Businesses including airlines, banks, telecommunication companies, TV and radio broadcasters have been taken offline due to a worldwide IT outage.

According to reports from the BBC, barcodes at Gatwick Airport are not working, leading to security checks on boarding passes being done manually.

Gatwick was not the only Airport to experience major delays, as the Telegraph published reports stating that Frontier Airlines grounded flights for over two hours.

The Guardian also says that Sky News in the United Kingdom was off-air for several hours on Friday morning, but has since returned to broadcasting.

The latest developments believe that the outage was caused by a Microsoft Windows issue, which came from a problem with an update to Crowdstrike, a malware and endpoint protection tool often used by many enterprises and companies across the world, however this is an ongoing story and the root of the outage is yet to be confirmed.

Countless businesses suffering

“Many people might be thanking Microsoft for their accidental day off, but countless businesses are suffering due to Microsoft’s and their partners’ failure to maintain their services,” said AI Lakhani, CEO of IDEE.

“This incident underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation.

“Microsoft clearly fell short in this regard, and we are witnessing a cascade of operational failures around the world as a result.
 
“CrowdStrike’s platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues.

“For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure.

“Moreover, agents can become a single point of failure, as a bad update can compromise the entire network, as seen with the SolarWinds attack.
 
“The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient.

“This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences.”

The most significant cyber issue of 2024

“The current event appears – even in July – that it will be one of the most significant of cyber issues of 2024,” added Omer Grossman, CIO, CyberArk.

“The damage to business processes at the global level is dramatic.

“The glitch is due to a software update of CrowdStrike’s EDR product.

“This is a product that runs with high privileges, that protects endpoints.

“A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash.

“There are two main issues on the agenda: The first is how customers get back online and regain continuity of business processes.

“It turns out that because the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint.

“This is expected to be a process that will take days.

“The second is around what caused the malfunction?

“The range of possibilities ranges from human error – for instance a developer who downloaded an update without sufficient quality control – to the complex and intriguing scenario of a deep cyberattack, prepared ahead of time and involving an attacker activating a “doomsday command” or “kill switch”. CrowdStrike’s analysis and updates in the coming days will be of the utmost interest.”

Failed update

“The widespread outages across the world affecting Microsoft Windows are due to a botched update to a piece of software called Crowdstrike, a well-regarded malware and endpoint protection tool often used by enterprises and many companies across the world,” said Ikka Turunen, Field CTO at Sonatype.

“In terms of technical details, the update causes a BSOD loop on any Windows machine essentially making it boot and crash on an infinite loop.

“Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight.

“There are workarounds that customers of theirs will apply, but it seems to be very manual.

“It’s definitely a supply chain style incident – what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night.

“It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread.”

More Security News