days until DORA is in effect on January 17, 2025. Download your cheat sheet here.
Crowdstrike Incident - What Happened and What Now?
On Juy 19, 2024, the CrowdStrike system released an update that resulted in many Microsoft Windows-based systems failing. This led to worldwide disruptions for systems and organizations that rely on CrowdStrike.
Signs of this include hosts getting a bugcheck or blue screen error related to the Falcon Sensor. Hosts that use Windows 7/2008 R2, Mac, or Linux were not impacted. Hosts that were offline when the update happened and came back online were also not impacted, as the faulty file had been withdrawn by then.
Who was impacted?
As you are aware, CrowdStrike's influence was global. Many organizations around the world faced problems because CrowdStrike was widely used in global infrastructure and municipal systems.
If your devices have CrowdStrike as their Endpoint Detection and Response tool, users may see the “Blue Screen of Death” and not be able to use their applications.
How can I seek help, if my end users are still offline?
If you are experiencing any system or user repercussions from the Crowdstrike outage, please direct your team to contact the ECI Service Desk for immediate support.
What is Crowdstrike?
CrowdStrike is a cybersecurity technology company that offers endpoint protection, threat intelligence, and incident response services. They have a main product called the CrowdStrike Falcon platform, which is a cloud-based endpoint protection system that stops, finds, and deals with different cyber threats.
What technology was impacted?
Windows-based systems around the world are affected by this outage. It is possible that you or a vendor in your supply chain may rely on CrowdStrike. Because of this, many systems experienced interruptions.
Microsoft 365 email and other services such as SharePoint have been operational, according to Microsoft.
Was this a cyber attack?
This was not a hack or a security breach. It was a bad software update from CrowdStrike.
Was data breached?
According to CrowdStrike, this incident did not pose any threat of data leakage.
What do I need to do once everything is restored?
As servers are restored, please remind members of your organization to practice diligent cyber hygiene.
The US Cybersecurity and Infrastructure Security Agency (CISA) has alerted the public about several attacks in which hackers either pretended to be CrowdStrike, or claimed to be IT experts who could quickly resolve the issue.
As always, do not click any link, promoted as a hot fix or remediation. Please contact ECI directly, should you still be experiencing any issues.