Cybersecurity firm Crowdstrike has admitted that a "defect" in a software update has caused the IT outage currently wrecking havoc worldwide.
ADVERTISEMENTCrowdstrike, a cybersecurity firm with thousands of customers globally, admitted on Friday that a defective software update had caused the major IT outage that brought airports, banks, hospitals, media outlets, and businesses to a halt worldwide.
Reports of outages began streaming in from around the globe early on Friday, with broadcaster Sky News in the UK forced off the air for several hours.
Companies are beginning to see a recovery by Friday afternoon but not before mass disruption of services in several industries caused havoc around the planet.
Travellers faced widespread disruption with airlines cancelling over 3,300 flights, according to aviation analytics company Cirium, and airports struggling to cope with system failures and delays.
The outage has also impacted global customers of Microsoft's Azure and Office365 services, which first reported being hit at about 18.00 ET on Thursday, or midnight CET on Friday.
In a post on X, the Big Tech giant said it was "investigating an issue impacting users ability to access various Microsoft 365 apps and services".
"We still expect that users will continue to see gradual relief as we continue to mitigate the issue," it added.
Airlines such as Qantas in Australia and carriers in the US, including major airlines United and American Airlines, were forced to ground flights.
In Europe, users of Ryanair's app and website also complained about not being able to check in for their flights on Friday morning, with a surge of reports noted on the outage tracking website Downdetector.com.
In a post on X, the airline confirmed it was "experiencing disruption" due to a "global 3rd party IT outage".
Other carriers in Europe, including KLM, informed customers to expect delays or cancelled flights as handling services was "not possible," according to the Dutch airline.
Several European airports have reported IT issues, including Berlin Brandenberg Airport which has told customers to expect delays at check-in. At Edinburgh Airport in the UK, a computer error caused departure boards to freeze.
Amsterdam Schiphol also reported issues with flights affected, as did airports in Germany, the UK, New Zealand, Japan, and India.
Switzerland's largest airport, Zurich, stopped aircraft from landing.
In the UK, supermarkets like Aldi, Morrison's, and Waitrose reported experiencing issues accepting card payments.
ADVERTISEMENTHospitals, pharmacies, and doctors' surgeries in the UK were also hit, reporting difficulties retrieving medical records, staff rosters and more, with reports of two German hospitals in Luebeck and Kiel also cancelling non-urgent surgeries.
What's caused the global outage?
In a statement on Friday, George Kurtz, CEO of Crowdstrike, confirmed that a "defect" in a content update for Windows machines is behind the outage.
"Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," Kurtz said.
"Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
ADVERTISEMENT"The issue has been identified, isolated and a fix has been deployed".
Crowdstrike has advised customers to refer to its support portal for updates, and for organisations who use its services to continue communicating with Crowdstrike representatives "through official channels".
"Our team is fully mobilised to ensure the security and stability of Crowdstrike customers," Kurtz concluded.
Initial reports on Friday speculated that an antivirus software update at the cybersecurity firm had gone awry and was to blame for the outage.
ADVERTISEMENTDevices, such as computers and phones, became "bricked," meaning that they are unable to function as they should due to corrupted software.
On Reddit, community users of the Crowdstrike subreddit (r/crowdstrike) shared what is reported to be an advisory from the company issued to customers only that suggests the cause is its Falcon Sensor.
In the communiqué, the company says it is aware that customers are experiencing repeated BSODs (Blue Screen of Death) and are unable to reboot their devices.
"CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor," it states.
ADVERTISEMENTThe incident wiped 15 per cent off the value of Crowdstrike shares when trading opened on Friday, the equivalent of $12.5 billion (€11.5 billion).
Responding to Friday's outage, Lauren Wills-Dixon, a data privacy expert at UK-based law firm Gordons, told Euronews Next: "We’ll likely find out more as the hours progress, but this shows just how reliant we are on certain tech, how much trust organisations put in them and their security practices, and also the chaos that downtime can cause".
Dependence on single providers
In the wake of the disruption, experts have agreed on the need to move away from overreliance on remote management of our devices by a handful of large, centralised platforms.
Chris Dimitriadis, a cybersecurity expert and the Global Chief Strategy Officer at IT governance association ISACA, called the outage "nothing short of a crisis".
ADVERTISEMENT"When one service provider in the digital supply chain is affected, the whole chain can break, causing large-scale outages. This incident is a clear example of what could be termed a digital pandemic – a single point of failure impacting millions of lives globally," he said.
"The outage is a result of an increasingly complex and interconnected digital world, and this failing is exactly why cyber resilience is key for ensuring the safety, security, and wellbeing of citizens as well as a key enabler of the global economy".
Paolo Ardoino, the CEO of Tether, called for companies and countries to invest more in peer-to-peer tech to reduce the risk of "future catastrophes of any type".
"The web was born decentralised, point-to-point. Today it is almost completely centralised around the services of 3 companies," he said.
ADVERTISEMENT"Any connectivity or instability issues within such companies' infrastructure will dramatically impact entire nations, cities, communities and companies," he added.
"Concentration and centralisation are creating a very fragile world, where almost all the technology we have developed until today can work only in the best case scenario, and will fail at the first sign of change in the social/environmental ecosystem".
