Last week's global IT outage, caused by a faulty CrowdStrike software update, serves as a critical reminder of the vulnerabilities within corporate networks and the necessity for diversified tech stacks and stronger supply chain security.
This incident matters because it underscores the ongoing risk posed by nation-state hackers. These hackers have previously hijacked companies to distribute malicious software updates, causing widespread disruption. However, the previous cyberattack has yet to reach the scale of Friday's CrowdStrike outage.
Microsoft estimated that 8.5 million Windows devices were affected after CrowdStrike pushed an update to its endpoint detection tools. This update, intended to block access to potentially malicious infrastructure, instead malfunctioned, rendering systems unusable. The fallout was significant: 5,100 flights were cancelled, major healthcare systems delayed nonurgent surgeries, and Starbucks' mobile ordering declined. As of Monday evening, Delta was still experiencing cancellations, with recovery expected to take several days. The Department of Transportation has launched an investigation into Delta's disruptions.
The silver lining is that this outage resulted from human error, not a cyberattack. Nonetheless, it highlights the fragility of corporate networks, which remain vulnerable despite numerous cyberattacks targeting single points of failure. Historical incidents like the 2020 SolarWinds hack and the 2017 NotPetya attack demonstrate the persistent threat from nation-state actors exploiting software updates.
In a letter to CrowdStrike CEO George Kurtz, House Homeland Security Committee leaders emphasized the national security risks linked to network dependency and urged a response to this incident. They noted malicious actors from countries like China and Russia would likely closely observe the response.
A significant issue is companies' need for more financial motivation to diversify their tech stacks, often only doing so under considerable pressure. During the 2020 shift to remote work, many security executives rapidly consolidated their tech stacks by acquiring various tech solutions. This approach, while practical, has led to increased vulnerability.
Tenable CEO Amit Yoran stressed the importance of diversifying technology infrastructure to ensure resilience, likening it to diversifying a financial portfolio. He expressed hope that this incident would heighten the attention of boards of directors and regulators to resilience.
Despite CrowdStrike's incident's non-malicious origin, scammers and hackers are already exploiting the situation. CrowdStrike identified a malicious zip file claiming to fix the outage, likely targeting customers in Latin America. The Cybersecurity and Infrastructure Security Agency also warned of phishing emails using the outage as a lure.