Cyber outage creates chaos around the world on July 19, 2024

Hits flights, banks, telecoms, media

A widespread disruption caused by a software update sent shockwaves through global computer systems on July 19, 2024, resulting in grounded flights, interrupted broadcasts, and significant disruptions across banking, healthcare, and other essential services.

The incident was triggered by a routine update to a product offered by leading global cybersecurity firm CrowdStrike, impacting Microsoft’s Windows Operating System users. Although Microsoft swiftly addressed the issue, the fallout was felt worldwide, affecting critical infrastructure and services.

CrowdStrike CEO George Kurtz clarified on X that the disruption stemmed from a defect in a single content update affecting Windows hosts. He reassured users that efforts were underway to deploy a fix, insisting that the incident was not due to a security breach or cyberattack.

Early in the day, major US airlines, including American Airlines, Delta Airlines, and United Airlines, were forced to ground flights. Similar disruptions were reported by airlines and airports globally, leading to extensive delays and logistical challenges.

Service disruptions

Financial institutions across Australia, India, Germany, and beyond warned customers about service disruptions. Traders faced difficulties executing transactions, contributing to what one trader described as “the mother of all global market outages”.

The unprecedented global outage affected government and private sector computer systems in the UAE.

At 1:05pm (GST) on July 19, a Dubai Airports spokesperson stated: “Dubai Airports confirms that Dubai International (DXB) is operating normally following a global system outage that affected the check-in process for some airlines in Terminals 1 and 2 this morning. The affected airlines promptly switched to an alternate system, allowing normal check-in operations to resume swiftly.”

In the United Kingdom, healthcare booking systems experienced outages, affecting medical practices nationwide. Sky News, a prominent broadcaster, apologised for being unable to broadcast live, while Manchester United Football Club announced delays in ticket sales.

‘Restarting state’

Microsoft’s Azure cloud unit acknowledged issues affecting virtual machines running Windows OS and the CrowdStrike Falcon agent, which were caught in a ‘restarting state’ during the outage.

A spokesperson from Microsoft assured stakeholders that a resolution was imminent and acknowledged the impact on Windows devices caused by the third-party software update.

The outage’s ripple effects extended to major airports in Singapore, Hong Kong, India, and Europe, where manual check-ins became necessary for some airlines. Amsterdam’s Schiphol Airport reported disruptions, with Iberia Airlines managing operations manually until electronic systems were restored.

Air France-KLM reported operational disruptions, while the Dutch foreign affairs ministry confirmed its systems were affected, highlighting the widespread nature of the incident.

As companies worked to restore services gradually, analysts underscored the severity of what some labelled the largest-ever IT outage in industry history.

Acronis perspective

Kevin Reed, Acronis’s Chief Information Security Officer, stated: “The CrowdStrike outage appears to stem from a bug in their EDR agent, which was unfortunately not thoroughly tested.

“The flawed update necessitates manual intervention, specifically rebooting systems in ‘safe mode’ and deleting the faulty driver file. This cumbersome process leaves systems vulnerable, potentially inviting opportunistic attacks.

“This incident highlights the importance of rigorous testing and staged updates for EDR agents. Usually, testing is done with every release and can take days to weeks, depending on the update’s size or changes. The ease with which their driver files can be deleted also raises questions about the self-protection mechanisms of CrowdStrike’s software.

“For Acronis customers, those with recent backups can restore their systems to a stable state, minimising downtime and exposure. Moving forward, we recommend all businesses ensure robust backup solutions and advocate for better testing protocols from their security vendors,” Reed concluded.

With the outage affecting digital payment systems globally, Robert Kraal, CBDO and co-founder of Silverfow, a leading cloud platform for global card processing, noted: “The payments systems outages are a regrettable consequence of an outdated payments infrastructure.

“Some of the most vital parts of the payments ecosystem can be up to 40 years old and are held together with patches and workarounds. For the most part, this works, but these outages show that it can and does fail. So, would we advise that the entire payment system be torn out and replaced?”

“While it would certainly be good for us, a company that provides modern payment systems, it wouldn’t be good for payment companies or merchants who rely on them. Many of these legacy systems are irreplaceable, for now at least, and any replacements need to take place in a step-by-step, strategic way,” Kraal added.

Featured image: Airlines worldwide were hit by the global outage on July 19, 2024, including airlines operating at Shanghai Pudong International Airport. Credit: Arnold Pinto