Ransomware

CrowdStrike Outage: Here’s What Experts Have To Say

A global IT outage caused by a CrowdStrike update has left airports, healthcare systems, and businesses worldwide in chaos. Learn about the impact and the ongoing recovery efforts.

by Editorial July 20, 2024

Share on LinkedInShare on Twitter

Airports were left crippled, healthcare systems were disrupted, supermarket check-outs malfunctioned, and journalists scrambled without the basic tools of the trade to report on an issue causing havoc worldwide. One company and one tiny software update is at the center of a global IT outage that engulfed millions of people, businesses, and organizations on Friday. While the situation is gradually being resolved, the CrowdStrike outage has left a significant impact.

It all began with a regular system update that went terribly wrong. Seemingly all at once, millions of computers around the world became unusable and unable to be rebooted, displaying the dreaded “Blue Screen of Death.” The culprit? CrowdStrike, a US cybersecurity company based in Texas known for its ransomware, malware, and internet security products designed almost exclusively for businesses and large organizations.

Scenes at Indian Airport (Source: ShivaniReports on X)

Crowdstrike Outage: What Happened?

On Friday, July 19, at 4:09 AM UTC (2:09 PM AEST), CrowdStrike released a sensor configuration update on their Falcon program targeting Windows systems. According to a statement published on the company’s blog, this update, intended to target malicious system communication tools in cyberattacks, triggered a “logic error” that resulted in an operating system crash on Windows systems, leaving Mac and Linux users unaffected.

We have collected quotes from industry experts to provide insight into the incident:

Beenu Arora, Founder and CEO, Cyble Inc: “The recent incident involving CrowdStrike and Microsoft has put the cybersecurity world into overdrive. The exceptional response from the support teams at both companies during these intense moments is commendable. To the professionals working tirelessly around the clock, your resilience and commitment deserve recognition and gratitude. Your efforts to assist affected parties highlight the strength of our industry in the face of adversity. Thank you for your outstanding work during this challenging time. Your dedication serves as a reminder of the importance of rapid and effective incident response in the TechCommunity.”

 

Guy Golan, CEO and Executive Chairman, Performanta: “A mistake of this magnitude is an epic failure and a huge eye-opener for the cyber world and the business world more broadly. It should not have happened. This appears to have been a failure of process and QA, releasing something that was incorrect, perhaps driven by intense market pressures in the vendor race to have the best and greatest features, or in response to the evolving threat landscape and increased need for detection.

The impact of one vendor by some of the world’s biggest organizations can bring the world to its knees, and the repercussions will be unprecedented. It’s going to cost companies billions, it will lead to legal action, and it will affect businesses and users in a way we’ve never seen before. Attackers may have more awareness of who is using CrowdStrike as a result of watching this unfold, which could cause further cybersecurity complications down the road. This isn’t the fault of one vendor – perhaps market pressures have led to such a catastrophe. More outages should be expected unless organizations of all sizes start to understand that the digital world is just as significant in the 21st century as the physical world. It’s about time we elevated cyber issues to the top of the agenda and understood the full effects of market pressures.”

 

Alan Stephenson-Brown, CEO, Evolve: “News of a global IT outage that has caused problems at airlines, media, and banks is a timely reminder that operational resilience should be at the forefront of the business agenda. Demonstrating that even large corporations aren’t immune to IT troubles, this outage highlights the importance of having distributed data centers and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted.

By prioritizing both contingency planning and preventative measures, IT systems can be protected. I urge business leaders to seriously appraise the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outage headline.

 

Martin Greenfield, CEO, Quod Orbis: “The global IT outage underscores a critical weakness in many organizations’ cyber-resilience strategies: an overreliance on single-point solutions like antivirus software. While such tools are essential, they should not be the sole pillar of a robust cybersecurity posture. This incident serves as a reminder that even industry-leading solutions can falter, potentially leaving entire sectors vulnerable. Whilst such threats can have a huge impact, steps to prevention are often quite straightforward. Organizations must adopt a more holistic approach to their cyber resilience, implementing a multi-layered defense strategy that encompasses not just software solutions but also robust policies, regular training, and proactive threat hunting.

A key component of this approach should be continuous controls monitoring, which allows for real-time visibility into the effectiveness of security measures and rapid response to emerging threats. This incident also underscores the importance of basic cyber hygiene, particularly regular system updates.

The involvement of Microsoft operating systems in this outage emphasizes that even simple steps like keeping software current can significantly reduce vulnerability. Yet this fundamental practice is often overlooked, leaving systems unnecessarily exposed. This also applies to security vendors themselves, who should be running regular tests on their solutions to ensure they’re up to date with the threat landscape. The widespread impact of this outage also highlights the interconnectedness of global IT systems and the potential for cascading failures. Companies must conduct thorough risk assessments, not just of their own systems but of their entire supply chain and third-party dependencies. This incident demonstrates how a single point of failure can have far-reaching consequences across multiple sectors and geographies.”

 

Dmytro Tereshchenko, Head of Information Security Department, Sigma Software Group: “The CrowdStrike failure has significantly impacted many organizations globally. This includes critical sectors such as banking, stock exchanges, airports, and emergency services. Recovery protocols are in place for those affected, though a comprehensive restoration across many entities will likely be a protracted process. For cybersecurity professionals, this incident isn’t something new and unexpected. It underscores a known issue within our highly interconnected supply chains.

A disruption to any key supplier can indeed have extensive repercussions, affecting a broad spectrum of systems and services. While this situation is neither unprecedented nor unexpected, the timeline for complete recovery remains uncertain. We clearly understand the problem’s scale, but precise recovery estimates are still forthcoming. Users who have yet to encounter issues should be able to operate without significant disruption. Affected entities are already seeing progress in their recovery efforts. At Sigma Software Group, we’ve issued detailed guidelines to our team, and our experts are diligently addressing the situation to mitigate further impact.”

 

Satnam Narang, Sr. Staff Research Engineer, Tenable: “The outage affecting computer systems worldwide is severe. It is affecting critical systems, such as those in hospitals, airports, financial institutions, and more. For instance, patients aren’t able to get medications in the hospital setting. It’s impacted me personally as I have a loved one who is currently in the hospital setting.

While the issue is associated with Windows systems, it does not appear to be an issue with Microsoft Windows, but rather, security software installed on millions of Windows computers worldwide. Because this is security software, it requires a higher level of privileges to the underlying operating system, so a bad or faulty security update can result in a catastrophic impact. This event is unprecedented, and the ramifications of it are still developing.”

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button