(Bloomberg) -- A routine software update by CrowdStrike Holdings Inc. became a massive IT failure on Friday, July 19, grounding flights, upending markets and disrupting corporations around the world. The impact of the disruption, which was compounded by an apparently unrelated issue with Microsoft Corp.’s Azure cloud services, continued for days, wreaking approximately $5.4 billion of havoc on the Fortune 500, according to Parametrix.
What is CrowdStrike?
The Austin-based cybersecurity company is a dominant supplier of software that protects businesses from ransomware attacks. CrowdStrike controls about 18% of the $12.6 billion global market for so-called “modern” endpoint detection and response software, behind archrival Microsoft Corp.’s 25.8%, according to market research firm IDC. Its software is considered among the best defenses against all kinds of emerging hacking threats, using artificial intelligence with traditional security strategies to try to keep up with attackers.
Why was there a global IT outage?
A faulty software update by CrowdStrike led to cascading, system-wide failures for clients in industries such as airlines, banking, health care and retail. The company struggled to fix the problem, which it said was caused by a bug in a quality-assurance tool it uses to screen updates, Bloomberg reported. The undetected error affected more than 8.5 million Windows users, according to Microsoft. CrowdStrike said the outage was not caused by a cyberattack or a security breach.
What was the remedy?
Any Windows desktop or laptop affected by the initial flawed update has required a manual reboot. (Mac and Linux machines weren’t impacted.) That’s been a time-consuming and hardly straightforward process for affected users. CrowdStrike told customers whose systems were crashing to boot Windows into safe mode, navigate through the directory to find a specific folder and then delete the problematic file within it. These tasks may need to be performed by IT professionals with administrative permissions. In a communication to one customer reviewed by Bloomberg, CrowdStrike’s technical support team advised a customer that it could be necessary to reboot an affected system as many as 15 times. Chief Executive Officer George Kurtz said that more than 97% of CrowdStrike’s Windows users were back online in a July 25 LinkedIn post.
Who was impacted, and how?
The glitch, which resulted in the dreaded “blue screen of death” for many users, hit health-care systems, airlines, ports, companies and governments. Dozens of companies — Delta Air Lines Inc., Bank of America Corp., FedEx, JPMorgan Chase & Co., McDonalds, Nomura Holdings Inc. and UPS, among others — were affected. For airlines, the meltdown hobbled communication between aircraft and ground-control staff, and hit travelers on a particularly active day. FlightAware put global delays at more than 46,000 flights on Friday, and delays dragged on for days.
Are any lawyers circling?
Delta, which was dealt perhaps the worst blow, has since hired attorney David Boies to seek possible damages from CrowdStrike and Microsoft for the incident, which cost the airline an estimated $500 million, according to CNBC reporting. Although no suit has yet been filed, the move represents one of the first named examples in an expected spate of legal actions related to the outage.
Affected businesses are also readying cyber-insurance claims. Marsh, the world’s largest insurance brokerage, had more than 75 clients warn of potential cyber claims the day the outage began, Bloomberg has reported. Within a week, that number had climbed past 100 clients, according to Meredith Schnur, Marsh’s cyber practice leader for the US and Canada. Aon plc, the next-biggest broker, has also seen an influx of claims.
How was Microsoft involved?
CrowdStrike’s faulty update took down Microsoft Corp. systems that were running the program that was being updated. An apparently separate incident involving Microsoft’s Azure cloud services also caused disruption on Friday. In a status update, Microsoft said it had fixed the underlying issue but that users would still feel “residual impact.”
The two companies are rivals and offer similar “endpoint” cybersecurity products. CrowdStrike’s CEO George Kurtz previously has taken potshots at Microsoft. After a US Department of Homeland Security report faulted Microsoft security issues, Kurtz said in June that Microsoft customers were going through a “widespread crisis of confidence.”
At the same time, Microsoft’s operating system — Windows — is so widespread that the two companies are forced to work with one another by people who use both services.
How does CrowdStrike’s software work?
The type of software CrowdStrike supplies is separate and distinct from older, more limited types of security software. Traditional antivirus software was useful in the early days of computing and the internet for its ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more. They continually scan machines for any signs of suspicious activity and automate a response.
But to do this, these programs have to be given access to inspect the very core of a computers’ operating systems for security defects. This access gives them the ability to disrupt the very systems they are trying to protec. CrowdStrike pegged the incident to “a defect found in a single content update for Windows hosts.”
While cybersecurity professionals say CrowdStrike’s technology is a strong way to defend against ransomware, its cost — which in some cases can be more than $50 per machine — means that most organizations don’t install it on all of their computers. What that means, however, is that the computers that have the software installed on them are among the most important to protect, and if they go down, key services can fall with them.
©2024 Bloomberg L.P.
