On July 19, 2024 a faulty update from CrowdStrike caused widespread crashes of Windows systems, affecting businesses globally. The update led to Blue Screens of Death (BSOD) and system reboots, impacting services like Google Cloud and Microsoft Azure. Ultimately affecting some of Australia's biggest businesses like Commonwealth Bank, Telstra and Qantas just to name a few.
Later on July 19, CrowdStrike identified and fixed the issue, advising manual deletion of a specific driver file which can be done by following these steps:
Boot Windows in Safe Mode or Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Find the file named "C-00000291*.sys" and delete it
Restart the computer or server normally
Lessons from the incident
Technology monopolies like CrowdStrike and Windows are posing one of the biggest IT challenges to date, if one goes down, all goes down. Diversifying which services we use on a daily basis should become one of the top priorities.
Some might argue that this isn't a cybersecurity challenge but if we analyse the 3 core elements that cybersecurity aims to protect, also known as CIA:
Confidentiality
Integrity
Availability
The CrowdStrike incident clearly affected Availability.
On top of that, threat actors are currently exploiting the disruption for phishing attacks by spreading malware disguised as CrowdStrike updates.
As a leading cybersecurity company, we are on the forefront of security research, constantly monitoring for emerging threats. With best in class security expertise, we are able to help you secure your assets to the highest levels.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.