It’s lunchtime Saturday here in Melbourne, and so far the mainstream media coverage of this massive incident has been underwhelming. I heard a reporter on ABC Australia NewsRadio say that the problem had been fixed, which is not at all accurate. The problem has been diagnosed, but the huge efforts to fix have just begun.

Key points

• The problem can cause a Windows PC to become slow, unresponsive, and in many cases, to crash, with a restart not fixing the problem.

  
  

• This was not a cyberattack, and there is no criminal intent. No data is being stolen or compromised. PC’s should be fully recoverable without loss of data, except perhaps anything you were working on at the time the problem hit.

  
  

• The issue only affects Windows PCs (and other machines running the Windows operating system) that have the CrowdStrike Falcon Endpoint Detection and Response software installed.

  
  

• CrowdStrike Falcon is commercial software that you have to pay for (although they have a 15-day free trial), so you would probably know if you are using it.

  
  

• If you have IT professionals, talk to them to understand whether you are directly affected, and if so, what actions need to be taken.

  
  

• CrowdStrike has diagnosed the problem and issued a software update for the CrowdStrike Falcon sensor software, to fix it. If you don’t have IT experts, and you do have CrowdStrike Falcon, then Crowdstrike’s statement on the outage provides links to their support portal and to their blog for the latest updates.

  
  

• !!! Ensure you, your family, and/or your employees are on the lookout for phishing attempts that seek to capitalise on this incident. More details below.

What is CrowdStrike, and what has happened?

CrowdStrike is a company in the cybersecurity business. Amongst other things, it sells the CrowdStrike Falcon “Endpoint Detection and Response (EDR)” software. EDR software is essentially the next generation of, and extension to, antivirus. It goes further than antivirus by detecting and preventing other kinds of threats, such as suspicious, unauthorised and/or unwanted activity. E.g. it may detect and block uploads of files to sites or locations that are known to be operated by criminals, or that have been banned by company policy.

This article from the reputable Dark Reading cybersecurity news site provides a good overview of the incident.

With around 18% share, CrowdStrike is neck and neck with Microsoft for having the highest market share of the global EDR market. CrowdStrike is a favourite for many large enterprises and government organisations, which is why some of the largest companies and institutions have been affected by outages.

[Update 30-Jul] Microsoft initially reported that around 8.5 million Windows devices were disabled by the issue, but has subsequently said this is an underestimate without giving a revised figure.

At the time of writing, this CrowdStrike incident is still very fresh, with not all the details yet known. I understand that each and every PC that has crashed cannot be fixed remotely. I.e. someone with the necessary knowledge needs to actually have the PC in front of them to be able to fix the problem. For organisations with large numbers of PC’s, it will take days, if not weeks, for them to get around to all these PCs’s and fix them, particularly where those PCs are scattered geographically.

IT professionals have been working through the night to restore the most critical services. For example, my partner works for a large healthcare provider. Their IT people have been working throughout the night to restore critical computers in hospitals that they own and run. This is big stakes for a lot of their activities, e.g. emergency, surgical and maternity wards. Many IT professionals will have a very bad weekend and beyond.

Don’t fall for phishing attempts that seek to capitalise on this incident.

Already, criminals are attempting to capitalise on the CrowdStrike incident by sending “phishing” messages. Phishing can use email or message to deceive people into taking an action that can result in their computer or device being “infected” and/or information being obtained that the criminal can then use to make money. People should be on the alert for phishing emails and messages such as this one, where the attachment is malware that will infect a Windows PC.

------

Dear [Recipient's Name],

Due to the recent CrowdStrike security incident, we have identified a critical vulnerability in your system. To ensure your safety, please download and install the attached security patch immediately.

Attachment: crowdfalcon-immed-update.exe

If you encounter any issues during installation, contact our support team at support@crowdfalcon.com or call us at (800) 123-4567.

Thank you for your prompt attention to this matter.

Best regards,

CrowdStrike Support Team

------

Feel free to reach out if you have any comments or questions. Also, I’m keen to hear news and experiences from people that have been affected by and/or involved in this incident!

#crowdstrike #cybersecurity #cyber #outage #smallbusiness #smallbusinesssucess