On Friday, massive outages were observed in Microsoft's Windows OS across the world, causing severe disruptions across sectors including aviation, banking, stock exchanges and hospitals after the Blue Screen of Death (BSOD) appeared in those impacted systems. BSOD is a blue critical error screen with white text displayed on Windows when the system encounters a fatal error that it cannot safely recover from. It halts the system to prevent damage to hardware or data corruption.

Initial indications have ascribed the outages to the malfunctioning of updates to the Falcon sensor that US cybersecurity company CrowdStrike provides to various Microsoft systems, including Azure, Microsoft 365 and Windows, for wider cybersecurity coverage as part of a partnership. CrowdStrike provides advanced endpoint (computers, servers, mobile devices) security for Microsoft environments, and helps organisations meet compliance requirements in Microsoft ecosystems.

The Falcon sensor is lightweight, with minimal impact on system performance, and collects telemetry data about activities and events occurring on the endpoint, including process executions, network connections and file system changes. It analyses this data real-time to detect potential threats or suspicious activities. It uses behavioural analysis to identify potential threats, rather than relying solely on signature-based detection.

Both Microsoft and CrowdStrike have assured that these outages are not due to cyberattacks, and systems would be restored soon. However, the scale and impact of this 'blue nightmare' - till date, the largest cyber outage - has sent concerns across businesses, governments and the tech community. It has renewed calls for better security and stability measures for digital technology systems.

The scale of Friday's BSOD 'glitch' has raised the need for greater cooperation on critical infrastructure protection that's heavily interdependent on digital systems. In an increasingly interconnected world, critical infrastructure relies heavily on software and cloud-based systems.

While these technologies offer numerous benefits, they also introduce significant cybersecurity vulnerabilities that can have far-reaching consequences when system failures happen, or when exploited. Common types of system vulnerabilities include buffer overflows, SQL (structured query language) injection and cross-site scripting. These often arise from programming errors, outdated systems or insufficient security testing. In critical infrastructure, software vulnerabilities can lead to system compromises, data breaches or even physical damage to equipment.

Likewise, cloud computing introduces its own set of vulnerabilities. These include misconfigured access controls, insecure APIs (application programming interface) and data breaches due to shared infrastructure. The distributed nature of cloud systems can make it challenging to maintain consistent security across all components.

Additionally, reliance on third-party providers introduces risks related to data sovereignty and supply-chain attacks. Even software updates and patch management carry their own degree of risks. In the current incident, these possibilities seem more credible.

Link: https://economictimes.indiatimes.com/opinion/et-commentary/as-we-rely-more-on-software-cloud-systems-so-does-the-need-to-address-cyber-vulnerabilities/articleshow/111870157.cms?from=mdr