Crowdstrike-Software not sufficiently tested
An update of an IT security software from Crowdstrike caused fatal disruptions at airports, banks and the healthcare system. It is unclear how the erroneous code made it into the update. Crowdstrike likely did not examine it closely enough.
According to cybersecurity experts, the update of Crowdstrike's IT security software, which caused worldwide IT system failures, was not thoroughly tested before its release. "It looks like this file may not have been included in the testing or bypassed it," said Steve Cobb, Chief Security Officer at Security Scorecard. Some systems were also affected by the global issue.
The latest version of the software "Falcon Sensor" was supposed to make Crowdstrike customers' systems safer. However, faulty code in the update files led to outages for companies using the Microsoft Windows operating system worldwide.
Patrick Wardle, a security researcher specializing in the investigation of threats to operating systems, told Reuters that he identified the code responsible for the outage. It was found in a file that either contained configuration information or signatures. Signatures are a code that recognizes specific types of malicious code or malware. "It's common for security products to update their signatures, for example, once a day... because they're constantly looking for new malware and because they want to ensure their customers are protected from the latest threats," said Wardle. "The large number of updates is likely the reason why Crowdstrike didn't test it as often."
It is unclear how the erroneous code made it into the update and why it wasn't detected before it was released to customers. "Ideally, the update should have been first released to a limited customer base," said the leading security researcher at Huntress Labs. "This would have been safer and could have prevented the chaos."
"We apologize for the inconvenience"
The worldwide IT system failures caused significant problems around the globe on Friday. Airline services, healthcare, shipping, and the financial sector, among others, reported hours-long outages.
Crowdstrike CEO Kurtz apologized on US broadcaster NBC News. "We apologize for the inconvenience caused to our customers, travelers, and all those affected, including our own company," he said. The problems would be resolved soon, but it could take some time for systems that did not automatically recover to come back online.
Services from airlines to healthcare and shipping, as well as the financial sector, went back online on Friday after hours-long outages. However, many companies were still dealing with a backlog of delayed and canceled flights, missed doctor's appointments, missed deadlines, and other issues, which could take days to resolve.
Meanwhile, the Australian cybersecurity agency warns against "malicious websites and unofficial code" on the internet that claim to help restore the affected systems. Affected customers should rely only on official information and updates from Crowdstrike.
The global incident highlighted the reliance of many internet companies on software updates from providers like Crowdstrike. Despite the escalating importance of cybersecurity in the digital economy, incidents like these underscore the need for rigorous testing before software releases.
