A failure in the content update related to the CrowdStrike Falcon security sensor, which is used to detect potential hacker intrusions, was the cause of the cyber attack on Friday (19), which left thousands of companies and individuals worldwide without access to operating systems, especially Windows, from Microsoft.
The cybersecurity company CrowdStrike, responsible for the outage, was emphatic in stating that today’s incident was not an attack. What actually happened early this Friday morning, according to the company, was a content update for the Windows host files from Microsoft.
A Host file is used by the operating system to map friendly hosts to numeric IP (Internet Protocol) addresses that identify and locate another host on an IP network. These host files contain lines of text that are IP addresses, and they communicate with each other.
The CrowdStrike Falcon that was updated and caused problems is a sensor that can be installed specifically on Microsoft Windows, Mac, or Linux operating systems. They are product modules that connect to a security solution environment known as endpoint, which is hosted in the cloud. This sensor enables instant access to the information of “who, when, where, and how” an attack occurred, and its cloud-based architecture allows for quick and accurate response and remediation times.
Endpoint security provides protection for devices. Cloud computing is the provision of computing services, including servers, storage, databases, networking, software, analytics, and intelligence, over the internet (the cloud), offering rapid innovations with flexible resources and economies of scale. It was these services that faced access difficulties for platforms of companies worldwide.
According to the General Data Protection Law (LGPD), endpoint security works to ensure the protection of sensitive information and helps the company comply with data protection regulations. This means there is a growing need for security measures that companies must have to prevent cyber threats.
Mitigation
Earlier, Microsoft reported that mitigation measures were being adopted but warned that many users might not be able to access various applications and services, as occurred around the world. The affected companies identified that they used CrowdStrike’s security system.
Due to today’s situation, the company’s stock, which opened at $351, was trading in the afternoon at $297, a drop of over $50, resulting in a market value loss for CrowdStrike of more than $2 billion in a single day.
Tracked Attacks
The CrowdStrike company’s website states, in its Global Threat Report, notable trends and events across the cyber threat landscape, that it detected 34 newly identified adversaries in 2023. Over 230 adversarial attacks in total were tracked by the company, and cloud intrusions, where the problem occurred today, increased by 75%.
According to the company, the fastest recorded time for e-crime compromise was two minutes and seven seconds. The report also indicated that the number of data theft victims identified on the dark web increased by 76%. The intelligence report examines how adversaries are operating and notes unprecedented stealth, with rapid attack adaptations to avoid detection by security systems.