Software update brought global IT outages, Crowdstrike CEO: Working to fix

Crowdstrike admits 'flaw' in software update is the cause of the IT outage, causing chaos around the world. The global outage of computer networks that has affected airports, banks and other businesses appears to stem, at least in part, from a software update released by the firm CrowdStrike, experts said. CrowdStrike told customers it was "aware of reports of web sites being blocked" by its software on Microsoft Windows operating systems.

The company's engineers took steps to fix the problem, which told customers to turn their computers off and on and perform other actions if they still had technical problems. The issue is specific to Falcon, one of CrowdStrike's flagship software products, and is not affecting Mac or Linux operating systems.

CrowdStrike's cybersecurity software – used by many Fortune 500 companies – detects and blocks hacking threats. In this case, computers running Microsoft Windows appear to be being blocked because of the way a software code update released by CrowdStrike is interacting with the Windows system.

CrowdStrike is perhaps best known for investigating the Russian hacking of the Democratic National Committee's computers during the 2016 US election. But the multibillion-dollar firm does business around the world, through software sales and major hacking investigations.

CrowdStrike CEO George Kurtz said the IT issue causing a global outage has been identified and remediation has begun. Kurtz said the cybersecurity company is "actively working with customers" affected by the outage and that the issue was not "a security incident or cyber attack."

“CrowdStrike is actively working with customers affected by a flaw found in a content update for Windows hosts. Mac and Linux are not affected. This is not a security incident or cyber attack. The problem has been identified, isolated and work has begun to resolve it.

We refer customers to the support portal for the latest updates and will continue to provide complete and ongoing updates on our website.  We further recommend that organizations ensure they are communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike's customers.”

How scalable is CrowdStrike?

CrowdStrike is one of the largest providers of endpoint security software that protects connections between computer networks and remote devices – from laptops, phones and servers to retail payment terminals and ATMs – that are connected to corporate networks. Any of those devices running Windows could be affected by the flaw.

Customers of Microsoft's Azure cloud computing platform, most of which runs on Windows, have also reported problems. The IT failure has affected airlines, banks and broadcasters from the US and Europe to Australia, Japan and India.

"The worldwide IT outage experienced this morning is unprecedented in the range and scale of systems it has affected," said Harjinder Lallie, cyber security expert at Warwick University.

What is CrowdStrike?

CrowdStrike is a cybersecurity company that was founded in 2011 and is headquartered in Austin, Texas. Its Falcon software is designed to stop cyberattacks and includes a suite of products that run on individual devices and are delivered through the cloud.

The company's revenue rose by a third to $3.1 billion in the latest fiscal year, which ended in January, while net income rose to $90.6 million, from a loss of $183.2 million the year before. CrowdStrike says it is the "cloud security provider of choice for 62 Fortune 100 companies," and has more than 29,000 companies using its products.

The Nasdaq-listed company joined the S&P 500 last month. Shares in CrowdStrike more than doubled over the past year before Friday's halt, giving the company a market capitalization of $83.5 billion. However, shares were trading sharply lower before the Nasdaq opened on Friday in New York.

CrowdStrike is known for investigating Russian hackers. He helped investigate cyber attacks on the US Democratic National Committee in 2015-16 and its connection to Russian intelligence services. The same Russian group then unsuccessfully tried to hack into CrowdStrike in 2020.

How long will it take to resolve the issues?

While CrowdStrike said a "fix has begun," it's unclear how long it might take to roll out to the very large number of affected customers and all of their employees' devices.

Issues can "take days to resolve - maybe even weeks", said Vasileios Karagiannopoulos, a cyber security researcher at the University of Portsmouth. He added that the problems were "so global and widespread across all systems that IT support could be stretched thin due to demand".

Kevin Beaumont, a cybersecurity researcher, said in social media posts that CrowdStrike customers were in an "extremely painful" process to correct the problem.

"Recovery is only possible manually," he said. "You have to go to a server or computer, boot it into safe mode at the console, log in as an administrator, and then hack into the system to bring it back online." / Monitor