Key Takeaways
In a preliminary review of last week’s cyber incident, CrowdStrike has explored how a software bug managed to slip through its testing framework, crashing Windows systems around the world and causing significant disruption for its customers.
Ahead of a more detailed post-mortem, the firm has acknowledged that the issue arose from a type of update known as “Rapid Response Content” (RRC) designed to respond to the changing threat landscape at speed.
Because RRC updates ship quickly in response to real-time threats, CrowdStrike uses a range of automated testing techniques.
As such, on July 19, an RRC update passed testing despite containing problematic content data due to a bug in the developer’s automatic validator.
“Based on the testing performed before the initial deployment […], trust in the checks performed in the Content Validator, and previous successful [RRC] deployments, these instances were deployed into production,” the incident report stated.
To prevent similar incidents from happening again, CrowdStrike has committed to improving RRC testing by adding new checks and more thorough manual testing.
Going forward, the cybersecurity firm will implement a staggered deployment strategy for Rapid Response Content, rolling updates out more gradually, rather than shipping them to all users at once.
CrowdStrike will also provide its customers with greater control over the delivery of RRC updates, allowing granular selection of when and where they are deployed.
Finally, future updates will come with release notes containing important details for platform users.
Founded in 2011, CrowdStrike is a prominent cybersecurity technology company that specializes in endpoint protection, threat intelligence, and cyberattack response.
The company launched its first product, the CrowdStrike Falcon antivirus package, in 2013, and the Falcon suit remains at the center of its offering today.
Thanks to its cloud-native architecture and advanced capabilities in detecting, preventing, and responding to threats, Falcon has been adopted by businesses and organizations around the world.
Airlines around the world, including American Airlines, Delta and United Airlines all grounded flights as a result of the bug. According to a BBC tally , almost 1,400 flights were canceled worldwide. While many affected airports and airlines got their systems back online within hours, widespread delays continued to impact global travel throughout the day.
Railways, passport scanners and other travel infrastructure were also affected.
After travel disruption, some of the most serious implications of the crash include its impact on finance and media, with banking services, Visa payments and television channels experiencing downtime.
In a statement , CrowdStrike said: “We understand the gravity of this situation and are deeply sorry for the inconvenience and disruption. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
Seeking to reassure customers, it said the platform is now operating normally, adding that “this issue does not affect our Falcon platform systems.”
Although CrowdStrike and Microsoft insisted that the Falcon Sensor update was to blame for the global outages, alternative theories about the incident have circulated on social media.
Initial reports of Windows users experiencing the blue screen of death placed the blame on Microsoft.
Meanwhile, an update to CrowdStrike’s Wikipedia page alleged that the incident “allowed AI to take over the world” but was quickly revoked.
Already the subject of a conspiracy theory centered on claims the Ukrainian government interfered in the 2016 US presidential election to benefit Hillary Clinton, CrowdStrike’s latest controversy will likely serve to further fuel online speculation about the company.