A massive IT outage is currently affecting computer systems worldwide. In Australia and New Zealand, reports indicate that banks, media organizations, hospitals, transport services, shop checkouts, and airports have all been impacted.
This outage is unprecedented in its scale and severity. The affected computers have been “bricked,” meaning they have been rendered completely useless, much like a brick.
The widespread outage has been linked to a piece of software called CrowdStrike Falcon. But what is CrowdStrike Falcon, and why has it caused such widespread disruption?
What is CrowdStrike Falcon?
CrowdStrike is a US-based cybersecurity company with a significant global presence. Falcon is one of its software products designed to protect computers from cyber attacks and malware.
Falcon is known as “endpoint detection and response” (EDR) software. Its job is to monitor the computers it is installed on, looking for signs of malicious activity (like malware). When it detects a threat, it helps to neutralize it.
Falcon is privileged software, meaning it has deep access to the computers it protects. It monitors internet communications, running programs, opened files, and more. This level of access allows it to detect and respond to threats effectively, similar to traditional antivirus software but much more advanced.
For instance, if Falcon detects that a computer is communicating with a potential hacker, it can shut down that communication. This requires Falcon to be tightly integrated with the core software of the computers it runs on, such as Microsoft Windows.
Why Did Falcon Cause This Problem?
Falcon’s power and tight integration make it effective but also risky. When Falcon malfunctions, it can cause severe problems. The current outage is a worst-case scenario.
An update to Falcon caused it to malfunction, leading to crashes on Windows 10 computers and preventing them from rebooting, resulting in the “blue screen of death” (BSOD). This term refers to the error screen displayed when Windows crashes and needs to reboot. In this case, the malfunction means the computers cannot reboot without encountering the BSOD again.
Why is Falcon So Widely Used?
CrowdStrike is a market leader in EDR solutions. Its products, like Falcon, are commonly used by organizations focused on cybersecurity.
The current outage has shown that Falcon is used by hospitals, media companies, universities, major supermarkets, and more. The full scale of the impact is global and still being determined.
Why Aren’t Home PCs Affected?
CrowdStrike’s products are mainly deployed in large organizations needing robust cybersecurity measures. Home PCs usually rely on built-in antivirus software or products from companies like Norton and McAfee.
How Long Will This Take to Fix?
CrowdStrike has provided manual instructions for fixing the problem on affected computers. However, there is no automatic fix available yet. IT teams in some organizations may resolve the issue quickly by wiping and restoring affected computers from backups or rolling back to an earlier Falcon version.
In many cases, IT teams may need to manually fix each affected computer, which could take some time.
The Irony of Advanced Security Technology
Security professionals have long encouraged organizations to deploy advanced security technology like EDR. Yet, this same technology has now caused a major outage.
For companies like CrowdStrike that sell highly privileged security software, this incident is a reminder to be very careful when deploying automatic updates to their products.