A significant global IT outage has brought to light the critical need for more robust and resilient solutions to mitigate customer chaos and security risks. The incident, primarily affecting Microsoft and CrowdStrike users, underscores the essential role of preparedness and secure development in today’s interconnected business landscape.
The outage, which disrupted airlines, media, banks, and various other industries, was reportedly caused by a faulty software update. Experts emphasize that this incident is a stark reminder of the importance of meticulous testing and secure development practices.
Mark Jow, Security Evangelist EMEA at Gigamon, commented:
“This Microsoft IT outage demonstrates the need for more robust and resilient solutions so that when these issues do arise, they can be resolved quickly without causing such widespread customer chaos and security risk. Preparedness is key – every IT and security vendor must have a robust system in place across its software development lifecycle to test upgrades before they are rolled out to ensure that there are no security flaws within the updates.”
Alexey Lukatsky, Managing Director, Cybersecurity Business Consultant, Positive Technologies
This case reminds us of the importance of secure development, since in this case it was most likely the lack of update checking both on the side of the manufacturer – CrowdStrike – and on the side of consumers who automatically installed all the updates that reached them, and led to a massive global outage around the globe. With the exception of those countries that are not using infosec products from this American corporation.
In addition, this story shows us how firmly information technologies have become embedded in people’s lives and in various business processes, and how catastrophic the consequences of an accidental or unauthorized, malicious impact on the IT infrastructure can be. That is, in other words, businesses are faced with the task of assessing those non-tolerable events with catastrophic consequences that can occur in their activities due to the impact on the IT infrastructure.
And this is not the only case of a similar scale. There have already been cases of this kind. For example, related to the McAfee antivirus update in 2010. A similar problem occurred with updates to the Windows operating system itself, as well as its Microsoft Defender protections, which resulted in the inability to perform normal functions for users. Therefore, this problem is of a general nature, it is not connected with the country of origin of this or that software and simply raises once again the question of how much the influence of the IT infrastructure on business can lead to the implementation of certain non-tolerable events.
At the moment, the root cause, based on the scale of the disaster, the way the incident manifested itself, appears to be failure to follow safe development practices. But there is a version that cannot be ruled out: it has not yet found any confirmation, but we, as experts in the field of cybersecurity, cannot completely deny it. This is the intrusion of attackers into the software development process at CrowdStrike, which could have led to the introduction of malicious functionality into the next update, which ultimately led to this kind of massive failure.
Everyone remembers the story with SolarWinds, also an American company, which suffered from such an incident a couple of years ago when attackers penetrated the development process and introduced malicious functionality into an update that was rolled out to the computers of almost 20 thousand SolarWinds customers.
The only thing that can suggest that these are unlikely to be malicious actions of cybercriminals who have intruded into the development process is that usually in these types of stories the task of cybercriminals is to remain undetected for as long as possible. In order to be able to penetrate the networks of companies in which software products with malicious loads are installed.
In this case, the update almost instantly led to computer inoperability, which is often not the goal of most APT-groups, whose task is not to disable systems, but to obtain either data that can then be sold, or blackmail the victim’s company, or perform some kind of other functions related to cyber espionage.
Darren Anstee, Chief Technology Officer for Security, NETSCOUT
“The worldwide IT outage currently affecting airlines, media, banks and much more appears to have been caused by a faulty software update which was automatically applied, and not a cyberattack. This is another demonstration of how dependent we are on both our IT infrastructure, and the supply chains that deliver tightly integrated capabilities within it.
“There will undoubtedly be a huge fall out from this, with a lot of questions set to be raised around how to balance the need for regular security updates for defence, compliance etc, with the risk of applying unqualified updates to systems. Most enterprise software goes through testing and controlled roll-out before it is pushed to a whole population, but this doesn’t seem to be the case in this instance.”
This critical event serves as a wake-up call for businesses globally to reassess their IT infrastructure and the processes they have in place for software updates and security measures.
