Large-Scale IT Outage Causing International Disruption

A major IT outage has disrupted businesses and institutions in multiple countries, throwing airlines, government services, TV channels, banks, supermarkets, telecoms and media outlets into chaos. Downdetector, a website which monitors outages, reported sudden spikes in problems with websites including Microsoft applications, banking websites and airline apps. 

Cybersecurity company CrowdStrike is reportedly linked to the IT outage affecting banks, airports, supermarkets and businesses across Australia and the world.

In an incident with an international impact, airports in the United Kingdom, France, Germany, Spain, Malaysia and the Philippines have reported disruptions to services. Airport check-in systems around the world have gone offline and businesses have reported the "blue screen of death" and IT outages.

  • The US state of Alaska has said its emergency services are affected  and many 911 and non-emergency call centres are not working properly.
  • Australia has had broadcast networks fail and supermarkets crippled and Sky News UK went completely off air. Australian airlines Virgin Australia and Jetstar have also had to delay or cancel flights. 
  • A number of US airlines Delta, United and American Airlines  have stopped flights around the world.United, Delta and American Airlines that are all based in the US, have issued a "global ground stop" on all of their flights. 
  • Social media users have reported queues at Australian stores with payment systems offline and trouble accessing financial institutions like the National Australia Bank.

The reason for the outage is not clear, but appears to be  linked to Microsoft PC operating systems. An official Microsoft 365 service update posted on  X / Twitter earlier today saying "we're investigating an issue impacting users ability to access various Microsoft 365 apps and services".

The problem appears to have been caused by a software update gone wrong. A newly released version of CrowdStrike’s security software reportedly caused Windows computers to crash and display a standard error blue screen that happens when the operating system cannot load correctly. 

This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected. 

Crowdstrike are advising affected users not to open individual support tickets and, as an indication of the potential reputational damage, the company's stock value fell by 20% in pre-market trading - a fall worth $16 billion. 

Ilkka Turunen, Field CTO at the software supply chain management Sonatype commented of what’s going on with the Crowdstrike outage. "The widespread outages across the world affecting Microsoft Windows are due to a botched update to a piece of software called Crowdstrike, a well-regarded malware and endpoint protection tool often used by enterprises and many companies across the world... In terms of technical details, the update causes a BSOD loop on any Windows machine essentially making it boot and crash on an infinite loop....

"Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight. There are workarounds that customers of theirs will apply, but it seems to be very manual."

"It’s definitely a supply chain style incident - what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night. It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread." Turunen said.

In other comment, Alan Stephenson-Brown, CEO of network solutions supplier Evolve said, "News of a global IT outage that has caused problems at airlines, media and banks is a timely reminder that operational resilience should be at the forefront of the business agenda...

Demonstrating that even large corporations aren't immune to IT troubles, this outage highlights the importance of having distributed data centres and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritising both contingency planning and preventative measures, IT systems can be protected.

The impact of this incident is hard to exaggerate and business leaders should carefully consider  the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outages headline. 

Downdetector   |   Crowstrike   |   BBC   |   AlJazeera   |   The Conversation   |   ABC   |   Euronews   |   Telegraph

Image: structuresxx

You Might Also Read: 

Securing The Supply Chain:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Are Any Of Your Suppliers A Security Risk Waiting To Happen?
Defending Against Business Email Compromise »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

StackRox

StackRox

StackRox delivers a container-native security platform that adapts detection and response to new threats.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.