CrowdStrike outage is a wake-up call
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Last week's global IT outage is a reminder of how far corporate networks have to go to diversify their tech stacks and strengthen their supply chain security.
Why it matters: Nation-state hackers already have a history of hijacking companies to send out malicious software updates that can wreak havoc on computer systems for days on end.
- But no cyberattack in history had reached the scale of Friday's CrowdStrike incident.
Catch up quick: Microsoft estimates that 8.5 million Windows devices went down Friday after CrowdStrike pushed a faulty software update to its popular endpoint detection tools.
- The update — which CrowdStrike says was supposed to block access to tech infrastructure that could be used by malicious actors — didn't configure properly with Windows devices and instead bricked people out of their systems, making them unusable.
- At least 5,100 flights were canceled Friday, major health care systems postponed nonurgent surgical procedures, and even mobile ordering at Starbucks stopped working.
- As of Monday evening, Delta was still canceling flights and its CEO said the airline wouldn't recover for at least a few more days, according to Reuters. The Department of Transportation is now investigating the airline.
Between the lines: In a way, the world is lucky that Friday's outage appears to have been the result of a human error, rather than a rogue hacker gang.
- However, the issue did underscore how fragile corporate networks remain even after years of cyberattacks targeting a single point of failure.
Flashback: In late 2020, Russian government hackers pushed a malicious software update to SolarWinds' Orion software — giving them access to at least 100 companies' networks.
- Russian hackers also spread malware via a software update to MeDoc tax accounting software during the 2017 NotPetya attack, which is believed to have hit companies in at least 60 countries.
- Back in 2010, McAfee faced a similar situation to CrowdStrike's, in which it pushed a software update to its corporate customers that mistakenly deleted a crucial Windows XP file. (CrowdStrike's CEO was CTO of McAfee when this happened.)
What they're saying: "This incident must serve as a broader warning about the national security risks associated with network dependency," House Homeland Security Committee leaders Mark Green (R-Tenn.) and Andrew Garbarino (R-N.Y.) wrote in a letter Monday calling on CrowdStrike CEO George Kurtz to testify.
- "Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely."
State of play: Many companies have often lacked the financial motivation to diversify their tech stacks — only doing so when major forces require them to.
- In recent years, many security executives have actually been working to consolidate their tech stacks after rapidly spending and acquiring whatever tech solutions they could during the 2020 transition to remote work.
- "Much as you diversify your portfolio, you have to diversify the technology infrastructure you use to ensure that it's resilient," Tenable CEO Amit Yoran told CNBC Monday.
- "No doubt this is going to increase the attention paid to resiliency by boards of directors and hopefully by regulators," he added.
Yes, but: While CrowdStrike's incident doesn't appear to have started maliciously, scammers and hackers are already taking advantage of it.
- CrowdStrike said Friday it had detected a malicious zip file claiming to have a fix to the outage that was likely targeting Latin America-based customers.
- The Cybersecurity and Infrastructure Security Agency warned Friday that scammers had already started using the IT outage as a phishing email lure.
