CrowdStrike flaw highlights importance of testing phase and potential impact on security

Latest news on the worldwide crash after a failure at a Microsoft company

July 19 (Portaltic/EP) –

The disruption to businesses around the world caused by the CrowdStrike platform failure This was not a security incident, but was apparently due to human error, but it does raise questions about the scope of technology today, which has grown in complexity, and the importance of the testing phase before a launch.

The flaw in CrowdStrike’s Falcon platform has affected businesses across all sectors around the world that use Microsoft-powered equipment, as it was identified in the content update for Windows hosts.

Crowdstrike CEO George Kurtz has confirmed that they are “actively working” with customers affected by this reported bug and that This is not a “security incident or a cyber attack.”

It is, however, an example of the scope that technology has today. “Technology and especially software are becoming more and more complex. Today, excess takes its toll and The quality of the software is not that it is lower, it is that it is much more complex”said the CEO of the Spanish technology company Pandora FMS, Sancho Lerena, in a note sent to Europa Press.

Crowdstrike has already identified and isolated the issue, and has even implemented a fix to address it. However, as Kaspersky explains, “the difficulty lies in the fact that when a problem of this nature occurs, each device (computer, laptop or server) must be rebooted into safe mode manually, since it cannot be done using management tools.”

Acronis CISO Kevin Reed has expressed the same opinion, noting that the faulty update “requires manual intervention to resolve, specifically rebooting systems in ‘safe mode’ and deleting the faulty driver file,” a process that “leaves systems vulnerable in the interim, potentially inviting opportunistic attacks.” He added that the interruption “appears to be caused by an error in its EDR agent, which unfortunately was not thoroughly tested.”

This problem “It could be a perfectly plausible attack vector, but it wasn’t,” clarifies in statements to Europa Press José Rosell, managing partner of S2 Group. “Apparently this It was a human error in an update. It was in the distribution of a file, erroneous, and this is simply a failure in the process, a mistake by a person who has distributed a file with a mistake.”

However, and “as a hypothesis”, such a failure could be exploited to design an attack with the same premises as the error. “It could be an attack vector, but I understand that the security firm also CrowdStrike will be sufficiently protected to prevent this type of passive attacks against its customers.“, Rosell clarifies.

THE IMPORTANCE OF TESTING

Reed also added that the interruption “appears to be caused by a bug in its EDR agent, which unfortunately was not thoroughly tested.” Both the firm and Kaspersky – which have provided explanations in their respective press releases – agree that the need for comprehensive testing before releasing updates.

Typically, security vendors usually accompany the release of updates with “a significant number of internal tests and checks,” as detailed by Kaspersky, which also highlights the importance of “respect the principle of granular release of updates,” That is, avoid distributing the update to all clients at the same time so that, in the event of a failure, it can be detected and resolved in the shortest possible time.

For Acronis’ CISO, “This incident highlights the importance of rigorous testing and phased updates. Typically, testing is done with every release and They can take from days to weeks, depending on the size of the update or changes.“, he adds.