A global IT outage that has left flights unable to take off, banks unable to serve customers and emergency services unable to take emergency calls was caused by a few lines of code in software owned by cybersecurity company CrowdStrike.
CrowdStrike proudly declares in its X profile "We Stop Breaches." The cybersecurity company offers threat intelligence and protection from cyber attacks to a range of large companies including Microsoft and many of the big airlines.
Founded in 2011, the publicly traded company has also led several high-profile investigations into cyber espionage attacks including against Sony Pictures and the Democratic National Committee.
It produces security software for Windows servers and it was a fault with its Falcon Sensor, designed to prevent attacks on a machine, that triggered the outage.
George Kurtz, CEO of CrowdStrike, has issued a statement to say his company is working with customers to restore systems.
What is CrowdStrike?
CrowdStrike was founded by George Kurtz, Dmitri Alperovitch and Gregg Marston and has a current valuation of more than $80 billion, providing cyber security services and threat intelligence to both public sector and private organizations.
Falcon, its flagship product, is a cybersecurity platform that protects endpoints in a network through a cloud-native architecture. It can also detect and respond to incursions in a system or on a specific endpoint. That is any physical device connected to a network including servers and laptops.
The product also includes an AI-powered antivirus system that uses behavioral analysis to identify and tackle a range of threats. Falcon is widely used across some of the largest enterprise organizations on the planet.
Outside of directly protecting organizations to "prevent breaches", the company also offers threat analysis services. Its most high-profile case was the Democratic National Committee cyber attacks in 2015 and 2016 by Russian hackers where CrowdStrike also removed the hacking programs from DNC systems.
How is CrowdStrike involved in the global IT outage?
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…July 19, 2024
One of the modules in the Falcon platform is Falcon Sensor. This is a system that uses sensor data to track threats and vulnerabilities within a system.
According to CrowdStrike the issue was caused by a faulty update to the Sensor software. This was pushed out to machines running Falcon, triggering a blue screen of death failure and making it difficult to get the machines operational.
Kurtz wrote on X: "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, and isolated and a fix has been deployed.
"We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers."
The problem is that system administrators warn it won't be that easy to solve as it will require a physical USB stick boot update. The machines can't get online so can't be remotely updated. As the issue also impacts laptops there could be tens of thousands of machines to update before a system is fully restored.
One anonymous sysadmin posted to Reddit: “I am sure even the most knowledgeable and resourceful hacking groups couldn't cause a disruption and damage of this magnitude." adding: “We have hundreds of Windows servers and thousands of Windows workstations affected by this.”
What impact will this have on CrowdStrike?
Crowdstrike customers feeling the pain today as patch update brings on BSOD for Microsoft based systems.Crowdstrike will survive, their software is too good and too widely deployed. Already looks like the stock is rebounding after and unsurprising hammering in overnight…July 19, 2024
Overnight this hit CrowdStrike's stock price but it has since rebounded as services are restored. Some analysts have called on companies to be more careful in the software they deploy and on CrowdStrike to be better at verifying updates.
Jake Moore, Global CyberSecurity Advisor at ESET told Tom's Guide: "Businesses must test their updates and infrastructure and have multiple failsafes in place, however large the company is." However, he added: "As often it is with the case, it is simply impossible to simulate the size and magnitude of the issue in a safe environment without testing the actual network."
Moore said the global IT outage was a stark reminder of the dependencies we have on Big Tech in running our daily lives and businesses. "Upgrades and maintenance can make systems and networks more vulnerable to small errors, which can have wide-reaching consequences as demonstrated today."
Steve Dickens, Chief Technology Advisor to the Futurum Group wrote on X that "CrowdStrike will survive" as their software is too good and widely deployed.
He added: "At times like this we have to acknowledge the importance of IT Ops teams and the tireless work they do to keep our interconnected lives up and running."