Explaining the flaw in the CrowdStrike system that caused the cyber blackout.
CrowdStrike assures that the incident was not an attack! A failure in the content update related to the CrowdStrike Falcon security sensor, which is used to detect possible hacker intrusions, was the cause of the cyber attack this Friday (19/07), which left thousands of companies and people around the world without access to operating systems, especially Microsoft’s Windows.
Cybersecurity firm Crowdstrike, which was responsible for the outage, was adamant that today’s incident was not an attack. What we can say that definitely happened in the early hours of this Friday, according to the company, was a kind of content update in Microsoft’s Windows hosts files.
A Host file is used by the operating system to map friendly hosts to numeric Internet Protocol (IP) addresses that identify and locate another host on an IP network. These host files contain lines of text that are IP addresses and they communicate with each other.
The CrowdStrike Falcon that was updated and ended up causing problems is a sensor that can be installed on Microsoft’s Windows, Mac or Linux operating systems. These are product modules that connect to a security solution environment called an endpoint, which is hosted in the cloud. This sensor allows instant access to information on the “who, when, where and how” of an attack, and its cloud-based architecture allows for fast and accurate response and correction times.
Endpoint security provides protection for devices. Cloud computing is the delivery of computing services, including servers, storage, databases, networking, software, analytics, and intelligence, over the Internet (the cloud), enabling rapid innovation with flexible resources and economies of scale. And it is these services that have been difficult for enterprise platforms around the world to access.
According to the General Data Protection Law (LGDP), endpoint security works to ensure the protection of sensitive information and helps companies comply with data protection rules. This means that there is a growing need for security measures that companies must have in place to prevent cyber threats.
Mitigation to roll back CrowdStrike system failures
Microsoft earlier said it was taking mitigation measures, but warned that many users may not be able to access various apps and services, as has happened around the world. The affected companies have since identified that they use CrowdStrike’s security system.
Due to the situation that occurred today, the company’s shares, quoted at the opening of the stock market at US$ 351, were traded on Friday afternoon at US$ 297, a drop of more than US$ 50, which meant a loss of market value for CrowdStrike of more than US$ 2 billion in a single day.
Tracked attacks
CrowdStrike’s Global Threat Report, which highlights notable trends and events across the cyberthreat landscape, has detected 34 newly identified adversaries in 2023. More than 230 adversarial attacks in total were tracked by the company, and intrusions in the cloud, where today’s issue occurred, increased by 75%.
According to the company, the fastest recorded time to commit an e-crime was two minutes and seven seconds. The report also found that the number of victims of data theft identified on the dark web increased by 76%. The intelligence report examines how adversaries are operating and finds unprecedented stealth, with rapid attacks adapting to avoid detection by security systems.