Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

July 19, 2024 TH Author Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Compliance&Risks, Trend Micro Research : Data center, Trend Micro Research : Endpoints, Trend Micro Research : Expert Perspective

CrowdStrike Global IT Outage: Experts Weigh In | Trend Micro (US)

Compliance & Risks

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

By: Trend Micro July 19, 2024 Read time: ( words)

This is an extremely unfortunate situation for those affected, and we hope for a speedy remediation and recovery for all those involved.

While many eyes will be focused on the recovery of their Windows environment, it is important to remember to diligently monitor your non-Windows environments, as adversaries can take advantage of distracted teams. Our research team is constantly watching the general landscape to see if threat actors are taking advantage in any way and will share any significant developments here.

In the quest to stay a step ahead of the bad guys, sometimes software is pushed quickly. And the nature of software is that there are sometimes bugs. It is important to have processes in place to catch and mitigate bugs quickly, and to evolve software deployment processes to avoid impacting an entire global customer base simultaneously.

At Trend, we have a variety of resilience strategies based on our own experiences that we continually enhance across our people, process, and technology. We take a ring deployment approach that allows us to roll out software updates in batches starting with our own internal deployment, and then to groups of customers to limit exposure if issues are found. Additionally, we have blue screen of death (BSOD) monitoring and operational capabilities to rollback affected builds rapidly.

Trend continues to be on standby to help and we will continue to monitor the situation and provide updates from our research team in this blog.

Current threat activities seen or concerned about
Updated: July 19 at 4:00 pm CT

Per our comment above, adversaries take advantage of these incidents to target victims with a multitude of attacks. We recommend you be on the lookout for:

Phishing emails using the incident as a lure to click a link or open an attachment
Technical support scams
Adversaries targeting your non-Windows infrastructure

An example of a technical support scam is one recently found:

On 2024-07-18, CrowdStrike deployed a defective update that leads to Windows machines running CrowdStrike Falcon being stuck in an endless boot loop (or BSOD).

This program fixes that, and removes the defective updates from a Windows machine. The program is portable, without any dependencies, and can be used on USB flash drives, too.

PAYMENT

Product Type Supported Architectures Price Windows binary amd64 / x86 500.000 EUR Source Code (go) any 1.000.000 EUR

Wallet address: 0x1AEAe8c6F600d85b3b676ac49bb3816A4eB4455b
Accepted payment options: BTC or ETH

This comes from a crypto scam site: fix-crowdstrike-apocalypse[.]com.

You May Also Like

Massive Phishing Campaigns Target India Banks’ Clients

IoT and Zero Trust Are Incompatible? Just the Opposite VP of Cybersecurity

This Week in Security News – January 14, 2022