“It looks like in the review or sandboxing that they do when they look at new code, this file may have been missed or slipped through,” said Steve Cobb, chief security officer at Security Scorecard.
Some systems there were also affected by the global problem. The latest version of the “Falcon Sensor” software was intended to make the systems of Crowdstrike customers more secure. However, faulty code in the update files led to outages at companies using Microsoft’s Windows operating system worldwide. Austria was not spared either.
Patrick Wardle, a security researcher who specializes in studying threats to operating systems, told Reuters his analysis had identified the code responsible for the outage. It was located in a file that contained either configuration information or signatures. Signatures are code that detects certain types of malicious code or malware. “It’s common for security products to update their signatures, regarding once a day… because they’re constantly on the lookout for new malware and because they want to make sure their customers are protected from the latest threats,” Wardle said. “The volume of updates is probably why Crowdstrike hasn’t tested it that often.”
Faulty code
It is unclear how the faulty code got into the update and why it was not discovered before it was released to customers. “Ideally, the update would have been released to a limited group of customers first,” said Huntress Labs’ lead security researcher. “This would have been safer and might have avoided the chaos.”
The global failure of IT systems caused massive problems around the globe on Friday. International air traffic was particularly affected, but banks and media, institutions and supermarkets also reported disruptions.
“We apologize for the problems”
Crowdstrike CEO George Kurtz apologized to US broadcaster NBC New. “We apologize for the problems we caused for customers, travelers and everyone affected, including our company.” The problems would be resolved quickly, but it might take a while for some systems that might not be restored automatically.
On Friday, services ranging from airlines to healthcare to shipping and finance came back online following outages that often lasted for hours. But many companies are still grappling with a backlog of delayed and canceled flights and doctor’s appointments, missed orders and other problems that might take days to resolve.
Meanwhile, the Australian Cyber Security Authority is warning of “malicious websites and unofficial code” on the Internet that are supposed to help restore the failed systems. Affected customers should only rely on official information and updates from Crowdstrike.
