Dangers of Single Point of Failure Technologies Highlighted by CrowdStrike

Who is impacted?

The recent global IT system outage was caused by a faulty software update from CrowdStrike, resulting in widespread disruptions across various Windows operating system (OS) types. The issue stemmed from a defective kernel driver included in the update, leading to numerous systems crashing globally and displaying the dreaded “Blue Screen of Death” (BSoD).

The intention behind the CrowdStrike update was to bolster security measures, but an inadvertent logic error in a configuration file caused invalid operations that the OS could not resolve. This, in turn, triggered system crashes, which manifested as the BSoD—a protective measure to halt all operations and prevent further damage to the OS.

The faulty update primarily impacts companies utilizing CrowdStrike’s Falcon software on machines running Windows OS, including desktops (such as Windows 10 and 11) and Windows Server. These companies are at the forefront of the event's impact. CrowdStrike's extensive customer base includes organizations identified as Single Points of Failure (SPoFs) by CyberCube, making them secondary victims of the event, even if they do not directly use CrowdStrike and Windows. Moreover, managed security service providers (MSSPs) deploy CrowdStrike Falcon on the networks of other organizations, making these entities additional secondary victims of the outage, affecting sectors like finance, healthcare, and transportation.

Utilizing the SPoF Intelligence tool developed by CyberCube, it is evident that all users of core components of the CrowdStrike Falcon platform in conjunction with Windows OS are likely affected. Analysis of CyberCube’s US Industry Exposure Database (IED) reveals that large companies in Manufacturing, IT, Healthcare, and Financials are most exposed. Notably, the Aviation, Banking, and Retail sectors show significant exposure based on the examination of exposed limits.

CyberCube has furnished clients with a list of SPoFs dependent on CrowdStrike Falcon and Windows OS. The outage impacts various versions of Windows operating systems, putting any organization or individual using these systems alongside CrowdStrike Falcon at risk of system crashes and operational disruptions.

The primary impacts of the CrowdOut Event align closely with scenarios in CyberCube’s Portfolio Manager aggregation model, particularly scenario classes 41 and 42, indicating a system failure or business interruption event. Secondary impacts may arise from additional SPoFs within this primary footprint, potentially leading to contingent business interruption (CBI) outages for companies relying on these SPoFs.

Organizations affected by the outage can anticipate a series of remediation and recovery efforts to commence promptly. Companies with robust IT resources are likely to recover faster, while ongoing disruptions may persist as patches are implemented and system stability is verified. Rolling back the update and applying patches necessitate specialized knowledge, posing challenges for small to medium-sized companies lacking access to IT staff or robust contingency plans.

CyberCube’s Cyber Aggregation Event Response Service (CAERS) has been activated in response to the CrowdStrike event, offering real-time intelligence on major cyber catastrophes worldwide. This service ensures that CyberCube clients have access to the most pertinent information as the situation unfolds. CyberCube remains vigilant in monitoring the evolving event and stands ready to assist customers in assessing the impact on their cyber insurance portfolios.

CyberCube stands as the premier provider of software-as-a-service cyber risk analytics, enabling the quantification of cyber risk in financial terms.

www.cybcube.com