headlines

Crowdstrike: IT outage issue and its impact worldwide

Kehidupan di perantauan31 Juli 2024

Embarrassingly for the cybersecurity community, the largest IT outage in history was caused not by hacktivists or criminals but by one of their own.

On July 19 CrowdStrike cybersecurity software is causing the widespread global issue affecting millions of Windows systems worldwide. It caused them to crash and display the blue screen of death. Across industries, companies around the world haven’t been able to reboot.

The IT outage has affected airports, businesses, and broadcasters.

What is CrowdStrike?

CrowdStrike plays an important role in helping companies find and prevent security breaches, billing itself as having the “fastest mean time” to detect threats.

CrowdStrike is an endpoint security vendor whose primary technology is the Falcon platform, which helps protect systems against potential threats to minimize cybersecurity risks.

What Happened?

The July 19th outage is tied to CrowdStrike’s flagship Falcon platform, a cloud-based solution that combines multiple security solutions into a single hub, including antivirus capabilities, endpoint protection, threat detection, and real-time monitoring to prevent unauthorized access to a company’s system.

The update in question appears to have installed faulty software onto the core Windows operating system, causing systems to get stuck in a boot loop

Microsoft said it is taking “mitigation actions” after service issues it said started at about 6 p.m. Eastern Time. The company says it is investigating issues with cloud services in the U.S. and “an issue impacting several of its apps and services,”

A fix was found?

CrowdStrike itself was able to identify and deploy a fix for the issue in 79 minutes

IT administrators had to manually boot affected systems into Safe Mode or the Windows Recovery Environment to delete the problematic channel and restore normal operations. That process is labor-intensive, especially for organizations with many affected devices. In some cases, the process also required physical access to each machine, adding further time and effort to the process.

Some businesses were able to apply the fix within a few days. However, the process was not straightforward for all, particularly those with extensive IT infrastructure and encrypted drive

It is estimated that it could potentially take months for some organizations to entirely recover all affected systems from the outage.