2024-07-19 12:25:02
A massive computer outage affected computers around the world on Friday, disrupting the smooth operation of many sectors. It was a problem related to updating software from a little-known company: CrowdStrike.
Published on:
4 min
Planes were grounded around the world, trains were cancelled in the UK, hospitals in Germany were not functioning properly, some banks in South Africa or Australia were unable to provide services. Even the Paris Olympic Organizing Committee said its events were affected by the global IT outage on Friday, July 19.
Behind this IT chaos, there are two names: Microsoft and CrowdStrike. The first because the computers affected by the failure all displayed the famous “BSOD”, that is, the “Blue Screen of Death”, that is, the “blue screen of death” that indicates that Windows refuses to work. The second is the company behind one of the leading cyber threat protection programs.
Problematic Update
According to the (French) National Information System Security Agency (Anssi), this was not a computer attack, but a failed software update. Stéphanie Ledoux, CEO of French cyber crisis management company Alcyconie, stressed: “This case illustrates the great dependence of our global digital infrastructure on a small number of tools and actors.”
In this case, it all started with the deployment of a patch on Friday for one of the main cybersecurity solutions of CrowdStrike, which is installed on millions of machines around the world. CrowdStrike is one of the largest players in the industry, specializing in online threat protection and monitoring platforms.
CrowdStrike is best known for being the first to identify the actions of Russian cyber attackers during the 2016 US campaign between Donald Trump and Hillary Clinton.
this time, The worm was located in the company’s EDR (Endpoint Detection and Response)It is a solution that “helps identify cyberattack attempts in almost real time by identifying anomalous behavior of machines,” concludes Stéphanie Ledoux. In recent years, the emergence of EDR, whether from CrowdStrike or its competitors, has greatly enhanced IT security worldwide.
Except these solutions no longer work properly. In this case, the relevant patches were deployed simultaneously around the world, and as is often the case with these updates, the computers had to be restarted for the changes to take effect. There, Patatra! The machines entered what The Verge, an American website specializing in new technologies, calls a “reboot loop,” which prevents the computer from booting properly.
Return to normalcy ‘will take time’
It was therefore impossible to use the computers. Some hospitals might no longer accept new appointments because the patient databases were located on machines that were no longer working. Certain banking services were found to be unusable and there was a lack of computers that would allow transactions to be verified.
“The advantage of these updates is that they can be deployed quickly and simultaneously around the world. This advantage can become a problem when problems arise, as the problematic patches are deployed just as quickly”, concludes Stéphanie Ledoux.
George Kurtz, CrowdStrike’s PDG, X Ensure that “the problem has been identified, isolated and a solution has been deployed”.
This doesn’t mean everything will be back to normal immediately. “To apply the patch, each computer requires manual intervention, which takes time,” said Stéphanie Ledoux. In fact, millions of workstations were affected and only employees with administrator rights might restart and apply the update…
“It’s a reminder that in the world we use, especially with digital technology, where everything is instant, there are still some things that take time,” noted Stéphanie Ledoux. In this case, time is money: CrowdStrike’s shares fell more than 15% in pre-market trading on the New York Stock Exchange.
1721396353
#problem #updating #event
