This week, a significant IT outage affected numerous white-collar workers employed by foreign companies in the Chinese mainland. The disruption was caused by an unexpected malfunction of their work computers, which displayed the infamous \"blue screen of death,\" a critical error message associated with the Microsoft Windows operating system.
The root cause of the outage was traced back to antivirus software developed by U.S.-based CrowdStrike. Employers across various sectors, including airlines, telecom carriers, and banks, experienced severe operational disruptions as their systems went offline.
Interestingly, residents of the Chinese mainland were among the least affected, as CrowdStrike does not sell its products to customers in China. Wang Xin, a cybersecurity expert at Chinese software developer Kingsoft Antivirus, highlighted this distinction in an exclusive interview.
For those impacted, a temporary fix involves booting the computer into safe mode, deleting the problematic CrowdStrike files located at C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys, and then rebooting the system normally. This issue underscores the risks associated with relying on a single antivirus provider, especially when the software integrates deeply with the operating system.
Wang emphasized the importance of diversifying software providers to enhance cybersecurity resilience. "Antivirus is often users' last resort for cybersecurity. Naturally, users tend to put a lot of trust in it," she explained. She recommends using multiple operating systems, such as macOS or Linux, which are less likely to be affected by similar incidents.
The incident also highlights the broader implications for cloud-based security services. Wang noted that many Chinese companies already employ multiple cloud service providers, a practice that can mitigate the impact of such outages.
As China continues to strive for supply chain independence, the development of self-reliant software solutions becomes increasingly crucial. Wang confirmed that laptops with multiple operating systems installed, known as \"dual-boot\" or \"multi-boot\" systems, can continue to operate even if one OS encounters a driver failure.
Ultimately, the CrowdStrike outage serves as a wake-up call for businesses worldwide to reassess their cybersecurity strategies and consider adopting more diversified and resilient solutions.
Reference(s):
CrowdStrike strikes the crowd: What should we learn from it?
cgtn.com
