cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager

ALL THINGS CrowdStrike - July 2024 Incident

Hi all! There are so many great discussions about CrowdStrike going on in this Community, but we want to bring them together in one place, so that folks can share and discuss efficiently! 

54 Replies
JoePete
Advocate I


@Caute_cautim wrote:

A great explanation, by the way it is not a cyber security incident:

I would prefer wording like "Not a malicious security incident." It is a cybersecurity incident; checks, balances, and testing that should have been in place weren't there to guard against a catastrophic failure.

JoePete
Advocate I


@dcontesti wrote:

This affected the Availability of many systems globally.  I really question where their Change Management was....no testing? What happened to the Development/Testing/QA/ Production?  A classic fail on their part.

Absolutely. It may not have been malicious, but it most certainly is a security incident. Otherwise, 90 percent of the CVE "isn't a security incident."

 

Part of this is the hazard of uniformity in systems, but this also highlights the hazard of supply-chain attacks. Think about it; you have all these Windows systems bricked by a third-party application. Isn't this what everyone is squealing about these days with "zero trust?"

 

dcontesti
Community Champion

@Caute_cautim @JoePete 

 

So my take, while maybe not malicious, I tend to think of this in terms of a Security Breach.  The basis for most things we do in Security is CIA, although of late, Integrity and Availability are not discussed as much as Confidentiality.  Also when computers start blue screening for no apparent reason, Security always get tapped to work on the issue.  From past experiences, most people think that seeing the Blue Screen indicates they have been hacked.

 

I believe this is a colossal failure in their (CrowdStrike) Change Management processes (development/testing/QA and finally deployment).

 

I also question the contracts in place with CrowdStrike that allows them to automatically push a patch/fix to systems without (so it seems) proper notification.  Not sure about others but we do not even let M$ push patches without our knowledge.  Whilst they may be downloaded automatically, they are not deployed until they are tested in house.

 

Total failure;  Management 101 gets an F- for CrowdStrike.  To those that have cntracts with CrowdStrike also an F-.

 

d

 

Kyaw_Myo_Oo
Contributor III

Thanks for sharing this information with us @Caute_cautim.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
dcontesti
Community Champion

CrowdStrike took down Debian and Rocky Linux a few months ago and no one noticed

Despite being a leading cybersecurity firm, CrowdStrike’s approach to pushing updates without extensive testing across all configurations is troubling.
 
 
I agree with the author 100%, total failure on CrowdStrike's part in Management 101.
 
d
 
Caute_cautim
Community Champion

Hi All

 

Ah, birds and windows… avians and glass panels… locked in an eternal battle that, to be fair, the window wins 99% of the time. Not in this instance though.

Silly metaphor aside, this recent Crowdstrike vs. Windows debacle is serious, in fact I’d say that this is the incident Y2K wishes it was.

Want to know what happened? Grab yourself a cup of tea and read on.

 

https://www.linkedin.com/pulse/birdstrike-how-crowdstrike-smashed-much-our-liam-sutton-fczkc/?tracki...

 

 

Regards

 

Caute_Cautim

Caute_cautim
Community Champion

@dcontestiThe mainframe users are glad they were not affected at all....

 

Regards

 

Caute_Cautim

dcontesti
Community Champion

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that affected Windows systems on July 19, 2024. Threat actors are now actively exploiting this incident to target CrowdStrike customers through various malicious activities.

 

https://www.linkedin.com/pulse/breaking-hackers-started-exploiting-crowdstrike-issue-ie2ec/?tracking...

 

Well we knew it was only a matter of time...............

 

d

 

dcontesti
Community Champion

Smiles.  When I first started at my company (too many years ago)......the mainframe was going away.............Its still there and working.

JMan1
Viewer II

This, is definitely a security incident. It violates, one of the core security principles… Availability.