A worldwide state of technological turmoil affected many areas of life when a glitch occurred due to a corrupted update by the security company CrowdStrike. This caused numerous Windows computers to crash, and a state of chaos spread across most of the world from Thursday to Friday. Hospitals had to cancel operations, flights were unable to take off or land, and some businesses were unable to accept card payments.
According to an article by Microsoft Vice President David Weston, published on the company’s blog, this may be the worst cyber event in history, affecting an estimated 8.5 million computers. This is less than one per cent of all machines running Windows, even though the economic and social impact was larger, suggesting that numerous crucial enterprises use CrowdStrike. “This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers,” Weston wrote. “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritise operating with safe deployment and disaster recovery using the mechanisms that exist. As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together. We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps.”
BBC cyber correspondent Joe Tidy said the real number of devices affected could be larger, surpassing all previous hacks and outages. Tidy said the closest precedent was the WannaCry cyberattack of 2017, which is estimated to have affected about 300,000 computers in 150 countries. There was a similar, costly and devastating attack called NotPetya a month later. There was also a major six-hour outage in 2021 at Meta, which runs Instagram, Facebook, and WhatsApp. This led to warnings from cybersecurity experts of opportunistic hacking attempts linked to the IT outage. Internet agencies in the United Kingdom and Australia warned people to be wary of emails, calls, and fake websites.
George Kurtz, CrowdStrike CEO, posted a statement on Friday apologising for the event and emphasising that the entire CrowdStrike team understands the severity of its impact. He pointed out that the problem was quickly identified and a fix deployed, with restoring customer systems as the top priority. Kurtz added that the glitch was caused by a defect found in the Falcon content update for Windows hosts. He confirmed that Mac and Linux hosts were not affected and that this was not a cyberattack. “We are working closely with impacted customers and partners to ensure that all systems are restored,” he said, “so you can deliver the services your customers rely on. CrowdStrike is operating normally, and this issue does not affect our Falcon platform systems. There is no impact to any protection if the Falcon sensor is installed. Falcon Complete and Falcon OverWatch services are not disrupted.”
For his part Ciaran Martin, former head of the UK’s National Cyber Security Centre, said he was not surprised by such a severe global digital disruption so much as the reason behind it being a software update from a very well-respected cybersecurity company. “We’ve talked for a long time in the industry about the inherent fragility of foundational parts of the internet,” he said, “these little bits of activity and infrastructure that underpin the whole thing and if they go wrong they can have really serious global consequences.”
Speaking to Al-Ahram Weekly, the innovation and digital transformation consultant Mohamed Kholeif explained that digital applications are usually hosted on data centre and cloud computing service providers such as Microsoft, whose servers carry these digital applications to provide to users. The servers need maintenance and updating. CrowdStrike is one of the companies responsible for making a specific type of update related to cybersecurity and anticipating cyber and ransomware attacks, and the whole world uses it, in all fields and industries, due to its association with Microsoft. While the company was in the process of updating, a problem arose, which led to the disruption of the servers hosting digital applications around the world. The widespread impact of the disruption created the problem.
Kholeif confirmed that CrowdStrike is responsible for the malfunction that occurred at Microsoft, pointing out that the company’s CEO acknowledged the software error that occurred during the update process, and that it was not a cyberattack. The consultant went on to explain that this type of glitch is subject to agreements between the service provider company and the application owners, as well as companies such as CrowdStrike, and depending on the terms of its agreements with Microsoft, penalties may be imposed on CrowdStrike.
* A version of this article appears in print in the 25 July, 2024 edition of Al-Ahram Weekly
Short link: