MADRID, (Portaltic/EP) – The disruption to businesses around the world caused by the failure in the CrowdStrike platform has not been a security incident, but is apparently due to human error, but it raises questions about the scope of technology today, which has grown in complexity, and the importance of the testing phase before a launch.
The flaw in CrowdStrike’s Falcon platform has affected businesses across all sectors around the world that use Microsoft-powered equipment, as it was identified in the content update for Windows hosts.
Crowdstrike CEO George Kurtz confirmed that they are “actively working” with customers affected by the reported bug and that it is “not a security incident or cyberattack.”
It is, however, an example of the scope that technology has today. “Technology and especially software are becoming more and more complex. Today, excess takes its toll and the quality of software is not just lower, it is much more complex,” said the CEO of the Spanish technology company Pandora FMS, Sancho Lerena, in a note sent to Europa Press.
Crowdstrike has already identified and isolated the issue, and even implemented a fix to address it. However, as Kaspersky explains, “the difficulty lies in that when such a problem occurs, each device (computer, laptop or server) must be restarted in safe mode manually, as this cannot be done using management tools.”
Acronis CISO Kevin Reed has expressed similar sentiments, noting that the faulty update “requires manual intervention to resolve, namely rebooting systems in ‘safe mode’ and deleting the faulty driver file,” a process that “leaves systems vulnerable in the interim, potentially inviting opportunistic attacks.” He added that the disruption “appears to be caused by a bug in its EDR agent, which unfortunately was not thoroughly tested.”
This problem “could be a perfectly plausible attack vector, but it wasn’t,” José Rosell, managing partner of S2 Group, explained to Europa Press. “Apparently this was a human error in an update. It was in the distribution of a file, an erroneous one, and this is simply a process error, a mistake by a person who distributed a file with a fault.”
However, and “as a hypothesis”, such a failure could be exploited to design an attack with the same premises as the error. “It could be an attack vector, but I understand that the security firm CrowdStrike will also be sufficiently protected to avoid this type of passive attacks against its clients,” Rosell clarifies.
THE IMPORTANCE OF TESTING
Reed also added that the interruption “appears to be caused by a bug in its EDR agent, which unfortunately was not thoroughly tested.” Both the company and Kaspersky – which have provided an explanation in separate press releases – agree on the need for thorough testing before releasing updates.
Typically, security vendors usually accompany the release of updates with “a significant amount of internal testing and verification,” as detailed by Kaspersky, which also highlights the importance of “respecting the principle of granular release of updates,” that is, avoiding distributing the update to all customers at the same time so that, in the event of a failure, it can be detected and resolved in the shortest possible time.
For Acronis’ CISO, “this incident highlights the importance of rigorous testing and rolling updates. Typically, testing is done with every release and can take days to weeks, depending on the size of the update or changes,” he adds.
#CrowdStrike #breach #highlights #importance #testing #potential #impact #security
2024-07-21 07:07:46