Crowdstrike: The Update that Crashed the World

By Tibor Moes / Updated: August 2024

CrowdStrike Update

It’s Friday, July 19, 2024. You’re all set for your dream vacation to Europe. Bags packed, tickets in hand, excitement through the roof. But then, suddenly, chaos strikes. You miss your flight, and it’s not just you—airports, hospitals, banks, and more are thrown into into a reboot death spiral. The culprit? A defective CrowdStrike update.

Only a handful of times in history has a single piece of code managed to wreck computer systems worldwide. The Slammer worm of 2003. Russia’s Ukraine-targeted NotPetya cyberattack. North Korea’s self-spreading ransomware WannaCry. But this digital catastrophe?

It wasn’t hackers this time—it was the software meant to stop them.

What happened

In the early hours of Friday, a software update from cybersecurity giant CrowdStrike inadvertently disrupted IT systems globally. Windows machines everywhere started displaying the dreaded Blue Screen of Death.

Businesses worldwide were hit hard—banks, airports, TV stations, healthcare organizations, hotels, you name it. Flights were grounded, patients couldn’t be admitted, and even major TV networks like Sky News went offline.

It started in Australia with companies running Microsoft’s Windows operating system. Soon, reports of disruptions flooded in from the UK, India, Germany, the Netherlands, and the US. By Friday morning, US airlines like United, Delta, and American Airlines issued a ‘global ground stop,’ halting all flights.

Shockingly, this catastrophe wasn’t the result of a cyberattack. It stemmed from a misconfigured update that CrowdStrike pushed out to its customers. Adding to the chaos, Microsoft’s cloud platform Azure experienced a widespread outage just the night before. But Microsoft claims these two IT failures are unrelated.

So, what turned your dream vacation into a nightmare? Ironically, a flawed software update—meant to protect us from cyber threats—caused one of the most significant digital disruptions in history.

What is CrowdStrike?

In 2011, a team of cybersecurity experts in Austin, Texas, founded CrowdStrike to protect devices and combat digital threats. Coincidentally, one of its co-founders, George Kurtz, was also the CTO at McAfee during a similar software disaster in 2010 that caused widespread system crashes.

CrowdStrike quickly attracted millions in funding from Silicon Valley giants like Google Ventures. By June 2013, they launched their first product, CrowdStrike Falcon, software that protects against various types of cyberattacks.

While CrowdStrike’s main focus is blocking hackers and malware, they’ve also taken on major investigations. In 2014, they tackled North Korea’s cyberattack on Sony Pictures. In 2016, they investigated the Russian hack of the Democratic National Committee.

CrowdStrike’s software doesn’t just run on Microsoft Windows; it also runs on Apple’s macOS and the Linux OS. This broad compatibility means they can protect a wide array of devices, including computers, servers, and mobile devices.

CrowdStrike’s reach is vast. They protect over 29,000 customers worldwide—from banks to hospitals to airports. Notable clients include Sony Pictures, Target, Amazon, Alphabet, and Intel.

Fast forward to today. CrowdStrike has grown into a cybersecurity giant valued at around $83 billion, protecting 538 out of the Fortune 1000 companies. But even giants can stumble. The recent outage caused their stock price to plummet by 13% early on Friday, the 19th of July 2024.

So, how did such a big company make such a massive mistake?

How it works and where it failed?

While some theories suggest involvement by the Elite Cabal, the World Economic Forum, and Cyber Polygon, the actual cause of the outage was a technical error.

To understand the recent CrowdStrike outage, let’s first see how CrowdStrike’s Falcon platform operates and what went wrong.

At the heart of CrowdStrike’s protection is the Falcon platform, a powerful antivirus system installed on endpoints like laptops, servers, and routers.

Falcon’s sensors watch over the device 24/7, scanning for any suspicious activities, just like a security guard checking surveillance footage.

If it detects something unusual, it quickly raises an alarm and takes action using advanced artificial intelligence and analytics.

Falcon operates in a super-sensitive area of the device’s brain called kernel mode, where only the most trusted and important tasks are handled. This is like giving the security guard keys to every room in the building.

Now, let’s see what went wrong:

CrowdStrike sent an update to all these Falcon sensors on July 19, 2024. Unfortunately, this update had a mistake. The update included a file with a tiny error, similar to a typo in the security manual, causing the Falcon sensors to malfunction and crash the device completely, resulting in the dreaded blue screen of death.

Because Falcon operates in such a critical part of the system, any error here can cause major issues. The faulty update was like handing the security guard a faulty key, which ended up locking down the entire building.

But you might be wondering: Why didn’t they just pre-test the update before deploying it to millions?

Security experts believe that the frequent nature of these updates likely led to the faulty code slipping through the usual quality checks. Ideally, such updates should be rolled out to a limited pool of customers first to avoid widespread issues. However, this step appears to have been skipped, leading to the massive global outage.

Because the crash was so deep in the system, fixing it required someone to manually restart each device and remove the faulty file, which is a long and tedious process. It could take some organizations weeks to fix each computer.

What were the impacts?

But how big was CrowdStrike’s update really? In short: Big. Really big.

The CrowdStrike outage disabled an estimated 8.5 million computers worldwide, according to Microsoft. This makes it the largest cyber-event in history, eclipsing all previous hacks and outages.

To put this in perspective, let’s compare it to past major outages. Remember the WannaCry ransomware attack in 2017? It affected hundreds of thousands of computers in over 150 countries, disrupting critical services and causing billions in damages. Another significant incident was the NotPetya cyberattack in 2017, which primarily targeted Ukraine but had global ramifications, costing companies over $10 billion.

Similar to these incidents, the CrowdStrike outage hit multiple sectors hard. Banks experienced downtime, leading to financial transaction delays. Hospitals faced system failures, causing delayed treatments and increased patient risks. Over 5,000 flights were canceled within hours of the outage, leading to widespread chaos.

CrowdStrike’s investors weren’t safe either. Before the update, CrowdStrike stock was considered a strong performer. However, after the software defect caused widespread disruptions, the stock price dropped by 13%. This reflected investor concerns about the reliability of their services​.

Finally, the chaos has lead to an increase in phishing attacks around the world. Researchers at Secureworks reported a rise in CrowdStrike-themed domain registrations Hackers use these to create fake websites that impersonate CrowdStrike, tricking IT managers and the public into revealing sensitive information like passwords.

So, what’s here to learn?

Current developments and outlook

Companies will scrutinize their update processes more closely, ensuring more rigorous testing and validation. CrowdStrike and similar firms must prioritize quality control checks on updates before deployment—especially on a Friday.

CrowdStrike said it also planned to implement a “staggered deployment strategy” for updates similar to the one that triggered last week’s outage. They would be “gradually deployed” to reduce the risk of large numbers of computers and servers being affected by an error at once.

This outage also serves as a stark reminder of our dependence on IT and software and the danger of monopolization. Just 15 companies worldwide account for 62 percent of the market in cybersecurity products and services, according to SecurityScorecard. When a system maintained by these few vendors fails, it can become a single point of failure with widespread impact, affecting emergency services, hospitals, airports, and government agencies.

This brings up certain questions: Are we too digital? And are we too reliant on a few big companies? And if cybersecurity software crashes computers around the world, will consumers and companies be less likely to install security programs in the future?

Conclusion

As the world recovers from the largest IT outage in history, it’s clear that the real cost extends beyond financial losses. It affects the lives of those who rely on these critical services. This incident highlights the need for a resilient and democratic approach to digital infrastructure.

Stay safe online

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor has tested 28 antivirus programs and 25 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.

He uses Norton to protect his devices, NordVPN for his privacy, and Proton for his passwords and email.

You can find him on LinkedIn or contact him here.