Home Australia What is Crowdstrike? The malicious update that brought down the world: How an app is believed to have crippled Microsoft’s computer networks around the world (and it could be days before we’re back online)

What is Crowdstrike? The malicious update that brought down the world: How an app is believed to have crippled Microsoft’s computer networks around the world (and it could be days before we’re back online)

0 comments
Crowdstrike is a security service designed to stop internet breaches at the world's largest companies, but a malicious update is believed to have brought the world to its knees.

The malicious application suspected to be the main cause of computer crashes around the world ironically aims to protect PCs from hackers.

Crowdstrike is a security service designed to stop internet breaches at the world’s largest companies, but a faulty update is believed to have brought the world to its knees.

The software update is believed to have been pushed to subscribers’ computers on Friday afternoon and instantly caused chaos.

It is believed to have sent servers, desktops, laptops and corporate computer endpoints into a spiral of reboots and the so-called “blue screen of death,” with the error message: “DRIVER_OVERRAN_STACK_BUFFER.”

“CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon sensor,” the company admitted in a statement as the disaster unfolded around the world.

‘Symptoms include hosts experiencing a bugcheck error or blue screen related to the Falcon sensor.

‘Our engineering teams are actively working to resolve this issue and there is no need to open a support ticket.

‘Status updates will be posted as we have more information to share, including when the issue is resolved.’

Crowdstrike is a security service designed to stop internet breaches at the world’s largest companies, but a malicious update is believed to have brought the world to its knees.

The malicious application suspected to be the main cause of computer crashes around the world ironically aims to protect PCs from hackers.

The malicious application suspected to be the main cause of computer crashes around the world ironically aims to protect PCs from hackers.

The update has caused havoc around the world: flights grounded, supermarkets closed, banks shut and TV stations off the air.

The update has caused havoc around the world: flights grounded, supermarkets closed, banks shut and TV stations off the air.

Computer analysts believe a poorly written piece of code in the update triggered the catastrophe, destroying computer networks around the world.

Experts have already found a partial solution for some users that allows them to boot into Safe Mode and rename the Crowdstrike folder.

But that will only work on computers with the lowest level of security protection.

And those with higher protection (using Bitlock hard drive security to protect data, which is used on the most secure systems and computers) may have to wait days before they can be repaired.

“Most organizations should be starting to come back online right now,” said CyberCX strategy director Alastair MacGibbon.

Four-Step Workaround to Get Back Online

1. Start Windows in Safe Mode or Windows Recovery Environment (you can do this by holding down the F8 key before the Windows logo appears on the screen)

2. Navigate to the C:WindowsSystem32driversCrowdstrike directory

3. Locate the file that matches the ‘C-00000291′ sys’ file, right-click and rename it to ‘C-

00000291*.renamed’

4. Boot the host normally.

“But there is always a problematic case: either it is a team that is not technical enough to do a rollback or it cannot reboot, so there will be impacts.”

The update has caused havoc around the world: flights grounded, supermarkets closed, banks shut and TV stations off the air.

Ironically, Crowdstrike is intended to protect computer networks from hackers capable of causing just that kind of chaos.

“Tried, tested, and easy-to-use protection, so you can focus on your business while we focus on security,” their website boasts.

‘CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that power modern enterprises.

‘CrowdStrike protects the most critical risk areas to keep customers ahead of today’s adversaries and stop breaches.

‘With CrowdStrike, customers benefit from superior protection, improved performance, reduced complexity and immediate time to value.’

It says its cloud-based Falcon software identifies and negates threats before they can penetrate corporate networks.

But instead, an update to the Falcon security agent is being blamed for causing the glitches, which will now see IT staff working around the clock as they try to repair the damage.

“The cybercrime we are currently witnessing, due to a technical issue in the Crowdstrike agent, is unprecedented and on a scale we have not seen in years,” said Amiram Shachar, founder of rival security firm Upwind.

‘It has already had a massive impact on critical infrastructure around the world, including hospitals, banks, airports and communication services.

‘As the agent causes organizations’ Windows systems to shut down, millions of businesses are affected, as most organizations deploy updates automatically.

‘Considering that the Crowdstrike agent is installed on millions of devices, from servers to PCs and IoT devices, the damage is unprecedented.’

He added: ‘While the full implications of this event are still unfolding, we can already draw some critical lessons for future conduct.

‘For Crowdstrike and similar vendors, it is essential to thoroughly research each version update before releasing it to customers, understanding that technical issues can cause significant damage.

‘The main lesson is the importance of implementing a gradual process of updating critical infrastructure.

‘The only aspect that should be updated automatically is the test environment.

It is believed to have sent servers, desktops, laptops and corporate computer endpoints into a spiral of reboots to a blue screen of death, with the error message: 'DRIVER_OVERRAN_STACK_BUFFER'.

It is believed to have sent servers, desktops, laptops and corporate computer endpoints into a spiral of reboots to a blue screen of death, with the error message: ‘DRIVER_OVERRAN_STACK_BUFFER’.

Crowdstrike listed on Nasdaq in 2019, its shares were selling for $83 five years ago and have since skyrocketed to $353.

Crowdstrike listed on Nasdaq in 2019, its shares were selling for $83 five years ago and have since skyrocketed to $353.

‘Development and production environments should only be updated after successful testing.

‘This approach helps prevent technical failures from impacting critical business functions.’

Crowdstrike was founded in 2011 by George Kurtz, Dmitri Alperovitch and Gregg Marston and launched its Falcon protection service two years later.

It went public on Nasdaq in 2019, its shares were selling for $83 five years ago and have since soared to $353.

He played a key role in the investigation into the hacking of the US Democratic Party during the 2016 presidential election, which found that Russian intelligence services had been involved.

You may also like