The Download
By now you know all about the CrowdStrike bug that brought down enterprises, major financial institutions, agencies of the US Dept of Defense, airlines, Federal and local government systems and even small businesses. Interos has done preliminary analysis on the economic impact of the bug and estimates that the bug impacted 627,620 direct customers in over 1200 unique industry sectors. Those customers in turn impacted over 49 million more of their customers. Interos estimates that enterprises (clearly large ones) lost on average $100M from the downtime caused by the bug.
The most visible impact were on airlines that had to ground their flights and travelers being stuck in airports globally. However, the impact also affected core digital systems including Microsoft M365 which is the primary email and collaboration platform for most small businesses managed by their MSP. Of course large companies use M365. Microsoft reported being able to restore service after a day of working to rebuild their M365 cloud service.
What You Can Do
Because many MSPs utilize M365, Azure cloud, and CrowdStrike for their SMB customers, many are continuing the painful restoration of service. The best option is to continue to follow CrowdStrike guidance on how to properly remove the offending file that caused the dreaded blue screen of death and safely restore the system.
It is important to reach back to authoritative sources such as the CrowdStrike guidance above or Microsoft. Do not follow guidance willy nilly that may land in your inbox. CrowdStrike and others are already reporting on malicious campaigns to get firms to install unauthentic and possibly malicious software masquerading as a fix.
Longer term, the industry will need to build in safeguards from this kind of catastrophic bug which was enabled by poor QA and release process that allowed a kernel level driver to crash from reading a buggy data file. The safeguards will likely be on the customer side to prevent kernel level updates outside of their control, while vendords need to prove they are not introducing bugs that can crash their systems.
While Microsoft was affected by the kernel level bug, Linux and MacOS were not affected. Allowing vendor software to run with ring 0 privileges continues to be somewhat controversial as many in the security community believe it is essential to detecting threats, while those in the operations side feel the risk outweighs the benefits.
ThreatMate service is unaffected by the CrowdStrike bug and we continue to monitor our clients threat exposure.
To Learn More: