Having so much critical infrastructure online is a double-edged sword. While it brings a kind of ease and convenience never seen before, it’s also risky. One dodgy update can potentially disrupt essential services on a massive scale. That’s exactly what happened with Crowdstrike a few weeks back.
Let’s take a look at what happened, why, and what to expect moving forward.
What is Crowdstrike?
According to its website, Crowdstrike is a US cyber security company that provides IT security services to thousands of companies worldwide, including 298 of the Fortune 500. It provides these services via Falcon, a platform designed to stop breaches, malware, and more through a unified set of cloud-delivered technologies.
This includes endpoint detection and response (EDR), which continuously monitors end-user devices, from personal computers and servers to ATMs, to detect and respond to cyber threats. The platform has access to much of a device’s internal systems to monitor what’s going on to shut down threats quickly. Because of this necessary privileged access, Falcon is tightly integrated with the devices it’s used on and needs permissions to automatically update and add detections to defend against evolving threats.
This is effective in protecting threats, but bad when something goes wrong, as you’ll soon see.
Worldwide IT disruption
On July 19, 2024, countless organizations worldwide began experiencing IT outages. The outages exclusively affected Windows operating systems. Devices crashed and began displaying blue screens of death (BSOD), a critical error screen that shows when a system can’t operate safely.
All manner of organizations were impacted, such as airports, banks, hotels, television stations, and healthcare services. Highlights include the cancelation of 4000 flights, 911 services experiencing outages, and GP appointment and patient record systems being affected. In some airports, flight information had to be handwritten on whiteboards.
When disruption occurs on such a massive scale, you might instinctively think that hackers or malicious actors are behind it. But in this instance, it was a software update.
The root cause
Crowdstrike has revealed the cause of the worldwide IT outage to be a simple programming error. At the time, Falcon was being updated to add a new capability to its sensors. Falcon utilizes sensors to monitor threats on a device’s system. This specific update included 21 input fields but Falcon was only expecting 20. This resulted in a count mismatch, causing countless systems to crash.
Experts have questioned the company’s QA processes and how such a basic error could fall through the cracks.
Speaking to ABC, Toby Murray, associate professor at the University of Melbourne’s School of Computing and Information Systems, said:
“That is an incredibly basic and fundamental mismatch that was always going to lead to catastrophic problems, sooner or later.
“The fact that the CrowdStrike developers were able to have this obvious inconsistency between the data file format and the software code means that the most basic forms of quality review and assurance were not being correctly carried out.”
Financial and legal consequences
Understandably, a plethora of companies, organizations, and individuals are not happy following the disruption, which has negatively impacted the cybersecurity company. Crowdstrikes financial standing has been dealt a hard blow, with its share price plummeting over 34% in one month.
Many are turning to insurance claims to recoup business losses, as well as seeking legal action. Business Insider reports that economic damages could reach tens of billions of dollars. However, not all cybersecurity companies have adequate coverage for these disruptions. Some of those impacted are threatening to take legal action instead, such as Delta Airlines.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.