Friday – July 19th, was an ordinary day as usual and at least that is what we believed until we started seeing reports of Windows systems going down. Soon, it was clear that Windows hosts running CrowdStrike’s Falcon 2024 EDR systems were the ones affected, crippling millions of devices worldwide and tossing thousands of dollars as direct and indirect losses to companies.
Today, we will take you on a journey to discover what happened, its repercussions that companies and customers had to deal with, and how it could’ve been a golden opportunity for hackers who are usually on the lookout for such a digital catastrophe to happen.
The Incident – CrowdStrike IT Outage Affects Windows Systems Worldwide
Whether you were at the airports or banks or working in the comfort of your office, you must have seen or heard about Windows systems going down. For the unaware, Windows systems (and these are a lot of ‘em compared to Linux and Mac that were unaffected), were getting stuck in ‘Blue Screen of Death’ or ‘Recovery mode’. People tried to do a lot of workarounds, however, their systems were frozen, and that included PCs, kiosks, POSes, and everything running Windows OS.
Apparently, a single piece of content update patched by developers at CrowdStrike (a well-renowned cybersecurity company) released on Falcon systems on Windows OS caused the systems to freeze meaning you couldn’t have done anything to bring it back to life until the cybersecurity firm didn’t roll out a fix (which it did and immediately). Now that you are almost to the speed, let’s see what actually happened and what were the repercussions and the butterfly effect of the same.
What Actually Happened?
On July 19th, the world came to a standstill when a content update on CrowdStrike’s Falcon 2024 systems for Windows hosts left millions of devices worldwide crippled. It has been labeled as one of the largest IT outages, bringing down operations across the globe, including supermarkets, airlines, hospitals, and banks.
CrowdStrike swiftly identified a faulty content update released on Friday for Windows hosts as the root cause. CEO and Founder George Kurtz (CrowdStrike) took to LinkedIn to apologize for the incident. He added that the whole of CrowdStrike is in the works and has successfully identified, isolated, and released a fix (at the time of writing this).
Although Kurtz mentioned that it wasn’t a cybersecurity attack or a threat, however, there are ongoing whispers that might put it as the reason behind the outage. Of course, this type of news spreads like wildfire irrespective of being true or false.
At the end of the day, in a digital world where systems are interconnected and woven into a complex structure, relying on a single source of technology such as CrowdStrike’s Falcon can be dangerous. Friday’s outage clearly demonstrated what could happen in such a situation.
CrowdStrike issued an update immediately, but this incident underscores how we have prioritized speed over resiliency. This led to a catastrophic halt in operations globally, resulting in the cancellation of more than 4,000 flights, postponed medical procedures, and more. It served as a much-needed wake-up call for IT professionals, prompting them to consider other (and better) SOC providers.
The Repercussions
There were repercussions of the CrowdStrike outage on a global scale, however, you might ask, how is it relevant for you and why should you care?
For starters, it goes on to show just how concerning it is when you are dependent on a single technology provider/source. CrowdStrike is partnered with most of the Fortune 500 companies and there are millions of devices connected to its Falcon Systems that took the hit on Friday. Fortunately, this wasn’t a cyberattack or a security snarl but rather a Windows content update that crippled systems worldwide.
Statistically, more than 4,000 flights were canceled with the US taking the most hit with 1,800+ canceled flights and 9,900 delayed flights. Airports and airlines resorted to alternative systems including manual check-ins and boarding pass printing to ease the outage.
The outage pierced through emergency services including government services, emergency services, and health care, which took their share of hits as well. Many surgical procedures requiring anesthesia were canceled while most of them were delayed until the system was brought back to life.
Services in some of the biggest ports that operate on thousands of millions of cargo every day were disrupted as well. The faulty update affected most of the companies in some way or another highlighting the extent of what repercussions could be when partnering with security service providers that overlook hundreds of other companies as well.
CrowdStrike Tumbles at Wall Street
A quick Google search shows just how CrowdStrike shares on the stock exchange are doing. For instance, each share was cruising at $345.10 on Thursday before the trading day closed, however, the shares tumbled to $294.00 on Friday morning when the ‘IT Outage’ was reported affecting systems worldwide.
As of writing this, the shares were cruising at $263.91 (23rd July – Tuesday at 3.00 PM Gulf Time). The graph shows a massive 30.33% drop in share prices in over 5 days. It’s not just the share prices but there has been an insane amount of reputational damage, and delay in deal signings and renewals as some repercussions that we explained earlier.
Carving Opportunities for Hackers
CrowdStrike’s CEO and founder George Kurtz made it clear that the outage wasn’t because of a cyberattack but rather a faulty Windows update. However, this outage has lured hackers and cyberattackers with the opportunities to break into your systems.
According to NextGov.com, certain hackers were reported targeting Latin American customers with a folder dubbed “crowdstrike-hotfix.zip” which claims to bring the systems back to life. Of course, once the code is executed, hackers will get untamed access to your system, sabotaging it. This is scary if you consider this happening in a company with interconnected systems that could render the entire IT infrastructure as ineffective.
If you receive such sham messages or emails, it is better to steer away and depend on official communications from CrowdStrike or your trusted cybersecurity partner as it can cause more damage than you can comprehend.
What You Could Have Done?
Unfortunately, this was a Windows patch rollout across all Falcon sensors which are devices that are protected with CrowdStrike’s Falcon platform. This means you couldn’t have done something to avert it. On the other hand, you could’ve kept alternatives depending on your use case to steer through the outage.
Systems running on both Linux and MacOS were running as normal. India’s trading platform Zerodha’s CEO Nithin Kamath took to social media how all the employees at Zerodha use Linux systems which is what saved them during Friday’s outage.
What We Can Do For You?
Running a business is a massive undertaking that requires critical thinking, strategic partnerships, and the ability to make well-informed decisions. Attackers abound looking for possible loopholes and over reliance on any single technology would prove to be a downfall for organizations. Its common knowledge that threat actors actively look for single points of failure and device methods to circumvent or disable them. We always encourage our clients to have multiple layer of protection and this is where Security Operating Centers become pertinent.
Cloud Box Technologies offers a robust cybersecurity portfolio and an in-house Security Operations Center (SOC), providing you with peace of mind. We handle your security from securing your IT systems, data encryption, EDR, MDR, malware analysis, threat intelligence, VAPT, and email security, to IoT security. We operate a comprehensive security operations center that delivers multi-layered security solutions, ensuring all your digital and physical assets remain resilient to attacks.
We ensure your business navigates through a chaotic and ever-changing cybersecurity environment while you focus on growing your business exponentially.
Visit us at www.cbt.ae or call us at 04 210 1900 for more info!