CrowdStrike and the Security Paradox: An Internal Error with Devastating Consequences

On July 13, 2024, CrowdStrike, one of the leading cloud cybersecurity platforms, experienced a failure during a Falcon update. Falcon is CrowdStrike’s main platform, specifically designed to prevent security breaches. This caused excessive resource usage on Windows systems, leading to the shutdown of numerous machines worldwide.

The CrowdStrike issue primarily affected companies using the Azure platform and Microsoft 365 services. Many systems were stuck on Windows' "blue screen of death." Industries impacted included banking, airlines, media, and emergency systems. Major companies such as Australian banks, European institutions, and U.S. markets suffered real-time system failures.

According to reports, the CrowdStrike update error caused significant global economic losses, including substantial drops in the stock prices of affected companies.

The global outage is estimated to have resulted in a $5.4 billion loss for Fortune 500 companies. The disruption affected around 25% of Fortune 500 firms, with the most impacted sectors being airlines, healthcare, and banking. In 2021, approximately 47% of Fortune 500 companies were CrowdStrike clients.

Estimates suggest that approximately 24,000 customers were affected, although the exact number of individual computers impacted is unknown. The full economic impact will be known in the coming weeks but is expected to be significant.

What Were the Causes?

The main causes of the CrowdStrike outage affecting thousands of companies globally were:

• A faulty update to Falcon’s Memory Scanning service (CrowdStrike’s security platform) which was incompatible with the latest version of Windows released by Microsoft on July 9, 2024
• Microsoft failed to properly update the condition of the new Windows version with CrowdStrike, triggering the issue
• The CrowdStrike update failure led to excessive resource usage on Windows systems, causing the shutdown of numerous machines worldwide
• The faulty CrowdStrike update set off a chain reaction, affecting cloud providers like Azure and Amazon Web Services, multiplying the disaster
• CrowdStrike has a significant market share (14% according to Gartner), and its software is present in a wide range of critical systems, contributing to the scale of the impact

In summary, a flawed security update, lack of coordination between Microsoft and CrowdStrike, and the widespread presence of the Falcon platform in key business systems were the main factors causing the global CrowdStrike outage and the resulting chaos.

What Companies Were Affected by the CrowdStrike Outage?

In addition to Microsoft, several other major companies and services were severely impacted by the CrowdStrike outage:

• Banks and Financial Services: This included several Spanish banks such as Santander, BBVA, Caixabank, Sabadell, Bankia, Unicaja, and Kutxabank
• Airlines and Airports: Airport operator Aena in Spain reported delays and incidents at 46 airports and 2 heliports, affecting airlines like Vueling, Ryanair, American, Delta, and United.
• Medical Services and Institutions: Medical institutions like Mass General Brigham, Cone Health, and Martha's Vineyard Hospital canceled all non-urgent surgeries, procedures, and many treatments due to the outage.
• Cloud Services: Amazon Web Services and Microsoft Azure
• Social Media and Platforms: Twitter, Instagram, Spotify, Telegram, among others
• Messaging and Mobile Services: Providers like Movistar, Orange, Simyo, Lowi, Jazztell, and Correos
• E-commerce Companies: Amazon
• Machine Learning Services: ChatGPT

According to cybersecurity expert Ana Cecilia Pérez In an interview with MVS Noticias, the error occurred in CrowdStrike's update protocol, which was released without Microsoft’s approval:

"The error was more about communication; it is predicted that the file was corrupt. What CrowdStrike needs to do is release new updates, fix the problems... However, today the affected systems can't even be accessed."

Mikko Hypp?nen from the firm WithSecure also speculated that the issue might have been due to human error in the CrowdStrike update process:

"A CloudStrike engineer is having a really bad day. Software like this needs to go through extensive testing. That's what we do. That's what CrowdStrike does, of course. You have to be very careful about what you send out, which is hard to do because security software updates very frequently."

In Conclusion:

Experts agree that the root cause of the global system collapse was human error in the CrowdStrike update process, which released faulty code without proper testing and coordination with Microsoft. This underscores the importance of having rigorous protocols for deploying updates to critical software.

The CrowdStrike error is a clear example of how a security software failure can have devastating global consequences, It reinforces the need for thorough testing and incident preparedness in an increasingly technology-dependent world.