Advisory Alert: CrowdStrike Outage – What We Know

Learn about the recent CrowdStrike outage affecting Microsoft devices, its impact, recovery steps, and how Lumu can help ensure continued network security.
crowdstrike outage

Table of Contents

There is a lot of noise around the recent outage affecting Microsoft devices due to a software update from CrowdStrike. Officials say it wasn’t a cyberattack but a misconfigured or corrupted update sent to customers by CrowdStrike.

Just as Impactful as a Cyberattack

While up to now, there are no reports of a threat actor activity, this incident is having the same impact as some of the more devastating cyber attacks we’ve seen in the past. The reality is that a security incident can occur without the involvement of a threat actor, affecting the fundamental principles of security as outlined in the CIA Triad: availability, integrity, and confidentiality.

crowdstrike outage

When any of these principles are compromised, the overall security of the system is impacted. In this particular case, the incident primarily affected the availability of the systems causing widespread outages to major airlines, banks, retailers, but also organizations of all sizes.   

How Could This Have Happened?

Given the significant number of affected machines, a thorough testing process by CrowdStrike would likely have identified the issue during the testing phase. If such testing had been conducted, the problem could have been detected and addressed in a timely manner. This means the following scenarios are possible:

  • CrowdStrike didn’t test the update appropriately, which is highly unlikely due to Crowdstrike’s multiple security certifications, including FedRamp.
  • If the update did pass the testing stage successfully, it is safe to say it was altered after the Q/A was completed. This is likely to have happened in a couple of ways: through an employee by mistake or intentionally or via a threat actor. The investigation taking place right now will help shed light on how exactly it happened.   

While it’s too early to tell, we do know one thing. Adversaries recognize the disruption that can occur by targeting system updates at single points of failure in our critical infrastructure. This motivates adversaries to carry out similar attacks in the future and to take advantage of current circumstances. There are already dozens of phishing sites posing as the CrowdStrike help desk and support center. 

The CrowdStrike outage is a stark reminder of the dangers organizations face when it comes to Platformization which is a trend we’re seeing industry-wide. Consolidation of tools can lead to over-reliance on a single provider which can be devastating in similar situations. 

What Does Recovery Look Like?

The only way to recover affected devices is through manual intervention. This requires physical attention to each device, as remote management tools are ineffective due to the nature of the outage. 

The burden of manually recovering each system is substantial, involving significant time and resource allocation. The workaround for impacted devices (blue screen) can only be done on a one-on-one basis, there is no fix that can be applied at scale. This causes additional disruption to operations and increased costs due to downtime. 

How Lumu Helps

In the process of recovering, many organizations may be overloaded with work or turn to third-party providers to help through this process. With the lack of control over what may happen during the recovery process, Lumu will provide visibility into recovered devices. 

In situations where CrowdStrike needs to be disabled, Lumu will serve as the last  line of defense. As these devices come back online with CrowdStrike disabled, or if users choose to uninstall it, Lumu can easily integrate with other Firewall and EDR tools to ensure these devices are protected as they reconnect. Lumu continues to provide visibility into the network despite the current challenges.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post

RELATED POSTS

soc of the future jeffrey wheat
Trends

The SOC of the Future

Reading Time: 4 minsLumu’s recently appointed Field CTO Jeffrey Wheat looks at the future of the SOC and how incremental improvement leads to proficient operations. Beginning his cybersecurity career at the department of defense, Jeffrey Wheat is a proven leader and CISSP with 30 years of experience spanning SOC management at international firms as well as cybersecurity architecture design and implementation.

Join our pre-day 
workshop waitlist

  • By clicking “Submit Request” you agree to the Lumu Terms of Service and Privacy Policy.