How is it possible that in just a few moments there was a near-global technological blackout that affected airports, hospitals, factories and even some television stations?
The culprit turned out to be a faulty update of the Falcon application created by CrowdStrike. Falcon can be described as an antivirus, although this is an oversimplification. It is a much more advanced tool that analyzes all actions on the computer in real time, including those taken by users – how they use the network or what operations they perform on files.
For software like Falcon to function properly, it must run at a low layer of the operating system, the so-called kernel. ). In the CrowdStrike incident, a buggy update prevented Windows from starting. Affected computers were trapped in a loop from which they could not escape.
Was there a chain reaction?
Yes. By the time CrowdStrike realized they had released a flawed update, it had already hit many Falcon customers. And since both Falcon and Windows are very popular, the scale of the problem was global.
It is estimated that 8.5 million systems were affected by this failure.
From the outside, it could even look like a coordinated action. That’s why reports of an alleged cyberattack quickly appeared. However, they were denied by CrowdStrike. It was simply a mistake. A very costly one, but still a mistake.
There are many opinions that the recent incident was the largest IT failure in history. There were even comparisons to the famous Millennium bug.
It is difficult to compare this event to the millennium bug, a catastrophe that was supposed to occur on January 1, 2000, due to the method of recording the date by computers adopted several decades earlier. In that case, the worst-case scenario did not come true, also because we knew about the threat earlier and could have prepared for it appropriately.
In the case of Falcon, there was no such possibility.
This incident happened suddenly and surprised everyone. Its scope was so large because the Internet, computers and IT systems permeate all areas of our lives today. If such a failure had occurred 20-30 years ago, its scale would have been incomparably smaller. In addition, there is the problem of monoculture.
Monocultures?
In the context of IT, we are talking about the common use of the same types of software. If some software, such as an operating system, has a global reach, then the effects of its failure will also be global. Monoculture also makes the task easier for cybercriminals. They create tools that they can use en masse, in a repeatable manner. Since millions of computers use the same system, it is relatively easy to carry out an attack targeting all of these devices.
Doesn’t this incident show the dark side of technological globalization? Today, IT infrastructure is based on the software of several, sometimes a dozen or so, large corporations. Suffice it to say that Windows alone currently has a 70 percent share of the operating system market.
Yes, it is definitely a problem that poses a number of risks. And its scale is only getting worse due to the fact that monoculture covers an ever larger area. Any mistake, any accidental failure, or even a deliberate attack can lead to the paralysis of entire industries, such as transport, finance or energy.
While the recent outage was not the result of cybercriminals, we can be sure that they were closely monitoring these events. Can we expect hackers to attempt to cause a technological blackout in the near future?
Cybercriminals have long been aware of the potential that the globalization of IT systems creates for their activities. I write about this in the book “The Philosophy of Cybersecurity”, where I draw attention to the fact that the phenomenon of monoculture in the IT industry has been causing problems for a dozen or so years. Here we can mention, among others, the incident that took place in 2010. At that time, an update of the popular McAfee software caused the failure of tens of thousands of computers around the world.
Another example is a bug in Windows’ network layer that allowed hacking of any system by sending a few network packets. This vulnerability existed for almost 20 years! That’s why updates eliminating this bug were also made available for those versions of Windows that are no longer officially supported by Microsoft. The situation with CrowdStrike and Falcon is nothing new.
What does this incident teach us?
I will say perversely: Nothing. I know that this is not the answer you expected, but it is simply the brutal truth. Incidents of this kind will continue to happen. Of course, not always on such a significant scale. Because it must be admitted that few people expected that such a renowned cybersecurity service provider as CrowdStrike would cause a global outage of IT services.
Maybe at least some companies will decide to invest more in the security of their network infrastructure?
Companies calculate risk. They assess the high probability of a given incident. If it is low, they are very often able to accept the potential costs of negative consequences. It may turn out that long-term investments in additional security will be more expensive than the effects of a single event that occurs once every few or a dozen years. This is in line with the EU NIS Directive, in Poland included in the act on the National Cybersecurity System.
Of course, there are also industries that cannot afford even a minimal risk. This primarily concerns critical infrastructure, which should be ready for any incident. No one wants a long-term failure to affect, for example, the control systems of a nuclear power plant.
Let’s leave the big corporate world aside for a moment. What threats does the average “Joe” face online today?
These are primarily all kinds of scams related to extorting data and money, the famous phishing. A threat as old as the world, but effective, if only because cybercriminals are constantly improving their techniques.
Another increasingly serious problem is disinformation, which spreads primarily in social media. How easily the networked masses can be manipulated today was recently shown by, among others, Krzysztof Stanowski from Channel Zero.
He fabricated a recording from an alleged editorial board, in which he instructs his journalists not to “touch Zbigniew Ziobro”. It was supposed to be proof of Stanowski’s close ties to the United Right camp…
Many people fell for this provocation, or rather “creative trolling”. Prominent journalists and politicians uncritically believed in the authenticity of this recording, without any verification or fact-checking.
And this despite the fact that the source of this alleged leak was the compromised businessman Zbigniew Stonoga, who has never been known for his credibility. So where does this gullibility come from?
There’s a phenomenon called confirmation bias. It’s the tendency to favor information that confirms our existing beliefs and hypotheses. We believe something, we get evidence that confirms it, and we completely suspend any critical analysis.
The speed at which information spreads in social and electronic media helps in using this method of propaganda. We absorb information very quickly, which makes us take impulsive actions. There is no time for reflection. This helps in spreading propaganda, but harms society.
Perhaps the best option would be to uninstall Facebook and X?
This is quite a radical solution. Our goal should not be to completely cut ourselves off from information, but to slow down its absorption. So let’s start by turning off notifications – for example, at night or during work hours. Let’s avoid so-called doomscrolling, or mindlessly absorbing the latest news. The world will not end for us if we absorb some secondary information a little later.
Let’s focus on self-discipline. Let’s remember that no one is forcing us to be “up to date” all the time. Let’s slow down and turn on our critical thinking filters. This is the simplest and best way not to get lost in the thicket of disinformation and propaganda. Available to everyone.
—
Lukasz Olejnik –
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
