Organisations around the world are gradually recovering from the huge IT outage that disrupted computer systems on Friday 19th July 2024. The chaos affected the transport, banking, retail, broadcasting, telecommunications, and healthcare sectors, to name a few.

Thousands of employees in the IT and cyber security industries spent the following days trying to fix the problem, which was caused by a faulty update to a software component in the CrowdStrike Falcon security platform. Microsoft estimates that it crashed 8.5 million Windows computers, many bringing up the infamous Blue Screen of Death (BSOD).

According to CrowdStrike’s website, the company serves 29,000 business customers around the globe, or close to 20% of the market.

However, because the information security vendor plays such a big role in the cyber security ecosystem, the problem quickly became widespread, after first being identified in Australia. It led to thousands of flight cancellations, people being prevented from paying for goods by debit or credit cards, pharmacies unable to dispense medicines and medical appointments being postponed in numerous countries.

Very quickly, Microsoft responded by confirming that it was taking “mitigation actions” and has since released an updated recovery tool to aid IT administrators in repairing impacted systems. CrowdStrike stressed that the IT outage was not caused by a cyber-attack or any other criminal activity – but, as a failure to apply proper safeguards to a critical patch, it was a major security incident. In an update on 24th July 2024, CrowdStrike blamed a bug in its quality control procedure.

Services returning to normal, but consequences may last

Since the outage happened, CrowdStrike has said that “a significant number of devices” are now back online, before releasing an initial report of the faulty update, attributing the issue to a “channel file” update (files that update the Falcon endpoint detection and response (EDR) client with new techniques abused by threat actors).

Even with CrowdStrike focusing on bringing its customers back online, this incident will likely have significant ramifications that far exceed the technicalities of the global outages. Only time will tell how far-reaching the long-term impact will be.

As cyber security experts expected, threat actors are now using CrowdStrike-related domains for malicious purposes, including spear-phishing and malware deployment campaigns. These are threats that businesses across the world need to be aware of and take seriously.

History almost repeating itself

This isn’t the first time that the security industry has scored a huge own goal. This extreme example is a powerful reminder that any company can make a mistake, no matter how big they are or how many businesses they protect.

The cyber security industry is still fairly immature, consisting of hundreds of companies less than ten years old. The National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Security Agency (CISA) – the main cyber defence agencies of the UK and the US respectively – were established as standalone agencies in 2016 and 2018. Today, commercial start-ups and scale-ups are rushing to grow as fast as possible to win as large a share of their specific markets as possible. But are they expanding too fast at the expense of robust security?    

As Quorum Cyber CEO, Federico Charosky, said in a Bloomberg UK article on the day the news of the outage broke, “Some developer somewhere made a change and there was no analysis of what impact that change would have. There’s clearly a lack of quality assurance and testing and taking shortcuts in pursuit of speed.”

Learn more on threat intelligence

If you would like to understand the technical details behind the IT outage, please refer to the Quorum Cyber Threat Intelligence bulletin which explains what you can do if you’re still having problems rebooting any devices.

Get in touch with Quorum Cyber on 0333 444 0041 or via [email protected] if you would like to discuss your cyber security or data security needs.