2024-07-22 16:09:08
A security company’s software update is causing outages and disruptions at airports, banks and hospitals. How can that be?
Worldwide chaos: Millions of computers have been paralyzed by a faulty update from the security company Crowdstrike. The company was founded in 2011 and specializes in detecting, investigating and defending against cyber threats in large companies and organizations. Crowdstrike’s core product monitors and protects end devices such as PCs, laptops or mobile devices in real time against malware and other cyber threats.
In addition, Crowdstrike advises companies on developing and optimizing their cybersecurity strategies. This includes risk analyses and protective measures: If companies fall victim to cyberattacks, for example, Crowdstrike helps to analyze, contain and resolve the incidents.
According to Crowdstrike, around 70 percent of the 100 highest-revenue companies in the world are customers, so the extent of the disruption is correspondingly large. But how could a single error lead to such massive global outages and disruptions? t-online spoke to Finnish IT security expert Mikko Hyppönen about this.
t-online: Herr jump, How can a single driver update cause worldwide chaos?
Mikko Hyppönen: Because Crowdstrike has so many customers – both in the private sector and the public sector. The problem is that the fault is not in the network or the cloud, but directly on the customer’s end device. It’s somewhat ironic that the system that is supposed to protect the machines and keep them running is causing them to fail.
Mikko Hyppönen is head of research at the Finnish security provider WithSecure and a globally recognized expert in IT security. His background reports and research results have appeared in the “New York Times”, “Wired” and “Scientific American”, and he has taught at the universities of Oxford, Stanford and Cambridge. In October 2021 he published his first book “What is connected is vulnerable: How intelligence agencies and criminals infiltrate us on the Internet”.
Crowdstrike says it has found and fixed the error. Why aren’t the systems working again yet?
If a server crashes, you can simply switch to another server. But here we are talking about millions of individual computers that are affected – and that takes time. In addition, a security program is affected that has administrator rights on the device and can intervene deeply in the system. This means that the error causes the computer to crash before it has even properly started.
In such a case, isn’t there some kind of backup that I can use to restore the old system?
Sure, but you would have to boot up the computer first so that you can upload the backup. In the long term, there will probably be some kind of hack to do something like this centrally in the future. But there is currently no such solution. So it will take a while until the problems are resolved.
Can such or similar incidents be prevented in the future?
Someone has really screwed up here. This type of update is installed several times a day – we do the same for our customers. And we have to be damn careful not to do anything wrong or cause something to crash. These updates are tested numerous times, on different systems, with different languages, Windows versions and in all sorts of different combinations.
However, the Crowdstrike error affects all systems and not just individual ones.
Exactly. So that suggests that the update was not tested properly or even not tested at all. My guess is that a certain version was tested but then a different version was sent out by mistake. I think that was a human error – a huge one. Could something like that happen again? Absolutely. But it’s highly unlikely because the security measures are very high. And I feel sorry for the developers at Crowdstrike, they’re going to have a pretty bad day today.
Are we perhaps relying too much on technology?
Counter question: Do we rely too much on electricity? For 150 years it has been extremely important for us to work. It is similar with computers and networking. Every good and important invention will one day be necessary for us. Of course, dependence on technology is a disadvantage; the modern world would not function without it. In my view, however, the advantages outweigh the disadvantages, and there is no turning back anyway.
What conclusions can we draw from this incident?
One important option for companies would be to test them for a day rather than installing updates immediately. But of course that also involves a certain risk: if there is a cyberattack, for example, the system may not be protected immediately. On the other hand, you would not be affected if there are errors in an update. Every company has to weigh that up for itself – but in my opinion a test group for updates would make sense. That would have identified the current Crowdstrike problem.
Thank you for the interview!