The massive outage, which affected about 8.5 million PCs running Microsoft Windows worldwide, although affecting just 1% of systems in use, could require days to weeks to recover, experts estimate. The work of industrial enterprises, hospitals, airports and media resources was affected.
As the Financial Times notes, major information security software vendor CrowdStrike blamed an update to its Falcon application for the incident, which caused a large-scale outage on Windows computers around the world. Server systems on this platform were also affected. CrowdStrike’s reputation took a hit in this situation, as many customers relied on the software as a first line of defense against cyberattacks.
This is the first time a widely used cybersecurity agent designed to protect PCs has actually disabled them, according to Gartner’s Neil MacDonald. The only effective way to resolve the issue with the CrowdStrike update was reportedly to reboot the computer and manually delete the files from the ill-fated update. In this case, the administrator will need physical access to the affected computer to correct the situation in each case. Taking into account the fairly extensive infrastructure of many companies, it may take from several days to several weeks to eliminate the consequences of a failure, as experts explain.
In such situations, they say, administrators tend to executive computers and server systems first, and they may be the last to reach ordinary users. Texas-based CrowdStrike served more than 29,000 enterprise customers at the end of last year, covering more than half of the Fortune 500 companies. The outage yesterday highlights just how highly concentrated cybersecurity risks are. According to Gartner, CrowdStrike is second only to Microsoft in terms of market coverage, and until now it has largely promoted its solutions in the market thanks to the resonance from several major cyberattacks on a competitor.
On Friday, CrowdStrike representatives emphasized that the failure was not a cyber attack, and the company’s customers remain fully protected. However, third-party experts warn that attackers will take advantage of this situation to try to penetrate the information networks of CrowdStrike clients under the guise of software solutions to fix the problem. Only a few fake sites with CrowdStrike in their name were created in the past week, literally within a matter of hours after the failure began to spread. According to analysts, the appearance of such an error in the CrowdStrike software was caused by banal haste and neglect of code testing on the part of the developers.