July 22, 2024

CyberSec Roundup
A synopsis of the Latest Cybersecurity News

 

Y2K in 2024

Fears at the turn of the century of a major computer outage due to the Y2K bug were realized for many last Friday when Windows computers worldwide suddenly got stuck at a “Blue Screen of Death” and were unable to boot up.  What many thought was a cyberattack was, in fact, the result of a faulty update of a software tool used to help prevent cyberattacks. This effectively disabled many business computers worldwide in almost every sector, from finance to healthcare and air travel.

Crowdstrike’s Faulty Update

Crowdstrike, a cybersecurity company with a massive customer base, pushed a faulty automatic update to its Falcon agent. Falcon is installed on the customer’s machine and runs in kernel mode (unlike most apps run in user mode) so it can monitor the core activities of the Windows operating system. The update had a bug that was incompatible with the Windows OS, preventing those machines from booting up normally, with users seeing the BSOD.

Fix and Impact

Crowdstrike communicated the fix to its customers, which required them to roll back the update manually by deleting the bugged system update file. Since these steps largely needed to be done in person at the machines by the company’s IT personnel, it was a time consuming but effective fix. While this problem was caused by a buggy update from Crowdstrike that should have been caught before it was deployed, this issue only affected Windows computers with Falcon installed. Windows allows more of these types of processes to run in kernel mode compared to Mac, allowing Macs to generally be less susceptible to these types of issues.

Exploitation

Some threat actors attempted to take credit for the outage, saying they purposely inserted the bug into the update, while others have attempted to take advantage of the ensuing confusion. Crowdstrike issued an update to customers, stating that a malicious ZIP archive named crowdstrike-hotfix.zip is being falsely circulated as a recovery fix, but it is malware that will give the threat actor remote access to the machine. There is also an increase in phishing emails attempting to offer support, so customers need to be vigilant and only access help via official Crowdstrike channels.

 

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500

In Uncategorized
Share this post? Twitter Facebook Google+
Prev Post
Next Post

Recent Posts

CyberSec Roundup – 10th September, 2024

CyberSec Roundup – 22nd July, 2024

July 22, 2024

CyberSec Roundup – 3rd June, 2024

June 3, 2024

×

Hello!

Glad to see you here, You can directly contact us on WhatsApp. We would are happy to assist you!

× Whatsapp Us