What is CrowdStrike, the platform at the centre of the global system outage?



A global outage affecting computer systems around the world and impacting banks, airlines, news organisations, hospitals, retailers and a host of other corporations and services in Australia was caused by
According to an alert sent by CrowdStrike to its clients and reviewed by Reuters, its widely used “Falcon Sensor” software is causing Microsoft Windows to crash and display a blue screen, known informally as the “Blue Screen of Death”.

It’s causing mass havoc and is being described as potentially one of the biggest global outages ever.

Here’s what you need to know about what the program is.

What is CrowdStrike?

It is a US-based global cybersecurity and threat intelligence company and multi-national software solutions provider.
Toby Murray, Associate Professor in the School of Computing and Information Systems at the University of Melbourne, said Falcon monitors the computers that it is installed on to detect hacks and respond to them, in what is known as an Endpoint Detection and Response (EDR) platform.
“That means that Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave,” Murray said.

“For example, if it detects that a computer is infected with malware that is causing the computer to communicate with an attacker, then Falcon could conceivably block that communication from occurring.”

He said if Falcon was suffering a malfunction, it could be causing a widespread outage because it was widely deployed on many computers, and because of Falcon’s “privileged nature”.
“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats (so it can better detect them),” Murray said.

“We have certainly seen anti-virus updates in the past causing problems.”

Why did the outage occur?

CrowdStrike CEO George Kurtz said the issue was not a
Dave Parry, dean and professor in the School of IT at Murdoch University, said it appeared to be related to an update to Falcon Sensor, which is owned by CrowdStrike and is a Windows-based tool to detect and respond to cybersecurity threats.
That update seems to have caused a problem with Windows, possibly the Windows 10 operating system.”That means that the machines that have had this update, effectively are doing a thing called the ‘blue screen of death’,” Parry said.

“This means their machines want to reboot, but then they can’t be rebooted, and so the machines basically become useless.”

Why is the outage so huge?

Parry said CrowdStrike is a very large company, used by many more companies to detect and protect against threats.

“The issue will affect very, very large numbers of machines around the world. It’s not a cyber attack, but it’s just an interaction of the two pieces of software,” Parry said.

Why was CrowdStrike part of a US election conspiracy?

After the company investigated Russia’s role in the 2016 US elections, it became part of a discredited conspiracy theory in far-right circles that Former US president Donald Trump was victim of a “deep state’ plot to undermine him.
CrowdStrike determined in June 2016 that Russian agents had broken into the Democratic National Committee’s network and stolen emails and its findings were confirmed by FBI investigators.
Some internet users falsely claimed CrowdStrike was owned by wealthy Ukrainians.
Trump made reference to the conspiracy theory in a call with Ukrainian President Volodymyr Zelenskyy in 2019.
“I would like to find out what happened with this whole situation with Ukraine, they say CrowdStrike. I guess you have one of your wealthy people,” he said.

“The server, they say Ukraine has it … you or your people, and I would like you to get to the bottom of it.”



Source link