The Global IT Shutdown of 2024: A Historical Cyber Incident

 

On July 19, 2024, a significant IT shutdown caused disruptions across industries worldwide. The fallout was extensive, with flight cancellations, and the stalling of critical systems in hospitals, banks, stock exchanges, and various other institutions. Microsoft-based computers around the globe were plagued by the infamous “blue screen of death,” rendering them unusable.

The Source of the Mishap

The source was a corrupted software update from cyber security firm, CrowdStrike. This error, deemed one of the worst cyber-incidents in history, drew parallels to the infamous WannaCry cyber-attack of May 2017, which affected approximately 300,000 computers across 150 countries. Similarly, the NotPetya attack in June 2017 caused widespread disruption and financial loss.

CrowdStrike’s Role and Response

CrowdStrike Holdings, Inc., based in Austin, Texas, specializes in cybersecurity technology, offering cloud workload protection and endpoint security through platforms like Falcon. A misconfiguration during an update triggered a flaw, leading to widespread computer crashes. CrowdStrike’s CEO, George Kurtz, a former McAfee employee, addressed the issue publicly.

Kurtz assured the public that the company was “actively working with customers impacted by a defect found in a single content update for Windows hosts,” clarifying that Mac and Linux systems were unaffected. He emphasized that this was not a security breach or cyberattack, and the problem had been identified, isolated, and a fix deployed.

 

 

George Kurtz on Crowdstrike

https://www.linkedin.com/posts/georgekurtz_crowdstrike-is-actively-working-with-customers-activity-7220000897341251584-K2OS

 

Collaboration and Assurance from Microsoft

Microsoft CEO Satya Nadella also stepped forward to reassure affected users. He confirmed that Microsoft was collaborating closely with CrowdStrike to provide technical guidance and support to restore systems. The joint efforts of both companies aimed to mitigate the impact and bring affected systems back online swiftly.

Satya Nadella on Crowdstrike

 

https://www.linkedin.com/posts/satyanadella_yesterday-crowdstrike-released-an-update-activity-7220094835574099968-Lvt9

 

The Complexity and Risks of Security Software Updates

Security software updates, while essential, carry inherent risks. Matthieu Suiche, head of detection engineering at Magnet Forensics, compares it to “open-heart surgery” because of the deep access required, which increases the risk of system crashes.

Costin Raiu, a former lead of Kaspersky’s threat intelligence team, underscores that driver updates for Windows software are typically subjected to extensive inspection and testing before being deployed. However, in this instance, a less scrutinized configuration file managed to alter the driver’s functionality, leading to a system crash. “It’s surprising that with the extreme attention paid to drivers, this still happened,” says Raiu. “One simple driver can bring down everything. Which is what we saw here.”

CrowdStrike is not alone in dealing with these issues. Similar incidents have occurred with updates to Kaspersky and Windows Defender, Microsoft’s built-in antivirus software. “Every security solution on the planet has had their CrowdStrike moments,” says Raiu. “This is nothing new but the scale of the event.”

Mikko Hyppönen, Chief Research Officer at cybersecurity company WithSecure, emphasizes the unprecedented nature of the global outage caused by this incident. “It’s the biggest case in history. We’ve never had a worldwide workstation outage like this,” he says. Hyppönen points out that around a decade ago, widespread outages were more common due to the spread of worms or trojans. In recent years, global outages have typically stemmed from server-side issues, such as cloud provider disruptions, internet cable cuts, or authentication and DNS problems.

 

In a recent discussion, Hyppönen was asked if WithSecure could guarantee their updates wouldn’t cause an outage and if they test every update thoroughly. He honestly responded, “No, I can’t. Yes, we do.” He acknowledges that it could happen with WithSecure as well. However, WithSecure is committed to preventing similar incidents by rigorously testing every update across multiple configurations.

This incident serves as a reminder of the critical importance of meticulous testing and validation in the cybersecurity industry, where even a small oversight can have far-reaching consequences.

 

https://www.linkedin.com/posts/hypponen_the-crowdstrike-outage-is-historical-millions-activity-7220035726451572737-YB8c

 

Historical Background and Significance

This incident serves as a stark reminder of the vulnerabilities inherent in our increasingly digital world. While the WannaCry and NotPetya attacks of 2017 highlighted the devastating potential of cyber threats, the 2024 IT shutdown underscores the ongoing risks associated with software updates and cybersecurity management. As industries continue to rely heavily on digital infrastructure, the need for robust cybersecurity measures and vigilant monitoring becomes ever more critical.

The global IT shutdown of 2024 will likely be studied extensively in the years to come, offering valuable lessons in crisis management, cybersecurity, and the importance of swift, transparent communication during such events.

 

 

 

Reference:

https://www.nbcnews.com/news/world/live-blog/live-updates-it-outage-flights-banks-businesses-microsoft-crowdstrike-rcna162669

https://abcnews.go.com/US/american-airlines-issues-global-ground-stop-flights/story?id=112092372

https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html

https://www.bbc.com/news/articles/cpe3zgznwjno#

https://www.wired.com/story/crowdstrike-outage-update-windows/