“Perfect storm” – CrowdStrike VP apologizes as Congress hearing into outage begins
Following July 2024 Crowdstrike incident, in which millions of Windows machines crashed due to a broken software update for its endpoint protection software, the company’s senior VP for counter adversary operations, Adam Meyers, appeared at a cybersecurity subcommittee hearing at the US House of Representatives to say the company was “deeply sorry”.
Meyers was left to testify in the absence of CEO George Kurtz who, per The Register, declined to testify. Explaining the issue to lawmakers, Meyers said that the company released 10 to 12 content updates, like the one that caused the major incident, per day, and that a “perfect storm of issues”, described in his written testimony (PDF), conspired to put much of the world’s IT’s systems into meltdown, requiring a manual fix.
He claimed these content updates were now under increased scrutiny to ensure quality control, but lawmakers remain unconvinced that kernel-level access to Windows – what enabled the incident to occur – is necessary, but Meyers explained that he sees visibility into all aspects of the operating system as vital for Crowdstrike to function.
Kernel-level access in endpoint security
“You can provide enforcement, in other words, threat prevention, and ensure anti-tampering,” said Meyers, stressing tampering at the Kernel-level was exactly the cause of ransomware attacks on MGM Resort International’s computer systems linked to their casinos and hotels.
Despite the fact these attacks still took place (though it’s unclear as to exactly what cybersecurity measures MGM Resorts had in place) , Meyers continued to advocate for Kernel-level access by claiming that the group of threat actors responsible, Scattered Spider, are “using new techniques to elevate their privilege in order to disable security tools on a regular basis.”
“In order to stop that from happening,” he said, “we will continue to leverage the architecture of the operating system.”
So, ultimately, nothing has changed, but security experts at other cybersecurity software companies argue that it’s not kernel-level access that’s the issue, but how it’s managed, with The Register noting that Trellix pushes kernel-level updates just once a quarter.
Given the extent of the damage to vital systems infrastructure; including cancelled Delta flights affecting half a million people, perhaps it’s unsurprising that Microsoft is looking to provide additional security capabilities outside of kernel mode in the future.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
Following July 2024 Crowdstrike incident, in which millions of Windows machines crashed due to a broken software update for its endpoint protection software, the company’s senior VP for counter adversary operations, Adam Meyers, appeared at a cybersecurity subcommittee hearing at the US House of Representatives to say the company was…
Recent Posts
- Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers
- I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year
- How to use the latest AI video editing tools in Google Photos
- The Best Ebook Readers, Tested and Reviewed (2024)
- Instagram stops the ‘rug pull’ that disappears videos while you’re watching them
Archives
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- December 2011