CrowdStrike Incident: Proof Critical Infrastructure is not Prepared for Real Cyber Threats

The Crowdstrike Incident: Why U.S. Critical Infrastructure Remains Vulnerable

Crowdstrike Incident

Introduction

After my third trip to LAX in a single day to drop off a friend battling endless flight delays and cancellations due to the global Crowdstrike Incident, my mind began to wander. First, will my repeated treks through LAX’s notorious traffic to save my friend cab fare earn me some angelic wings in the afterlife? And second, how would the world respond to a genuine coordinated attack on our critical infrastructure? The latter question weighs heavily, especially after navigating the chaos sparked by a mere software outage.

Table of Contents

Crowdstrike Incident: Global Outage

On Friday, July 19, 2024, CrowdStrike pushed out a faulty update to their Falcon Endpoint Detection and Response (EDR) causing an estimate of 8.5 million devices to crash:

“July 20 (Reuters) – A global tech outage that was related to a software update by cybersecurity firm CrowdStrike (CRWD.O), opens new tab affected nearly 8.5 million Microsoft (MSFT.O).” (https://www.reuters.com/technology/microsoft-says-about-85-million-its-devices-affected-by-crowdstrike-related-2024-07-20/) Microsoft further amplifying this in a blog post on the same day that, affected Windows devices [equated to] less than one percent of all Windows machines. “A software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as healthcare or banking.”

Due to the massive scale of the outage, many of these affected industries are still not running at full capacity, causing a major strain in the global population’s day-to-day affairs. Some of the major concerns experienced by Redbot Security’s clients; and witnessed first-hand while senior testing consultants were onsite for penetration testing of Critical Services with Industrial Control Systems and SCADA environments, concluded that the media only mentioned the main industries, such as travel, shipping, and financial, but failed to mention or highlight any impact to power, water, electricity, waste treatment facilities, etc., which could have had incredibly alarming effects on the global population.

As of writing this blog post, the CEO of CrowdStrike released a statement addressing the incident and providing guidance on how to mitigate the corrupted update: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/. However, due to the scope of the damage, the need for manual intervention to correct these devices may be another factor in why the world will be feeling the sting from this event for days to come. Yes, you read that correctly, AI and automation did not save IT and security teams from a loss of sleep and exhaustion as they manually went machine-to-machine to issue repairs. These are our unsung heroes and heroines; for which, we salute you.

Interestingly enough, sighs of relief were expressed on the news and the tech blog-o-sphere because the outage wasn’t from the actions of malicious actors. I think this cautionary tale should illicit great concern for what our ever-growing technological futures look like when facing real and potentially damaging cyber threats.

How critical is the state of our infrastructure?

Water power and utility OT Network Testing - Redbot Security

Here at Redbot Security, we specialize in performing penetrations tests against Operational Technology (OT) Networks, targeting SCADA and Industrial Control System (ICS) environments. Our team has had remarkable success compromising these networks due to outdated software in use, lack of proper network segmentation between the IT network to the OT network, default admin credentials for SCADA devices, and lack of endpoint security solutions to detect and prevent malicious threats. Take into consideration, these have been assessments for organizations that have the time and resources to include third-party penetration tests in their security program. Globally, many ICS and SCADA environments do not have the budget or personnel to ensure a robust security posture to defend against Advance Persistent Threats (APTs), especially those funded by nation-state threat actors.

In March 2024, The U.S. Department of the Treasury sanctioned the Chinese company Wuhan Xiaoruizhi Science and Technology, and individuals Zhao Guangzong and Ni Gaobin, for cyberattacks targeting U.S. critical infrastructure. These actors were linked to the Chinese state-sponsored APT 31 hacking group.

https://home.treasury.gov/news/press-releases/jy2205

Even abroad we see similar attacks taking place. An article from UC Santa Cruz details malware attacks on Ukraine’s power grid, specifically Industroyer One and Two, which caused significant blackouts in 2016 and 2022. These attacks, attributed to Russian military intelligence, highlight the evolving threat of cyberattacks on physical infrastructure.

https://news.ucsc.edu/2024/05/ukraine-cybersecurity.html

It does not come as a surprise, that most successful attacks against Industrial Control Systems often originate from social engineering tactics, where attackers manipulate individuals to gain initial access. This could involve phishing emails, pretexting, or baiting to trick employees into revealing sensitive information or granting access to the network. Once the initial foothold is established, attackers can move laterally within the network, exploiting vulnerabilities and escalating privileges to reach and compromise critical systems. The human element remains a significant vulnerability, emphasizing the need for comprehensive security awareness training and robust phishing defenses in ICS environments.

As global conflicts intensify, the frequency and sophistication of cyberattacks against Industrial Control Systems are poised to rise. Critical infrastructure, such as power grids and water supplies, are increasingly at risk, exacerbated by the shortage of cybersecurity professionals and limited resources dedicated to defense. This alarming trend underscores the urgent need for robust cybersecurity measures and international cooperation to safeguard essential services from disruptive and potentially devastating cyber incidents. Proactive investment in cybersecurity talent and technology is crucial to counter these growing threats.

Protecting Critical Infrastructure

Protecting Industrial Control Systems (ICS) and SCADA systems from cyberattacks is critical for maintaining the integrity of essential services. Organizations can take the following steps to safeguard their critical assets, tailored to their budget and personnel capabilities:

For Organizations with Sufficient Budget and Personnel:

  • Comprehensive Security Assessments: Regularly conduct security assessments and vulnerability scans to identify and mitigate potential threats.
  • Network Segmentation: Implement robust network segmentation to isolate critical systems and limit the spread of malware.
  • Advanced Threat Detection: Utilize advanced intrusion detection and prevention systems (IDS/IPS) tailored for ICS environments.
  • Continuous Monitoring: Establish 24/7 monitoring of networks and systems to detect and respond to anomalies in real-time.
  • Employee Training: Invest in ongoing cybersecurity training programs for employees to recognize and respond to potential threats.
  • Incident Response Plan: Develop and regularly update an incident response plan, including simulations and drills to ensure preparedness.

For Organizations with Limited Budget and Personnel:

  • Basic Security Hygiene: Ensure all systems are patched and up-to-date to prevent exploitation of known vulnerabilities.
  • Firewall and Access Control: Implement basic firewall protections and strict access controls to limit unauthorized access to critical systems.
  • Regular Backups: Maintain regular backups of critical data and systems to enable quick recovery in case of an attack.
  • Use of Open-Source Tools: Leverage open-source security tools for monitoring and protecting ICS environments.
  • Third-Party Security Services: Consider partnering with third-party security service providers for managed security services, which can be more cost-effective.
  • Employee Awareness: Conduct basic cybersecurity awareness training for all employees to reduce the risk of phishing and other social engineering attacks.
  • By adopting these tailored strategies, organizations can enhance their cybersecurity posture, regardless of their budget constraints, ensuring the protection of their critical ICS and SCADA assets from evolving cyber threats.

While defending your network from cyber threats is more crucial than ever, having the right team to navigate through the myriads of roadblocks is the perfect start. At Redbot Security, we specialize in providing expert consultation and guidance on the best practices to secure your infrastructure. Our team of seasoned professionals can help identify vulnerabilities, fortify defenses, and ensure your systems are resilient against attacks. Do not wait for a breach to happen—contact us today for a comprehensive security consultation and request a quote for a penetration test to uncover and address potential weaknesses before they can be exploited. Your security is our priority.

Reflecting on the CrowStrike Incident

As we reflect on the CrowdStrike incident, we can see it as a mild preview of potential cyber disasters. Flight delays and cancellations are inconvenient, but they pale in comparison to the havoc a cyberattack on critical infrastructure would wreak. People lose their collective minds every time popular social media platforms go down for an hour. Imagine a national blackout or a crippled water plant: transportation, healthcare, and communication systems would collapse, leading to chaos and life-threatening situations. The risk to public health and safety is immense. This underscores the urgent need for robust cybersecurity measures. Hopefully, my frustration from wasted trips to the airport is just fuel for awareness, because we still have time to act!

Author: Keith Cox

Keith’s 8-plus years as a security professional has bolstered his ability to effectively demonstrate risk to clients, covering a diverse range of assessment types. Learning new techniques and new technologies is a passion and Keith loves to share knowledge, helping to mentor new cybersecurity engineers.

Keith has worked as an expert Penetration Testing Engineer for CynergisTek, Inc. and Rapid 7. Keith Attended the University of California and takes pride in Mentoring junior Security Associates and Security Analyst team members, distributing knowledge to peers about newly created or discovered tools, techniques and procedures.

Penetration Testing Services -Offensive Security

Book a discovery call or request a rapid quote for services, tailored to your priorities and budget

Expert Project Scoping

Sr. Level Manual Penetration Testing - Within Budget
Contact Us
get a quote

From manual testing of IT Networks and Web / Mobile Applications to advanced Red Team operations, Cloud Security, and OT-network assessments, Redbot Security delivers laser-focused, senior-level expertise,  without breaking the bank.

Related Articles

Ransomware Nightmare

Android Malware – Risks, Detection & Mitigation

Redbot Security

Android remains the No. 1 target for mobile malware. This guide explains how attackers craft droppers, spyware, and banking Trojans, and shows the concrete steps security teams can take to detect, analyze, and shut them down before they breach data.

IDOR Fix

What is Insecure Direct Object Reference (IDOR)

Redbot Security

One tweaked URL could expose every customer record. This article unpacks how IDOR works, shows real attack paths, and gives security and dev teams a concrete checklist to detect and eliminate the flaw before it’s exploited.

PHP Insecure Deserialization: A Critical Vulnerability Explained with Examples

PHP Insecure Deserialization, Risks & Fixes

Redbot Security

Insecure deserialization in PHP lets attackers send crafted objects that turn into remote code execution once unserialize() runs. This article breaks down the attack chain, provides real PoC insight, and lists hardening tips your dev and security teams can deploy today.

Offensive Security - Redbot Security

What is Offensive Security?

Redbot Security

Discover Offensive Security and learn how Offensive Security can help strengthen your cybersecurity posture. Links to tools.

Pen Testing Industrial Control Systems

ICS/SCADA Penetration Testing: A Practical Starting Point

Redbot Security

Industrial control networks demand ultra-careful testing. This starter guide explains how to scope, schedule, and safely execute ICS & SCADA penetration tests, revealing real-world attack paths in PLCs, HMIs, and legacy protocols, then translating findings into actionable fixes your OT engineers can deploy immediately.

Machine Learning & Artificial Intelligence

AI & Machine Learning in Penetration Testing | Redbot Security

Redbot Security

AI and machine learning are reshaping the threat landscape, automating exploits and accelerating breach speed. Redbot Security breaks down how these technologies work, why they matter to your security posture, and what actionable steps you can take right now to harden your defenses.

Redbot Security, located in Denver Colorado, is a boutique penetration testing company offering full-service manual testing and vulnerability management.

Linkedin Facebook-f Twitter

Company

Services

Resources

Platform

© Copyright 2016-2025 Redbot Security

Show Buttons
Hide Buttons