CrowdStrike Software Update Triggers Global Outage
Editor's note: For remediation guidance and updates on how the cyber insurance industry is responding to the CrowdStrike outage, please read our latest blog post from Coalition CEO Joshua Motta.
A defective software update from cybersecurity vendor CrowdStrike prompted a global computer outage impacting airports, banks, and other businesses running Microsoft Windows operating systems.
Coalition became aware of the issue late Thursday evening PT on July 18 after CrowdStrike first deployed the software update. In the hours that followed, impacted businesses experienced a “blue screen of death” error that prevented the machines running Windows from booting out of the restart state.
CrowdStrike has since provided a statement on the matter, noting “issue has been identified, isolated and a fix has been deployed.” Importantly, the cybersecurity vendor has reiterated that this is not a security incident or cyber attack.
By Friday morning, fallout from the outage was reported around the world with instances of disruption for 911 operators, system outages for federal agencies, and major airlines being forced to ground planes.
Remain vigilant about social engineering attacks
Threat actors often try to take advantage of major outages to deploy social engineering attacks or convince businesses to run commands that appear benign but can lead to a ransomware event. These groups may pose as CrowdStrike employees in an attempt to gain sensitive information, such as usernames and passwords.
During times of widespread confusion. businesses and cybersecurity defenders must remain on high alert. We recommend verifying the identity of any representative reaching out to your team on behalf of CrowdStrike, Microsoft, or any other IT vendor and only following instructions of a verified party.
Recommended action for impacted businesses
Coalition recommends following direct guidance provided by technology vendors, including CrowdStrike, Microsoft, and Amazon Web Services.
CrowdStrike recommendations
Following crashes on Windows hosts related to the Falcon Sensor, CrowdStrike reverted changes from its content update, noting Mac and Linux hosts are not impacted. Businesses that are still crashing and unable to stay online can follow recommendations from CrowdStrike to work around this issue.
Microsoft recommendations
Microsoft’s official statement indicates that “several reboots” may be required for businesses to address the issue but that “reboots are an effective troubleshooting step at this stage.”
AWS recommendations
AWS has acknowledged the widespread outage and stated it has “taken steps to mitigate the issue for as many Windows instances, Windows Workspaces and Appstream 2.0 Applications as possible.” Customers that are still impacted are recommended to take additional action to restore connectivity.
Coalition available to provide additional support
The Coalition Security Support Center team is available to policyholders who have questions or need additional guidance on system restoration. For direct support, please email [email protected].