Large-Scale IT Outage Causing International Disruption

A major IT outage has disrupted businesses and institutions in multiple countries, throwing airlines, government services, TV channels, banks, supermarkets, telecoms and media outlets into chaos. Downdetector, a website which monitors outages, reported sudden spikes in problems with websites including Microsoft applications, banking websites and airline apps. 

Cybersecurity company CrowdStrike is reportedly linked to the IT outage affecting banks, airports, supermarkets and businesses across Australia and the world.

In an incident with an international impact, airports in the United Kingdom, France, Germany, Spain, Malaysia and the Philippines have reported disruptions to services. Airport check-in systems around the world have gone offline and businesses have reported the "blue screen of death" and IT outages.

  • The US state of Alaska has said its emergency services are affected  and many 911 and non-emergency call centres are not working properly.
  • Australia has had broadcast networks fail and supermarkets crippled and Sky News UK went completely off air. Australian airlines Virgin Australia and Jetstar have also had to delay or cancel flights. 
  • A number of US airlines Delta, United and American Airlines  have stopped flights around the world.United, Delta and American Airlines that are all based in the US, have issued a "global ground stop" on all of their flights. 
  • Social media users have reported queues at Australian stores with payment systems offline and trouble accessing financial institutions like the National Australia Bank.

The reason for the outage is not clear, but appears to be  linked to Microsoft PC operating systems. An official Microsoft 365 service update posted on  X / Twitter earlier today saying "we're investigating an issue impacting users ability to access various Microsoft 365 apps and services".

The problem appears to have been caused by a software update gone wrong. A newly released version of CrowdStrike’s security software reportedly caused Windows computers to crash and display a standard error blue screen that happens when the operating system cannot load correctly. 

This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected. 

Crowdstrike are advising affected users not to open individual support tickets and, as an indication of the potential reputational damage, the company's stock value fell by 20% in pre-market trading - a fall worth $16 billion. 

Ilkka Turunen, Field CTO at the software supply chain management Sonatype commented of what’s going on with the Crowdstrike outage. "The widespread outages across the world affecting Microsoft Windows are due to a botched update to a piece of software called Crowdstrike, a well-regarded malware and endpoint protection tool often used by enterprises and many companies across the world... In terms of technical details, the update causes a BSOD loop on any Windows machine essentially making it boot and crash on an infinite loop....

"Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight. There are workarounds that customers of theirs will apply, but it seems to be very manual."

"It’s definitely a supply chain style incident - what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night. It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread." Turunen said.

In other comment, Alan Stephenson-Brown, CEO of network solutions supplier Evolve said, "News of a global IT outage that has caused problems at airlines, media and banks is a timely reminder that operational resilience should be at the forefront of the business agenda...

Demonstrating that even large corporations aren't immune to IT troubles, this outage highlights the importance of having distributed data centres and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritising both contingency planning and preventative measures, IT systems can be protected.

The impact of this incident is hard to exaggerate and business leaders should carefully consider  the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outages headline. 

Downdetector   |   Crowstrike   |   BBC   |   AlJazeera   |   The Conversation   |   ABC   |   Euronews   |   Telegraph

Image: structuresxx

You Might Also Read: 

Securing The Supply Chain:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Are Any Of Your Suppliers A Security Risk Waiting To Happen?
Defending Against Business Email Compromise »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Ascentor

Ascentor

Ascentor specialises in independent information and cyber security consultancy. We’re experienced industry experts, providing cyber security services since 2004.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

Governikus

Governikus

Governikus provides solutions for secure data transport, authentication, the use of electronic signatures and cryptography as well as for long-term storage.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.