The Tech industry's vulnerabilities exposed by CrowdStrike outage

Lessons learned from the global CrowdStrike outage

09 Oct 2024, 06:35 · TechRadar

News By Andrey Leskin published 9 October 2024

(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

On July 19, approximately 8.5 million Windows machines were blocked causing flight cancellations, banking disruptions and media outages around the world. Major US airlines, including American Airlines, United Airlines, and Delta had to cancel flights due to communication problems. Banks and stock exchanges, including the London Stock Exchange, Lloyds Bank, and South Africa's Capitec, faced similar problems. The failure also affected the Visa and Mastercard payment gateways, according to DownDetector data.

The outage led to serious financial distress. For instance, the cancelation of almost 7,000 flights by Delta could cost the company from $350 million to $500 million. According to some estimates, the total direct loss facing the US Fortune 500 companies, excluding Microsoft, was $5.4 billion. The healthcare sector has been hit the hardest, with projected losses of $1.94 billion, followed by the banking sector with $1.15 billion in estimated damages. The airline industry also experienced significant disruptions, leading to an estimated $860 million in losses. Fortune 500 companies alone could incur direct losses of $5.4 billion.

Andrey Leskin

CTO of Qrator Labs.

What went wrong

The outage was caused by errors in an update of the Falcon security platform by information security solutions provider CrowdStrike, as the company later explained. Interestingly, the update was successfully tested on March 5, but the error could not be noticed due to a bug in the diagnostic software.

CrowdStrike also noted that it usually provides security content configuration updates in two ways: one through Sensor Content, which comes with the Falcon Sensor component, and the other through Rapid Response Content, which flags new threats using various behavioral pattern-matching methods. The latter was the one that contained the previously undiscovered bug.

Why did this mistake lead to blue screens around the world? The reason lies in the relation between this kind of endpoint protection software like Falcon and operating systems: there is no way to limit such software from controlling the operating system, as doing so would open the possibility for a virus to take over. This scenario would negate the very purpose of having a security application in place, as it would allow malicious entities to bypass the protection measures entirely.

Gradual upgrades and regular backups

Despite the significant impact of the recent incident on companies and organizations, it is unlikely that there will be a widespread abandonment of CrowdStrike products. Solutions like Falcon are deeply embedded in IT infrastructures and have been developed and refined over decades. Replacing them is time-consuming and costly. In addition, there is no guarantee that alternatives would not lead to the same troubles.

However, this incident shed light on some burning issues in the tech industry. One of them is the lack of diversity. Nowadays the market is dominated by just a few major vendors, and this concentration of control is precisely why the impact of the incident was so widespread. To mitigate such risks in the future, it's crucial to develop and invest in alternative solutions, including cloud-based options. This is the key takeaway we should derive from this situation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors