The world was recently hit by a major global IT outage which was caused by a software update from CrowdStrike, targeting their Falcon sensor security software on Microsoft Windows. The CEO of Crowdstrike, George Kurt stated on X, that the unprecedented event is only a software update issue and not a security incident nor a cyber attack. However, cyber criminals have wasted no time in exploiting CrowdStrike’s IT outage to carry out various security attacks.
CrowdStrike’s update was supposed to enhance the Falcon sensor’s ability to detect new cyber threats, thereby improving security. Instead, it had a logic error triggered by the routine sensor configuration update and caused a widespread display of the dreadful “blue screen of death”. The disastrous patch rolled out on Friday and has knocked approximately 8.5 million Windows devices offline in the US, UK, Australia and other countries.
Many critical services such as health, finance, and transportation were affected as a result of CrowdStrikes’s IT outage. Airports had to cancel flights, and train services were disrupted. Hospitals struggled to function, and banks faced serious issues. Even emergency services like 911 were affected in some areas. Many businesses had no choice but to go back to using pen and paper to keep business operations running.
While this wasn’t a traditional cyber attack, it caused major problems with system and information availability, which is a key part of cybersecurity. Here’s where things got worse: threat actors took advantage of the CrowdStrike’s IT outage and are quickly causing chaos.
- Set up many typosquat phishing websites pretending to offer fixes for the problem to CrowdStrike users. Some of these sites requested payment to get the issue fixed.
- Distribute a ZIP file named “crowdstrike-hotfix.zip” that led to infection with the RemCos remote access trojan (RAT).
- Create a fake word document containing the same instructions found on Microsoft’s own blog post announcing the Recovery Tool, including a seemingly legitimate Microsoft URL. However, the document contains a malicious macro that installs infostealer malware when activated.
- Create fake sites advertise legal services, with the aim is to entice businesses with the opportunity to file a legal claim against CrowdStrike.
Artificial Intelligence has become a game changer in cybersecurity and Experts think artificial intelligence (AI) could be a big help. Dave West, a top executive at Cisco, suggests using something called “digital twins.” This means testing updates on a replica of the system before sending them out to real computers.
AI could also analyze lots of data to find weak spots in computer systems before they cause problems. It could run practice scenarios to help companies prepare for outages and learn from past mistakes to prevent future ones.
This event reminds us how important strong cybersecurity is in our connected world. Even when we’re trying to make things safer, a small mistake can cause big problems. And when those problems happen, there are always people ready to take advantage. We all need to stay alert and be careful, especially when big tech problems happen.