Evaluating and Mitigating Cybersecurity Threats from System Update Vulnerabilities through the CrowdStrike Case

Abstract

The $5 billion update error in CrowdStrike’s security software led to global disruptions, affecting airports, hospitals, and banking systems. This issue, caused by a faulty software update, resulted in Microsoft Windows computers experiencing "blue screen" failures, impacting approximately 8.5 million devices globally and requiring manual restarts. The malfunction halted aviation, disrupted healthcare services, and disabled some TV channels. Insurance company Parametrix estimated $5.4 billion in losses for 25% of affected Fortune 500 companies in the US and around $15 billion globally. This paper examines the cybersecurity risks associated with vulnerabilities introduced by system updates, with a focus on critical infrastructures. To assess these risks, vulnerability scans were conducted across 12 critical infrastructure organizations, revealing an average 27% vulnerability rate related to updates. Through this study, we identify the evolving threat landscape and propose mitigation strategies to enhance cybersecurity posture, targeting a performance improvement of over 90%.

Keywords

• CrowdStrike Case
• Critical Infrastructure
• Cyber Security
• Vulnerabilities
• System Analyse.

References

1. [1] J. Franks, U.S. Government Accountability Office Letter, “CrowdStrike Chaos Highlights Key Cyber Vulnerabilities with Software Updates”, 2024.
2. [2] Premakanthan, Nihila. (2024). Analysis of the CrowdStrike Software Update Failure.
3. [3] Techfunnel Magazine Online (2023), https://www.techfunnel.com/information-technology/patch-management-challenges/
4. [4] Tariq, U.; Ahmed, I.; Bashir, A.K.; Shaukat, K. A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review. Sensors 2023, 23, 4117. https://doi.org/10.3390/s23084117
5. [5] Redscan Magazine Online (2020), https://www.redscan.com/news/state-of-cybersecurity-uk-universities-foi-report/
6. [6] Global Threat Report (2023), https://goo.by/aTlWwA
7. [7] Cyber Security and Infrastructure Security Agency (CISA) Cyber Security Report (2023), https://goo.by/NdLTyB
8. [8] TUĞAL, İ., ALMAZ, C., & SEVİ, M. (2021). Üniversitelerdeki Siber Güvenlik Sorunları ve Farkındalık Eğitimleri. Bilişim Teknolojileri Dergisi, 14(3), 229-238. https://doi.org/10.17671/gazibtd.754458

9. [9] Micheal Roytman, Ed Bellis (2023), Modern Vulnerability Management – Predictive Cybersecurity, Artech House Publishment. ISBN: 13:978-1-63081-938-5.
10. [10] T. Tuncer, H. İŞ,(2018) Impact of End Users on Enterprise Cyber Security, International Engineering and Natural Sciences Conference,1,8, ISBN. 978-605-81971-3-8
11. [11] T. TUNCER, H. İş, (2018), Analysis of Cyber Security Vulnerabilities in Corporate Networks, International Engineering and Natural Sciences Conference, 1,11, ISBN. 978-605-81971-3-8.
12. [12] H. İŞ, "LLM-Driven SAT Impact on Phishing Defense: A Cross-Sectional Analysis," 2024 12th International Symposium on Digital Forensics and Security (ISDFS), San Antonio, TX, USA, 2024, pp. 1-5, doi: 10.1109/ISDFS60797.2024.10527274.
13. [13] Hafzullah Is. 2024. Strategic Approaches to Eco-Efficient Computing in Institutional Environments. In Proceedings of the Cognitive Models and Artificial Intelligence Conference (AICCONF '24). Association for Computing Machinery, New York, NY, USA, 186–190. https://doi.org/10.1145/3660853.3660910