be cognizant of their widely deployed software and keep auto-updates to a minimum, UB cybersecurity expert Dominic Sellitto says.

“The big takeaway for organizations is to make sure that they conduct inventories of their widely deployed software, and make sure that auto-updates are kept to a bare minimum,” says Sellitto. “Most IT organizations have a rigorous testing cycle internally that happens with things like Windows updates to ensure this sort of thing doesn’t happen.

“I think many organizations are going to be extending this process in light of this event. It’s unclear whether this update could have been prevented or halted within the CrowdStrike software by customers of the platform, but the conversation will certainly shift in that direction.”

“The average consumer does not use this enterprise software, so most people don’t have to worry about this affecting their home computers,” he says. “The company has moved quickly to issue a fix — though it may take time to remedy the situation for many companies, especially those who rely on remote access to administer systems in other geographic regions.”

The outage knocked out health care, business and transportation systems worldwide, grounding some major U.S. airlines, halting hospital surgeries, disrupting emergency 911 call service in some states and knocking some television stations off the air.

The outage appears to be due to a faulty software update affecting Windows programs running technology from CrowdStrike, a cybersecurity company, says Sellitto, a clinical assistant professor of management science and systems in the School of Management and an expert in cybersecurity, artificial intelligence, information assurance, digital forensics and information technology management.

“Much like your personal software on your computer, enterprise-level software updates happen periodically. Some software updates are held back and manually applied by IT in organizations, while others are automatically updated. In this case, it appears that customers of the CrowdStrike Falcon Sensor cybersecurity software, which includes a large number of enterprises worldwide, received what CrowdStrike refers to as a content update overnight, which may have been applied automatically to customers,” he says.

“This update contained a file that inadvertently caused Windows devices to crash, commonly referred to as ‘the blue screen of death’ in the tech community. Many customers reported that the crashed computers continued to crash upon attempting to reboot, grinding businesses to a halt,” he says.

“It’s tempting to look at this and think that it feels a lot like a cybersecurity attack. While it appears that it isn’t, the impact may be seen as no less damaging,” says Sellitto. “The goal of many attacks is to halt business operations. In this case, business operations were brought to a halt; it’s just that the intent was not malicious. Ultimately, the cost equation to businesses and consumers doesn’t care much about the motivation of these things — impact is impact.”