In the wee hours of Friday morning, July 19th, the world succumbed to what is now possibly  the world’s largest security breach.  In fact, it is deemed to be even larger than that of the Solar Winds Attack, in which thousands of individuals and businesses were impacted.  But with this one that happened today, countries all over the world were impacted by a cataclysmic chain of events.  So, you may be wondering, what exactly happened?

Although details are still emerging, and will continue to do so even into next week, it appears that this is a “Supply Chain Attack”.  This is where the Cyberattacker exploits just one or two points of weaknesses in a software package, and deploys the malicious payload.  Once this has been achieved, it spreads like wildfire in just a matter of minutes, crippling businesses both large and small, as we are seeing so far.

A Supply Chain Attack is illustrated below:

So in the case of CrowdStrike, there was a weakness in their software update package that was installed onto their flagship product called “CrowdStrike Falcon”, which is designed to stop Cyberattacks in their tracks.  This then led to a cascading effect onto all of the Virtual Machines and Virtual Desktops that were hosted on Microsoft Azure.  Of course, this is the juggernaut Cloud Platform that is used my thousands of business worldwide, and as a result, many of them had the proverbial “Blue Screen Of Death” which appeared.

Although CrowdStrike claims that this is just a flaw that occurred in the software update, as mentioned earlier, this is very reminiscent to the Solar Winds hack that occurred a few years, in which a malicious payload was actually installed.

To give you an idea of the far-reaching impacts of this failure here, are some of the actual businesses that were impacted by it:

  • Businesses and government agencies in Portland, OR.
  • Many hospitals all over the word, ranging from the Pacific Rim to India to even Europe.
  • The supply chain logistics channels of the major couriers, such as UPS.
  • Airports and airlines all over the world. Just in the United States alone, there were 2,000+ flight cancellations.  Some of the largest ones were hit, such as the Hartsfield-Jackson Atlanta International Airport and the famous Changi International Airport in Singapore.
  • 911 Emergency Service disruptions throughout the United States.
  • Some of the major financial exchanges, such as the London Stock Exchange.
  • The Social Security Administration closed all of their offices today.
  • Online credit card transactions, such as those using the VISA or MasterCard lines, were either entirely halted or were too slow to process.
  • Driver’s License branches in numerous states.
  • The United Arab Emirates Ministry of Foreign Affairs located in the UAE.

And the list keeps growing.  While many services have already been restored, it is expected that it will not be until next week until there is 100% restoration.  In fact, it is also expected that many desktops and wireless devices will require a manual reboot, as the CrowdStrike Falcon is designed to go deep into the Operating System.  Depending on how many of these a business has, this could be a very laborious and time-consuming process in the end.

It is very important to note that at this point that Microsoft had nothing to do with this, as there is a lot of finger pointing going on at them right now.  This will only affect customers who are using Crowdstrike, whether it’s on Microsoft or any other platform.

Within a few hours after the incident became known, CrowdStrike had released fixes and patches in order to bring their customers back online in just a short period of time.

At KAMIND IT, we are standing by to help our own clients, should they need but we have not deployed or used CrowdStrike in any of our security products.

If you are interested in a new solution, we recommend the use of something like the Microsoft Enterprise Mobility + Security (EMS) E5 package.  It has some distinct features, such as the following:

  • Threat Protection
  • Identity Management
  • Protection of all of your mission critical datasets.

Before any updates are issued to this package, Microsoft takes the great time and effort to test all of them in a sandboxed environment before they are released into the production environment of their clients.  But this incident should also be a huge warning to CISOs all over the world of the sheer importance of creating and implementing Incident Response, Disaster Recover, and Business Continuity Plans.  It’s also just as important to conduct regular Cyber Risk Assessments to make sure that all of the vulnerabilities in your digital and physical assets are found and completely remediated.

At KAMIND IT, we can help our security clients that might have further questions.  Contact us today to see how you can avoid becoming a victim of a major security breach like the world witnessed today.

DISCLAIMERKAMIND IT has no affiliation with CrowdStrike, and we don’t use CrowdStrike in our security solutions.