A global blackout on IT services protected by American cybersecurity provider CrowdStrike and its purpose-built Falcon platform via cloud has caused a disruption in the operations of businesses across various sectors.
CrowdStrike customers worldwide have reported experiencing the Blue Screen of Death (BSOD) on their Windows computers due to this malfunction, and the company was quick to acknowledge the problem. They affirmed customers that its engineering teams are working diligently to resolve the issue.
As of posting, those with affected computer systems include US air carriers (Delta, United, American Airlines), Berlin Brandenburg airport in Germany, all airports in Spain, Hong Kong International Airport, Govia Thameslink Railway and Sky News from UK, Sydney Airport and ABC in Australia, supermarket chains Coles and Woolworths, New Zealand banks (ASB, ANZ and Kiwibank), some 7-Eleven and KFC branches in affected countries, the University of Melbourne, Malaysia Airports Holdings Berhad, all IHG hotels, and even the IT operations team for the Paris Olympic Games.
Is there a workaround?
On July 18 at 10:20 PM Pacific Time Zone, CrowdStrike engineers notified customers of “widespread reports” on Windows hosts experiencing BSOD.
This was followed by a technical advisory where the CrowdStrike Engineering team “has identified a content deployment related to this issue and reverted those changes.”
The report was followed by a workaround recommendation found below:
1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.
Currently, this workaround process is being performed for each individual affected virtual machine (VM) and computer system by IT teams around the world.
What is CrowdStrike’s Falcon platform?
CrowdStrike developed the Falcon platform specifically to prevent security breaches through a comprehensive suite of cloud-based technologies, and takes protection a step further against sophisticated attacks that extend beyond traditional malware.
CrowdStrike Falcon is marketed as a “robust yet lightweight solution,” which combines next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence, and managed threat hunting capabilities.
On the other side of the board, malicious actors and cybercriminals have developed an arsenal of weapons they can utilize, which include exploits, zero-day vulnerabilities, and stealthy methods like credential theft.
The Falcon solution secures enterprises against all these threats through a single, small sensor that is managed in the cloud, operating on each endpoint and ensuring that the device is protected online or offline.
Falcon is backed by machine learning to defend systems from known and unknown malware, and uses exploit blocking, hash blocking, and behavioral analysis through its Indicators of Attack (IOAs) capability.
This feature works in contrast to traditional security solutions that focus on Indicators of Compromise (IOCs) and allows for real-time detection of adversarial behaviors – essentially stopping attacks before they escalate further.
On Monday, CrowdStrike released a new feature for its Falcon solution called “Falcon Complete Next-Gen MDR,” which expands the scope of its managed detection and response operations “beyond native endpoint, identity and cloud security telemetry to include critical third-party data.”
As of writing, CrowdStrike shares have slid down 20 percent in pre-market trade in New York following the IT outage.
