A major cybersecurity failure. I have not written about the “Blue Screen of Death” or BSOD since the late 90s and the PC-based control movement. Waking up this morning, that dreaded phrase returned to my mail reads. By now you’ve seen photos of lines at airports and other inconveniences. Someone in my community posted about difficulties finding a ride home from O’Hare in the early morning hours.
It seems an automatic update a security company called Crowdstrike crashed Windows PCs. One pessimist I read said this won’t be the last time something like this happens.
This news item was my first hint from John Ellis News Items (subscription).
Businesses across the world, from airlines to financial services and media groups, have been hit by a global IT outage, causing massive disruption to a wide range of services and operations. Thousands of workers were unable to log on to their computers on Friday morning, disrupting businesses from finance to healthcare, in what is shaping up to be one of the most widespread IT outages ever. Australian businesses were the first to warn of problems, with the operations of retailers including Woolworths and 7-Eleven hit. Sydney airport said “a global technical outage” had affected its operations. In Europe, airlines and airports warned of disruption. The US Federal Aviation Administration said Delta, United and American Airlines had asked to ground flights due to take off. “I don’t think it’s too early to call it: this will be the largest IT outage in history,” said Troy Hunt, a prominent security consultant, in a social media post. “This is basically what we were all worried about with Y2K, except it’s actually happened this time.” (Source: ft.com)
PR people started sending me quotes from a variety of cybersecurity people.
Commenting on this, Adam Pilton, Senior Cybersecrity Consultant at CyberSmart and former Detective Sergeant investigating cybercrime said:
“At the time of writing IT systems around the world are not operating. This is impacting many businesses and will impact our daily lives.
Currently, we do not know what has happened, there is no suggestion that this is a cyber attack. The belief is that this is a technical issue. Maybe not coincidently, the cyber security company Crowdstrike are having issues too. Time will tell whether these are directly related.
Crowdstrike has stated that they are aware of reports of crashes on Microsoft’s Windows operating system relating to its Falcon sensor.
There are some suggestions that this is two major incidents running simultaneously. A service-wide Azure outage and CrowdStrike Falcon blue screens.
What we are seeing now though are the businesses which have business continuity and incident response plans in place. These businesses are effectively communicating the issues and ensuring their customers are informed.
Society is dependent upon technology and this is why we must have both technical and non-technical controls in place to protect us when issues arise, whether malicious or not.
Social media is ablaze with users reporting that they are unable to work and one user on Reddit even stated they were commenting purely to be part of history on ‘The day that Crowdstrike took out the internet!’
This is very much the point of why all businesses must plan and prepare. As we are seeing, a huge dependency on individual suppliers can take down supply chains.”
And this one:
“Multiple StickmanCyber security engineering and our 24×7/365 security operations teams across the country support reports that this outage is related to a CrowdStrike update.
“It is our understanding that any business running versions 7.15 and 7.16 are affected by the outage, but 7.17 seems to be ok. We are waiting on official advisory from CrowdStrike on these findings but doing our best to help affected customers. It’s a lesson to always update your software, but obviously this is an extreme example. IT security tools are all designed to ensure that companies can continue to operate in the worst-case scenario of a data breach, so to be the root cause of a global IT outage is an unmitigated disaster.
“Crowdstrike support is offering a workaround to customers. It claims users may be able to fix the issue by booting windows in safe mode or in the Windows Recovery Environment and deleting a file named “C-00000291*.sys”.