Article by cyber security experts Red Helix

On July 19th 2024, a major IT outage sent ripples across the globe, affecting countless organisations that rely on CrowdStrike's endpoint protection technology.

This event serves as a stark reminder of the challenges and complexities inherent in the IT landscape. Understanding the causes, impacts, and preventive measures surrounding this incident can help businesses and individuals better prepare for similar events in the future.

What caused the outage?

The IT outage was triggered by a configuration update released by CrowdStrike for Windows systems. This update, that was intended to enhance security, inadvertently introduced a bug in the system that inhibited Windows operations. As a result, many systems experienced the "blue screen of death" (BSOD), leading to widespread disruption. The scale of the outage highlighted the extensive reach of CrowdStrike, who are widely regarded as a leader in Endpoint Detection & Response (EDR). EDR tools are critical for blocking hackers and malware on endpoint devices such as phones, laptops, and tablets.

Impact on small businesses

Small businesses were hard hit by the CrowdStrike outage. Many small businesses rely on outsourced IT services or have limited IT resources, making them the most vulnerable during large-scale technical disruptions. The manual process required to fix each endpoint device added an additional burden on already stretched IT teams, delaying the return to normal operations.

At the same time, many businesses experienced issues within their supply chain, meaning that even those not using CrowdStrike directly suffered disruption. For example, many businesses were unable to process card payments, as their card payment systems used CrowdStrike. For small businesses operating on tight margins, the outage translated to lost revenue while systems were offline. 

Building resilience in digital operations

Unfortunately, with the rapidly evolving threat landscape, experiencing IT outages and attacks is becoming more common. According to Forbes, the amount of data breaches between 2021 and 2023 rose by 72%, so being prepared is essential.

To build resilience against such disruptions, businesses must implement robust processes into their digital operations. Here are some key strategies:

1. Regular backups: Ensure that all critical data is backed up regularly and stored securely. This allows businesses to restore operations quickly in the event of a system failure.
2. Incident response planning: Develop a comprehensive incident response plan that outlines the steps to take in the event of a technical failure or security breach. This plan should include communication protocols, roles and responsibilities, and recovery procedures.
3. Diverse vendor relationships: Avoid reliance on a single technology vendor. Diversifying technology solutions can mitigate the impact of vendor-specific outages.
4. Training and awareness: Conduct regular training sessions for employees to ensure they are aware of potential risks and know how to respond effectively to technical issues.
5. Regular system updates: Don’t be put off following this incident. It is vital that you keep all software and systems up to date with the latest patches and updates to minimise vulnerabilities.

Beware of follow-on cyber attacks

In the aftermath of the outage, there were speculations about a possible cyberattack. However, CrowdStrike has consistently maintained that the incident was not a result of a security breach or cyberattack. The rapid identification and resolution of the problem support the company's assertion that this was indeed a technical error rather than a malicious attack. Such transparency is crucial for maintaining confidence in the security measures employed by leading cybersecurity firms.

However, the incident was followed by a wave of phishing attacks with opportunists jumping on the outage to cause further chaos. Businesses must remain alert to potential scams and outreach by those pretending to be CrowdStrike employees.

If you receive an email that you were not expecting, check for the following phishing red flags:

• Carefully check the sender's address to check the domain matches what you know it to be.
• See who was on cc; do you recognise them?
• Hover over any hyperlinks to see where they will take you before clicking.
• Look out for urgency in the email, this is a common tactic.
• Check the time; did the email arrive outside of working hours.
• Are there any unexpected attachments?

All of the above will help you to build up a picture of whether this might be a phishing email or not.

IT managers, in particular, should exercise caution as they are prime targets for phishing attempts. Despite being well-versed in identifying phishing red flags, they could be more susceptible to attacks due to fatigue from managing the crisis.

Moving forward: lessons learned

The CrowdStrike outage serves as a critical reminder of the importance of robust release management and the potential consequences of even minor configuration errors. It also shows how organisations must continuously evaluate and improve their IT processes to mitigate the risk of similar incidents. As technology evolves, so do the challenges and threats, making it essential for businesses to remain agile and prepared.

While the CrowdStrike outage was a significant event in the IT world, it also presents an opportunity for learning and growth. By understanding the causes and impacts, businesses can take proactive measures to enhance their cyber security posture and better prepare for future challenges. Staying informed, vigilant and adaptable will be key to navigating the complex and ever-changing landscape of cyber security.

Article by cyber security experts Red Helix