In April 2024, the news of the XZ backdoor took the IT ecosystem by storm as we were whiskers away from what would have been the biggest cybersecurity breach in history.
Three months later, we are now facing the most catastrophic IT outage on record.
This massive disruption has paralysed businesses, airports, banks, supermarkets, and broadcasters worldwide, leaving them struggling to maintain even basic operations.
According to Microsoft, over 8.5 million computers around the world were affected.
So, what triggered this catastrophic chain of events that brought us to the brink of IT Armageddon?
Let’s start from the beginning.
What is CrowdStrike?
CrowdStrike is an American cybersecurity company founded in 2011 and headquartered in Austin, Texas.
Since its inception, the company has rapidly grown to become arguably the leading cybersecurity software provider in the world.
Unlike traditional antiviruses that rely on signature-based detection, CrowdStrike uses cloud-based advanced threat detection, machine learning, and behavioural analytics to identify and prevent sophisticated threats.
In other words, they’re more expensive than your average antivirus.
With a valuation exceeding $80 billion, CrowdStrike also boasts an impressive clientele of over 538 Fortune 1000 companies, most of whom had severe disruptions to their services on Friday.
How did CrowdStrike Cause The Biggest Global IT Outage In History?
First off, this was no cyber-attack; as far as we can confirm, the motives were not malicious.
Think of it like accidentally poisoning your own dog.
On Thursday, CrowdStrike pushed a new but faulty update to their Falcon software that was intended to enhance the Falcon Sensor’s threat detection capabilities but instead caused widespread “blue screen of death” errors on Windows systems.
Windows is the most popular operating system in the world, and it is used by individuals, small businesses, and large enterprises, many of which are CrowdStrike customers.
As early as Friday morning, reports of Blue Screen of Death errors started to pour in on social media, with entire companies going offline.
Popular TV broadcaster, Sky News, was off-air for hours.
Something super weird happening right now: just been called by several totally different media outlets in the last few minutes, all with Windows machines suddenly BSoD’ing (Blue Screen of Death). Anyone else seen this? Seems to be entering recovery mode: pic.twitter.com/DxdLyA9BLA
— Troy Hunt (@troyhunt) July 19, 2024
The Microsoft / CrowdStrike outage has taken down most airports in India. I got my first hand-written boarding pass today 😅 pic.twitter.com/xsdnq1Pgjr
— Akshay Kothari (@akothari) July 19, 2024
By tactical-lack-of-infrastructure/security-by-neglect/use-of-different-vendors, the only reported outage in Africa was out of South Africa.
BREAKING: South Africa's biggest bank, Capitec, affected by global outage.
— The Spectator Index (@spectatorindex) July 19, 2024
Based on this ThousandEyes graphic from [@OnijeC], the only reported outage in Africa for now is from South Africa. pic.twitter.com/cYYntfAbAn
— David Odes (@chiefdavidsays) July 19, 2024
How to Fix The Problem
This is one of many fixes making the rounds on social media and IT forums.
It involves booting Windows systems into Safe Mode and deleting a file from the directory:
- Boot the device
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys” and delete it
Implications For CrowdStrike
Long-term implications for CrowdStrike are actually quite bleak.
— David Odes (@chiefdavidsays) July 19, 2024
They've become the industry standard IT security software provider, and their competitors couldn't have asked for a better opportunity.
Reckon most organisations will review their positions in the aftermath.
As of the time of writing this blog post, CrowdStrike’s market valuation is down 11%, and the world’s richest man, Elon Musk, has announced the deletion of CrowdStrike from all his company’s systems.
Only time will tell how this incident will impact their business model in the long term, as corporate distrust is hard to come back from.
In the meantime, the CEOs of Microsoft and CrowdStrike have made statements on X.
Yesterday, CrowdStrike released an update that began impacting IT systems globally. We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.
— Satya Nadella (@satyanadella) July 19, 2024
All of CrowdStrike continues to work closely with impacted customers and partners to ensure that all systems are restored.
— George Kurtz (@George_Kurtz) July 19, 2024
I’m sharing the letter I sent to CrowdStrike’s customers and partners. As this incident is resolved, you have my commitment to provide full transparency on…
For minute-by-minute reporting on this, check out the BBC liveblog here
