Monday, December 23, 2024

Crowdstrike and Microsoft: What we know about global IT outage

Must read

By Robert PlummerBBC News

Getty Images United planeGetty Images

United is among the airlines affected by the IT chaos

A mass IT outage has caused travel chaos around the world, with banking and healthcare services also badly hit.

Many flights have been grounded, with queues and delays at airports.

Cyber-security firm Crowdstrike has admitted that the problem was caused by an update to its Falcon antivirus software, designed to protect Microsoft Windows devices from malicious attacks.

Microsoft has said it is taking “mitigation action” to deal with “the lingering impact” of the outage.

Here is a summary of what else we know so far.

What caused the IT outage?

The boss of global cyber-security firm Crowdstrike, George Kurtz, says the problems were caused by a “defect” in a “content update” for Microsoft Windows devices.

He added: “The issue has been identified, isolated and a fix has been deployed.”

Mr Kurtz said the issues did not affect other operating systems, adding: “This is not a security incident or cyber-attack.”

His statement followed widespread reports that Crowdstrike, which produces antivirus software, had issued a software update that caused Windows devices to crash.

Crowdstrike shares plunged as much as 21% in early pre-market trade. Microsoft also lost ground, as did travel and leisure stocks, as investors weighed the potential disruption for holidaymakers.

When will it be fixed?

Crowdstrike’s Mr Kurtz, speaking to NBC News, said it was the firm’s “mission” to make sure every one of its customers recovered completely from the outage.

But he added that this would not happen automatically and “it could be some time” before everything was up and running as before.

“We’re deeply sorry for the impact that we’ve caused to customers, to travellers, to anyone affected by this, including our companies,” he said.

Crowdstrike has issued its fix. But according to those in the know, it will have to be applied separately to each and every device affected.

Every machine will require a manual reboot in safe mode – causing a massive headache for IT departments everywhere.

What is Crowdstrike?

It’s a reminder of the complexity of our modern digital infrastructure that Crowdstrike, a company that’s not exactly a household name, can be at the heart of such worldwide disarray.

The US firm, based in Austin, Texas, is a listed company on the US stock exchange, featuring in both the S&P 500 and the high-tech Nasdaq indexes.

Like a lot of modern technology companies, it hasn’t been around that long. It was founded a mere 13 years ago, but has grown to employ nearly 8,500 people.

As a provider of cyber-security services, it tends to get called in to deal with the aftermath of hack attacks.

It has been involved in investigations of several high-profile cyber-attacks, such as when Sony Pictures had its computer system hacked in 2014.

But this time, because of a flawed update to its software, a firm that is normally part of the solution to IT problems is instead at their origin.

In its last earnings report, Crowdstrike declared a total of nearly 24,000 customers. That’s an indication not just of the size of the issue, but also the difficulties that could be involved in fixing it.

Each of those customers is a huge organisation in itself, so the number of individual computers affected is hard to estimate.

Who has been affected?

The problem emerged in a piecemeal fashion, with first reports coming out of Australia, before spreading to other parts of the world.

  • Airports and air travel – Several US airlines, notably United, Delta and American Airlines, grounded their flights around the globe. Australian carriers Virgin Australia and Jetstar also had to delay or cancel flights as departure screens went blank at Sydney airport. Tokyo-Narita and Delhi airports said services had been affected. European airports reported that the outage was causing delays, with long queues reported at London’s Stansted and Gatwick and Amsterdam’s Schiphol. European airline Ryanair said it was experiencing “potential disruptions across the network”, which it said were due to a third-party outage.
  • UK railway companies reported delays and said they were experiencing “widespread IT issues”.
  • Payment systems – many shops could only take cash. In the UK, supermarkets including Morrisons and Waitrose spent the morning unable to accept contactless payments. It was the same in Australian supermarkets including Woolworths and Coles, while financial institutions such as the National Australia Bank were also affected.
  • Healthcare – Israel said 15 hospitals had switched to manual processes, although this did not affect medical treatment. Ambulances were told to take new cases to other hospitals. In the UK, some doctors’ surgeries in England reported issues with booking appointments.

As the full extent of the disruption became clear, more firms and institutions started reporting problems.

  • The US state of Alaska warned that its emergency services were affected.
  • Broadcasters were also caught up in the chaos, including Sky News in the UK, which spent several hours off air.
  • The London Stock Exchange said it was working as normal, but there were issues with its news service, used by companies to report market-sensitive information in a timely way.
  • And Poland’s largest container terminal, the Baltic Hub in the northern city of Gdansk, said the outage was “hampering terminal operations” and asked companies not to send containers to the port.

Latest article