Cyber Experts Say Vetting Failed Before Global Crash
As the world reboots and sectors from transport to government and business return to normal, experts are analyzing what might have been the world’s biggest IT failure.
Security experts assert that CrowdStrike’s routine update of its widely used cybersecurity software did not undergo adequate quality checks before deployment. The latest version of its Falcon Sensor software, designed to enhance client security against hacking, ended up causing a global internet crash due to faulty code.
The update led to one of the most widespread tech outages in recent years, affecting companies using Microsoft’s Windows operating system. Global banks, airlines, hospitals, and government offices faced significant disruptions. CrowdStrike has released information to fix affected systems, but experts note that manually weeding out the flawed code will take time.
“It looks like the vetting or sandboxing they do when reviewing code maybe somehow missed this file,” said Steve Cobb, chief security officer at Security Scorecard, whose systems were also impacted.
Problems emerged quickly after the update was rolled out, with users posting pictures on social media of computers displaying blue screen error messages, known as “blue screens of death.” Industries from travel to finance were crippled for hours, underscoring the risks of a globally interconnected digital world.
CrowdStrike CEO George Kurtz acknowledged the defect on social media platform X, stating that it was found “in a single content update for Windows hosts” and that a fix was being deployed. “We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our company,” Kurtz told NBC News’ Today program.
CrowdStrike shares plunged as much as 14.5 percent shortly after the Wall Street open before paring losses to trade down 8.5 percent. In contrast, shares of its cyber rivals were up, with SentinelOne rising 3.6 percent and Palo Alto Networks up 1.7 percent. Microsoft shares were down 0.2 percent.
“Earlier today, a CrowdStrike update was responsible for bringing down a number of Windows systems globally. We are actively supporting customers to assist in their recovery,” Microsoft chief communications officer Frank Shaw said in a post on X.
Patrick Wardle, a security researcher, explained that it is common for security products to update their signatures frequently, sometimes as often as once a day. “Because they’re continually monitoring for new malware and want to ensure their customers are protected from the latest threats,” he said. The high frequency of updates may be why CrowdStrike didn’t test it thoroughly, he added.
While largely fixed, the cyber outage highlighted the risks of an increasingly online world. “This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” said Ciaran Martin, professor at Oxford University’s Blavatnik School of Government and former head of the UK National Cyber Security Centre.
Accelerated by the COVID-19 pandemic, governments and businesses have become increasingly dependent on a handful of interconnected technology companies. Airports from Los Angeles to Singapore, Hong Kong, Amsterdam, and Berlin experienced problems, including grounded planes, flight delays, and manual check-ins.
Banks and financial services companies from Australia to India and Germany warned customers of disruptions, and traders across markets reported issues executing transactions. In Britain, booking systems used by doctors were offline, according to multiple reports by medical officials on X. Government agencies, including the foreign ministries of the Netherlands and the United Arab Emirates, also reported disruptions.
“IT security tools are all designed to ensure that companies can continue to operate in the worst-case scenario of a data breach, so to be the root cause of a global IT outage is an unmitigated disaster,” said Ajay Unni, CEO of StickmanCyber, one of Australia’s largest cybersecurity services companies.
CrowdStrike, with a market value of about $83 billion, is among the leading cybersecurity companies, counting more than 20,000 subscribers worldwide. The global impact of the outage reflects CrowdStrike’s dominance, with over half of Fortune 500 companies and many government bodies, including the top US cybersecurity agency, relying on its software.