Large-Scale IT Outage Causing International Disruption

Uploaded on 2024-07-19 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A major IT outage has disrupted businesses and institutions in multiple countries, throwing airlines, government services, TV channels, banks, supermarkets, telecoms and media outlets into chaos. Downdetector, a website which monitors outages, reported sudden spikes in problems with websites including Microsoft applications, banking websites and airline apps. 

Cybersecurity company CrowdStrike is reportedly linked to the IT outage affecting banks, airports, supermarkets and businesses across Australia and the world.

In an incident with an international impact, airports in the United Kingdom, France, Germany, Spain, Malaysia and the Philippines have reported disruptions to services. Airport check-in systems around the world have gone offline and businesses have reported the "blue screen of death" and IT outages.

  • The US state of Alaska has said its emergency services are affected  and many 911 and non-emergency call centres are not working properly.
  • Australia has had broadcast networks fail and supermarkets crippled and Sky News UK went completely off air. Australian airlines Virgin Australia and Jetstar have also had to delay or cancel flights. 
  • A number of US airlines Delta, United and American Airlines  have stopped flights around the world.United, Delta and American Airlines that are all based in the US, have issued a "global ground stop" on all of their flights. 
  • Social media users have reported queues at Australian stores with payment systems offline and trouble accessing financial institutions like the National Australia Bank.

The reason for the outage is not clear, but appears to be  linked to Microsoft PC operating systems. An official Microsoft 365 service update posted on  X / Twitter earlier today saying "we're investigating an issue impacting users ability to access various Microsoft 365 apps and services".

The problem appears to have been caused by a software update gone wrong. A newly released version of CrowdStrike’s security software reportedly caused Windows computers to crash and display a standard error blue screen that happens when the operating system cannot load correctly. 

This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected. 

Crowdstrike are advising affected users not to open individual support tickets and, as an indication of the potential reputational damage, the company's stock value fell by 20% in pre-market trading - a fall worth $16 billion. 

Ilkka Turunen, Field CTO at the software supply chain management Sonatype commented of what’s going on with the Crowdstrike outage. "The widespread outages across the world affecting Microsoft Windows are due to a botched update to a piece of software called Crowdstrike, a well-regarded malware and endpoint protection tool often used by enterprises and many companies across the world... In terms of technical details, the update causes a BSOD loop on any Windows machine essentially making it boot and crash on an infinite loop....

"Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight. There are workarounds that customers of theirs will apply, but it seems to be very manual."

"It’s definitely a supply chain style incident - what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night. It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread." Turunen said.

In other comment, Alan Stephenson-Brown, CEO of network solutions supplier Evolve said, "News of a global IT outage that has caused problems at airlines, media and banks is a timely reminder that operational resilience should be at the forefront of the business agenda...

Demonstrating that even large corporations aren't immune to IT troubles, this outage highlights the importance of having distributed data centres and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritising both contingency planning and preventative measures, IT systems can be protected.

The impact of this incident is hard to exaggerate and business leaders should carefully consider  the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outages headline. 

Downdetector   |   Crowstrike   |   BBC   |   AlJazeera   |   The Conversation   |   ABC   |   Euronews   |   Telegraph

Image: structuresxx

You Might Also Read: 

Securing The Supply Chain:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Are Any Of Your Suppliers A Security Risk Waiting To Happen?
Defending Against Business Email Compromise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Crypto Valley Association

Crypto Valley Association

Crypto Valley Association is an independent, government-supported association established to build the world’s leading blockchain and cryptographic technologies ecosystem.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.