Happy International Bluescreen Day!
Posted on:
Today, many organizations, system administrators and regular people woke up to a wild Friday.
Crowdstrike pushed a faulty update to their security solution which caused windows operating system utilizing their product to enter a bootloop.
This caused wide spread outages throughout the world, cancelling surgeries, flights and even transactions for point of sales. Even some emergency systems were unavailable so users could not call 911 in some situations. Weird fixes include rebooting the workstation 15 times or manual in-person intervention. With some organizations stuck that used Microsoft's BitLocker encryption and stored the encryption keys in the cloud. With some clouds also being unavailable, causing the workstations unable to boot to apply the suggested fix Crowdstrike recommended.
The idea of a single company's product and a botched update could affect the globe is nothing short of amazing. This will hopefully put the issue of reach and reliablity under the microscope. Even though this was not a malicious event, I believe it puts situations like this in the limelight about future attacks using supply chains on organizations that use these products.
Think of a state-sponsored hacker group attacking an entity like Crowdstrike's product and pushing a ticking timebomb bug or exploit that could be used to affect the globe for longer than a day.
It scares me how we are conditioned to put our faith in the cloud without "offline" failsafes. I think it will be worse as we become more tied to the internet and less physical (like a cashless society).
Scary stuff.