Large-Scale IT Outage Causing International Disruption

Uploaded on 2024-07-19 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A major IT outage has disrupted businesses and institutions in multiple countries, throwing airlines, government services, TV channels, banks, supermarkets, telecoms and media outlets into chaos. Downdetector, a website which monitors outages, reported sudden spikes in problems with websites including Microsoft applications, banking websites and airline apps. 

Cybersecurity company CrowdStrike is reportedly linked to the IT outage affecting banks, airports, supermarkets and businesses across Australia and the world.

In an incident with an international impact, airports in the United Kingdom, France, Germany, Spain, Malaysia and the Philippines have reported disruptions to services. Airport check-in systems around the world have gone offline and businesses have reported the "blue screen of death" and IT outages.

  • The US state of Alaska has said its emergency services are affected  and many 911 and non-emergency call centres are not working properly.
  • Australia has had broadcast networks fail and supermarkets crippled and Sky News UK went completely off air. Australian airlines Virgin Australia and Jetstar have also had to delay or cancel flights. 
  • A number of US airlines Delta, United and American Airlines  have stopped flights around the world.United, Delta and American Airlines that are all based in the US, have issued a "global ground stop" on all of their flights. 
  • Social media users have reported queues at Australian stores with payment systems offline and trouble accessing financial institutions like the National Australia Bank.

The reason for the outage is not clear, but appears to be  linked to Microsoft PC operating systems. An official Microsoft 365 service update posted on  X / Twitter earlier today saying "we're investigating an issue impacting users ability to access various Microsoft 365 apps and services".

The problem appears to have been caused by a software update gone wrong. A newly released version of CrowdStrike’s security software reportedly caused Windows computers to crash and display a standard error blue screen that happens when the operating system cannot load correctly. 

This update’s impact has been particularly severe for enterprise customers, with some organizations reporting that thousands of devices, including critical production servers and SQL nodes, have been affected. 

Crowdstrike are advising affected users not to open individual support tickets and, as an indication of the potential reputational damage, the company's stock value fell by 20% in pre-market trading - a fall worth $16 billion. 

Ilkka Turunen, Field CTO at the software supply chain management Sonatype commented of what’s going on with the Crowdstrike outage. "The widespread outages across the world affecting Microsoft Windows are due to a botched update to a piece of software called Crowdstrike, a well-regarded malware and endpoint protection tool often used by enterprises and many companies across the world... In terms of technical details, the update causes a BSOD loop on any Windows machine essentially making it boot and crash on an infinite loop....

"Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight. There are workarounds that customers of theirs will apply, but it seems to be very manual."

"It’s definitely a supply chain style incident - what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night. It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread." Turunen said.

In other comment, Alan Stephenson-Brown, CEO of network solutions supplier Evolve said, "News of a global IT outage that has caused problems at airlines, media and banks is a timely reminder that operational resilience should be at the forefront of the business agenda...

Demonstrating that even large corporations aren't immune to IT troubles, this outage highlights the importance of having distributed data centres and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritising both contingency planning and preventative measures, IT systems can be protected.

The impact of this incident is hard to exaggerate and business leaders should carefully consider  the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outages headline. 

Downdetector   |   Crowstrike   |   BBC   |   AlJazeera   |   The Conversation   |   ABC   |   Euronews   |   Telegraph

Image: structuresxx

You Might Also Read: 

Securing The Supply Chain:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Are Any Of Your Suppliers A Security Risk Waiting To Happen?
Defending Against Business Email Compromise »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER) - USA

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER) - USA

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

PKF Infuse

PKF Infuse

PKF Infuse provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

HazeGrayCyber

HazeGrayCyber

HazeGrayCyber offers comprehensive technical services to bring your company to the next level.

DevOcean

DevOcean

DevOcean, the leader in Cybersecurity Exposure Remediation, helps organizations cut through the chaos by automatically consolidating, prioritizing, and streamlining fixes.