🤡"Clownstrike" | The Largest IT Outage in World History Triggered by Crowdstrike🎳
Crowdstrike Failure Causes Biggest Global IT Outage Ever, Impacting Air Traffic & Systems Worldwide
Last Friday, the world witnessed the largest IT outage in history, triggered by a critical failure in Crowdstrike's cybersecurity products. This catastrophic event brought air traffic to a halt and caused widespread disruptions across various IT systems globally. Crowdstrike, a company that sells cybersecurity solutions, exposed its customers to unprecedented risks, highlighting a severe cybersecurity problem that cannot be dismissed as a mere IT hiccup.
In South Africa, Capitec was hit hard! 👇
ABSA and Airlink were also affected.
The Fallout | Skies Cleared, Systems Thunk
The ramifications of Crowdstrike's failure were immediate and far-reaching. Airlines, hospitals, and governments, all of whom relied on Crowdstrike for cybersecurity, found themselves vulnerable. The skies above Earth cleared of airline traffic, and countless IT systems around the world were left "thunking," unable to function. This incident is a stark reminder that when cybersecurity solutions fail, the consequences are dire.
Poor DevOps & Inferior Code
At the heart of this debacle lies Crowdstrike's poor DevOps practices. Their deployment model, which allows for untested software to be pushed to customer machines at any time, is fundamentally flawed. This approach disregards the urgent need for rigorous testing and validation before any updates are released. It is alarming that prominent institutions rely on such a model, revealing a total lack of due diligence and a failure in risk management.
A Call for Independent Verification
Crowdstrike also cannot be trusted to mark its own homework. The need for independent verification of their cybersecurity solutions is paramount. This is not about maintaining good relationships or respecting personal opinions; it is about ensuring that customers are not left vulnerable due to vendor negligence. Every company affected by this outage has every right to demand accountability.
Which ever way you spin it, Crowdstrike introduced malicious code into their build cycle, just like Solarwinds! The lessons they tried to make about SUNSPOT was obviously not for their own consumption!
Operating System Fail-Safes
The incident also underscores the need for better fail-safes within operating systems. While Linux has GRUB, a more flexible bootloader than a reliance on Windows Safe Mode, the current fail-safes are insufficient to handle such large-scale failures. There must be a robust mechanism to protect systems when third-party software malfunctions. Looking at you Microsoft 👀
A History of Failures
This is not the first time Crowdstrike has caused widespread disruption. In April, a similar failure affected Linux systems. The warning signs should have been there for businesses to take heed and which might have lead to them being able to mitigate the current outage where Windows systems bore the brunt. At its core, Crowdstrike's software lacks proper exception handling. Their singularly irrational approach ignores the myriad data points and scenarios their application might encounter, resulting in catastrophic failures during the proverbial overcast and rainy days, not just sunny ones.
The modus operandi of Crowdstrike was inherited from the days when the team currently running the company was still at McAfee:
As they say in Mzanzi, the leopard never changes its spots.
The Role of Gartner
Much of Crowdstrike's reach can be attributed to the support of industry analysts like Gartner. The same Gartner that was found corrupt and unethical in its dealings with the South African Revenue Services. Crowdstrike's reliance on Gartner's endorsement, rather than on solid development and rigorous testing, reveals misplaced priorities. It seems they spent more on Gartner than on development, emphasizing marketing over product quality.
EDR in the Business Space | A Scam in Disguise
Endpoint Detection and Response (EDR) has become a buzzword in the business security landscape, marketed as an essential tool for safeguarding IT infrastructures. However, this widespread adoption has introduced immense complexity into the IT environment, often proving more problematic than protective. The "Clownstrike" incident as mentioned above exemplifies the risks and pitfalls of over-reliance on EDR.
The Complexity Conundrum
EDR solutions rely on a myriad of agents deployed across the IT fleet. These agents, intended to monitor and protect individual endpoints, can be a source of systemic failure. It only takes one faulty agent to disrupt an operating system, potentially causing the entire IT infrastructure to collapse. Each additional agent increases the risk, acting as a potential failure point that could bring down the business's digital ecosystem. Its not if, but when!
Single Point of Failure
The "Clownstrike" outage is a cautionary tale of how a single point of failure can wreak havoc. Crowdstrike's EDR solutions failed, causing widespread disruptions. This incident underscores the danger of having 100% reliance on a single vendor for security solutions. A business should diversify its security tools, with no more than 50% dependency on any single provider. Such diversification known as the odd and even strategy can mitigate the risk of a catastrophic failure affecting the entire organization.
Ironically, the Crowdstrike elevator pitch is don't trust Microsoft, trust us instead. That aged well...
The EDR Scam | Complexity for Profit
The proliferation of EDR agents across systems is often an elaborate money-making scheme. Vendors push EDR as a must-have, convincing businesses to deploy it on every system. However, the reality is that not every endpoint needs EDR. The complexity introduced by these agents often outweighs their purported benefits. Businesses end up spending significant resources managing these agents, diverting attention from more critical security measures.
There is no benefit in a EDR on Linux that would be using the operational base and code developed from Windows systems.
Focus on Critical Systems | Microsoft Active Directory (AD)
In a business environment, the most critical and vulnerable system is often Microsoft Active Directory (AD). AD is the backbone of user authentication and access control within an organization. A breach in AD can compromise the entire network. Instead of spreading resources thin by deploying EDR across all endpoints, businesses should focus their efforts and budget on securing AD. Ensuring robust protection and monitoring for AD can provide a more significant security return on investment.
EDR protects the end point and its better to focus on protecting the crown jewels, namely AD! Also in most attacks and compromises you will find a poorly configured and bypassed Silicon Valley firewall which has welcomed a hacker like a poodle instead of a Rottweiler!
Rethinking Business Security
EDR has been sold as a panacea for endpoint security, but the reality is far from the marketing hype. The complexity and risk introduced by deploying EDR agents across the IT landscape can lead to systemic failures, as seen in the above "Clownstrike" incident. Business should not be swayed by vendors pushing for 100% EDR deployment. Instead, they should focus on securing critical systems like Microsoft Active Directory and diversify their security solutions to avoid over-reliance on any single vendor. By doing so, they can achieve a more resilient and effective security posture.
Wrap
Crowdstrike's recent failure highlights a critical flaw in the cybersecurity landscape. Relying on untested, poorly developed solutions is a recipe for disaster. Independent verification and robust fail-safes within operating systems are essential to prevent such outages in the future. Companies must prioritize genuine security over marketing hype to ensure they are truly protected against cyber threats. The customer must always come first, not the vendor.
Finally, listen in on this crazy interview:
Update: The Clown use all their fingers and toes to count...