Following Friday’s global Microsoft outage, IT systems managers and security executives are working to restore critical infrastructure. The outage, which affected airlines, hospitals, public transportation, banks, and 911 centres, was traced to an update from cybersecurity firm CrowdStrike. Their Falcon Sensor software, designed for real-time threat protection, caused Windows hosts to enter a “blue screen of death” loop.
CrowdStrike CEO George Kurtz emphasised that the incident was not a security breach or cyberattack and that the problem had been identified, isolated, and fixed. Microsoft indicated that residual impacts might still affect Microsoft 365 apps and services. Experts noted that due to the nature of the issue, fixes couldn’t be deployed remotely, requiring end users to manually resolve the problem by booting affected systems in safe mode and deleting the problematic file.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors may exploit the situation for phishing and other malicious activities. CISA urged vigilance and advised following instructions only from legitimate sources.
Agnidipta Sarkar, Vice President, CISO Advisory at ColorTokens, highlighted the increased vulnerability during recovery and recommended investment in breach-ready micro-segmentation. Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, noted reports of criminals posing as CrowdStrike or Microsoft support to execute social engineering attacks.
The bug in CrowdStrike’s memory scanning prevention policy led to severe system performance issues. Experts suggest that more thorough testing, including sandbox testing, incremental rollouts, and extensive user feedback, could have prevented the problem.
Alan Stephenson-Brown, CEO of Evolve, and Martin Greenfield, CEO of Quod Orbis, emphasised the need for robust contingency planning and a multi-layered defence strategy to enhance operational resilience. Greenfield pointed out the interconnectedness of global IT systems and the potential for cascading failures.
Guy Golan, CEO of Performanta, described the incident as a significant process and QA failure, driven by market pressures. He warned of potential future cyber security complications and called for elevating cyber issues to the top of the business agenda. This event underscores the critical importance of comprehensive cyber-resilience strategies and the potential economic impact of IT outages.
Irish Samachar English News
{OR} Kindly click to follow the Irish Samachar News channel on WhatsApp
Comments are closed.