This is going to turn out it was a hack in several months right?
Won’t take that long, security researchers are already decompiling the update to see if it was malicious or incompetence.
You won’t find the incompetence in the software no matter what.
If you fail to assume that the software contains issues – if you fail to understand that your software is made by humans and humans make mistakes, not because they’re bad but because they’re human – and if you fail to implement mechanisms to feel gracefully with inevitable failures, THAT is the incompetence.
Failures are systemic.
Hacks of this grade tend to be targeted, this is most likely incompetence.
A lot of companies will get calls from the “provider” offering help with mitigation so that additional features can also be installed. This is a time to be extra wary.
Edited: spelling
Think big. This may have had a target. But hitting the target only wasn’t possible so everyone got hit.
It’s possible those responsible only had this weapon that was capable of hitting the target, maybe the plan was to disrupt world flights to make someone late tomorrow, who knows. Maybe poo-tin or Xi-the-Pooh wanted to hit America and its allies?
A state actor will use more precise techniques to attack specific targets. Think SolarWinds and Stuxnet.
Ransomware doesn’t apply here and tends to depend on phishing first anyway.
Even terrorists have specific targets in mind.
So it’s either Bond villains or incompetence.
Edit: The only way i can fit your comment would be an incompetent script kiddy. Even then, doesn’t make sense as all systems were not directly attacked, as would be the case, but rather through what would have to be a side-channel attack, so no.
I’ll just quietly leave this here: https://www.crowdstrike.com/blog/crowdstrike-google-cloud-expand-strategic-partnership/
Never attribute to maliciousness that which can be explained by incompetence.
That said, I’m sure the Crowdstrike CEO is currently on a phone call with three of their pet Congresscritters asking if they can get a $100M grant to harden their systems against Russia/China/NKorea/Antifa interference right now.
Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.
It’s basically corporate anti-virus software. Intended to detect and prevent malware.
Apparently it’s the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they’re malicious or not
I know there is a lot of marketing fluff, but yes, it is an EDR. Which means instead of just checking file signatures against a database if known bad stuff, it actually examines what applications do and makes a sort of judgement on if it is acting maliciously or not. I use a similar product. Although the false positives can sometimes be baffling, it honestly can catch a legit program misbehaving.
On top of that, everything is logged. Every file, network connection, or registry key that every process on the computer touches is logged. That means when something happens, you can see the full and complete list of actions taken by the malicious system. Thus can actually be a drain on the computer, but modern systems handle it well enough.
Ransomware you have to pay $10,000 every few years. Crowdstrike you have to pay $1,000 per month. Same number of outages for both. /s
Can you tell whether this update was delivered by Crowdstrike’s own update delivery pipeline of via Window’s update pipeline?
This is why you do staged rollouts of updates… not the entire planet at once.
So true, this really highlights the risk of updates impacting critical systems vs critical systems being exposed to critical vulnerabilities. Its a real balancing act.
I don’t know exactly how crowd strike works, but this sounded like a “virus signatures” update (IE not a software update per se). And thats what caused the issue.
I think “real time virus protection” is why people use it so they expect the signatures to get updated asap/with little to no human intervention.
This is a crowd strike epic fail…for how they let their software blue screen systems with a virus signature update.
I work in QA on the night shift at a video game company. It was absolute chaos at work tonight lmao we only had a grand total of 6 working PCs between all of us
So cool
