By Cian Heasley, Threat Lead at Adarma
In response to the recent global outage caused by Crowdstrike’s software update, Adarma’s Threat Team is actively monitoring the situation. We are working with both affected and unaffected customers to provide support and ensure their security needs are met. If you are concerned about your cybersecurity or require support, please contact the Adarma Threat Team at hello@adarma.com.
It is believed that the outage is not linked to malicious cyber activity or a vulnerability in Crowdstrike software. Instead, it has been attributed to a faulty software update pushed to the CrowdStrike software installed on affected endpoints.
Geroge Kurtz, president of CrowdStrike said the problem was caused by a “defect found in a single content update for Windows hosts.” Writing on X, Kurtz added, “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
If you are impacted by the recent outages, here are some workaround steps to help get you back online to receive the necessary updates from CrowdStrike:
1. Boot Windows into Safe Mode or the Windows Recovery Environment (WRE).
2. Navigate to C:\Windows\System32\drivers\CrowdStrike.
3. Locate and delete the file matching “C-00000291*.sys”.
4. Boot normally.
Note: BitLocker-encrypted hosts may require a recovery key.
With the move to the cloud, accelerated by the global pandemic, this incident highlights just how interconnected we’ve become and how interdependent platforms and systems are. It also emphasises the potential for major problems to arise due to a single error and why a comprehensive defence strategy and well-rehearsed response plan is vital to maintaining operations during a crisis. While individual tools may experience downtime, a robust strategy with multiple independent but interconnected controls will help maintain security.
Regular backups of Windows servers and endpoints can be an effective way to remediate this situation, allowing a rollback to a snapshot taken before the faulty update was pushed. This underscores the importance of a good backup system for maintaining organisational resilience.
During any outage or service issue, there is a risk of malicious individuals taking advantage of the confusion to commit fraud or scams. They might do this by sending carefully crafted phishing emails pretending to be from tech support, or by making phone calls that seem to be from IT services.
Adarma provides customised cybersecurity solutions to assist businesses in achieving future-ready cyber resilience. Our approach enables organisations to decrease cyber risks by implementing effective threat intelligence, exposure management, and detection and response capabilities. We offer tailored threat intelligence, technological solutions, and strategic consultations that cater to our customers’ specific security requirements and business goals. Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data.
Discover our tailored services and find out why we are the preferred security partner for FTSE 350 firms.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
