What is Crowdstrike? The rogue update that brought down the world: How one app is believed to have crippled Microsoft computer networks across the globe – and it could be days before we’re all back online
The fraudulent app believed to be responsible for shutting down computers worldwide is ironically designed to protect PCs from hackers.
Crowdstrike is a cybersecurity service designed to stop internet breaches for the world’s largest companies. But a faulty update is said to have brought the world to its knees.
The software update is believed to have been sent to subscribers’ computers on Friday afternoon, immediately causing chaos.
It is believed to have sent servers, desktop PCs, laptops and business computer terminals into a death spiral of reboots and the so-called ‘blue screen of death’, displaying the error message: ‘DRIVER_OVERRAN_STACK_BUFFER’
“CrowdStrike is aware of reports of crashes on Windows hosts associated with the Falcon Sensor,” the company admitted in a statement as the disaster unfolded globally.
Symptoms include hosts experiencing a bugcheck/blue screen error related to the Falcon Sensor.
‘Our technical teams are working hard to resolve this issue. You do not need to create a support ticket.
‘We will post status updates as soon as we have more information, such as when the issue has been resolved.’
Crowdstrike is a security service designed to prevent internet breaches for the world’s largest companies. However, a rogue update is believed to have brought the world to its knees.
The rogue app suspected of shutting down computers around the world is ironically designed to protect PCs from hackers
The update has caused chaos around the world, with flights grounded, supermarkets forced to close, banks taken offline and TV channels taken off the air.
Computer analysts believe that a poorly written piece of code in the update caused the catastrophe, devastating computer networks around the world.
Experts have already come up with a partial workaround for some users, allowing them to boot into Safe Mode and rename the Crowdstrike folder.
But that only works on computers with the lowest security level.
And those with higher levels of security (those that use Bitlocker hard drive security to protect data, which is used in the most secure systems and computers) may have to wait days before they can be repaired.
“Most organizations should be getting back online now,” said Alastair MacGibbon, Chief Strategy Officer of CyberCX.
“But there’s always the problem case: a team is technically unable to roll back or can’t restart. That will have consequences.”
The update has caused a global uproar, with flights grounded, supermarkets forced to close, banks taken offline and TV channels taken off the air.
Crowdstrike is designed to protect computer networks from hackers who can cause this kind of chaos.
“Proven, tested, easy-to-use protection so you can focus on your business while we focus on security,” their website boasts
‘CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and supports the people, processes, and technologies that power modern enterprises.
CrowdStrike secures the most critical risk areas, helping customers stay ahead of today’s adversaries and prevent breaches.
“With CrowdStrike, customers benefit from superior protection, increased performance, reduced complexity, and immediate time to value.”
The company says its cloud-based software Falcon can identify and eliminate threats before they can penetrate corporate networks.
Instead, an update to the Falcon security agent is blamed for the crashes, with IT staff now working around the clock to repair the damage.
“The cyber crisis we are currently experiencing, caused by a technical issue in Crowdstrike’s agent, is unprecedented and on a scale we have not seen in years,” said Amiram Shachar, founder of rival security firm Upwind.
‘It has already had a huge impact on critical infrastructure worldwide, including hospitals, banks, airports and communications services.
‘Because the agent causes organizations’ Windows systems to shut down, millions of companies are affected, as most organizations install updates automatically.
“Considering that the Crowdstrike agent is installed on millions of devices, ranging from servers to PCs and IoT devices, the damage is unprecedented.”
He added: ‘While the full implications of this event remain to be seen, we can already learn some important lessons from it for future behaviour.
‘For Crowdstrike and similar vendors, it is essential to thoroughly investigate each version update before releasing it to customers. They realize that technical issues can cause significant damage.
“The key lesson is the importance of implementing a gradual process for updating critical infrastructure.
‘The only aspect that should be automatically updated is the test environment.
It is believed to have sent servers, desktop PCs, laptops and business computer terminals into a death spiral of reboots, resulting in a blue screen of death, displaying the error message: ‘DRIVER_OVERRAN_STACK_BUFFER’
Crowdstrike was listed on the Nasdaq in 2019 and five years ago its shares were sold for $83. Since then, the price has risen to $353.
‘Development and production environments should only be updated after successful testing.
“This approach prevents technical failures from impacting critical business functions.”
Crowdstrike was founded in 2011 by George Kurtz, Dmitri Alperovitch, and Gregg Marston, and launched the Falcon protection service two years later.
The company was listed on the Nasdaq in 2019. Five years ago it was trading at $83 and since then the price has risen to $353.
It played a key role in the investigation into the hack of the US Democratic Party during the 2016 presidential election, which found the involvement of Russian intelligence services.
It is one of the sponsors of the Formula 1 racing team Mercedes and provides cybersecurity for their crucial data.
“To win, we must have complete confidence in the information and infrastructure that drives our team,” Mercedes team principal Toto Wolff said when the deal was revealed.
“I am pleased to have CrowdStrike as our cybersecurity vendor and partner.”