19 Jul 2024

CrowdStrike glitch: Worldwide tech outage hits. Here's what we know

11:01 pm on 19 July 2024
PAK'nSAVE Wairau Rd on Auckland's North Shore as global cyber outages hit.

PAK'nSAVE Wairau Rd on Auckland's North Shore as global cyber outages hit. Photo: RNZ

There are reports of IT outages affecting major institutions in New Zealand and internationally, potentially one of the biggest global outages ever experienced.

Outages were recorded in the US and New Zealand before the Australia-wide shutdown.

Reports of the Australian outage began flooding in about 3pm AEST.

The global outage impacted a raft of Australian companies and government agencies on Friday afternoon.

The outage impacted telco providers, media websites, banks and airlines, and is believed to have impacted servers.

Here's what we know.

What happened?

The outage has been linked back to the US-based CrowdStrike, one of the largest cybersecurity companies in the world.

The company has software called CrowdStrike Falcon installed on Windows PCs globally, advertising protection from attacks including credential theft.

"Falcon is the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks," the company's website claims.

CrowdStrike launched a software update earlier this week, but the update caused computers to attempt to restart and display a blue-screen error message.

Cybersecurity expert Andy Prow said any disruption within a CrowdStrike system could affect the whole computer system, impacting laptops, self-checkout terminals and smart devices all at once.

"The bad guys are writing exploits and malware and viruses that get very deep inside your computer," Mr Prow said.

"So, for something like CrowdStrike to work it has to be very deep in your computer."

He advised the public against removing CrowdStrike systems from their computers, saying the move may expose them to security threats.

Australia's National Cybersecurity coordinator Lieutenant General Michelle McGuinness posted a statement on social media and said she was aware of the outage.

"Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies," she said.

"There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders."

Australian cybersecurity company CyberCX has said it's aware of the outage and is advising its customers in Australia and New Zealand.

"We understand that this has been caused by an issue affecting organisations who have installed CrowdStrike Falcon in their IT environments," a CyberCX spokesperson said.

"CrowdStrike is a global cybersecurity company who provide detection and monitoring tools to cyber and IT teams.

"At this time, CyberCX is actively tracking the situation and are awaiting information detailing scope and recovery. "We will continue to support affected customers as this incident evolves."

A customer takes care of his shopping next to blue screen at self-checkout terminals of a supermarket in Sydney on July 19, 2024.

A customer takes care of his shopping next to blue screen at self-checkout terminals of a supermarket in Sydney on July 19, 2024. Photo: AFP / Saeed Khan

What does CrowdStrike say?

CrowdStrike is saying the global IT issues are caused by 'defect' in 'content update'.

Here's the full statement from George Kurtz, the CEO of CrowdStrike:

"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.

"Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.

"The issue has been identified, isolated and a fix has been deployed.

"We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.

"We further recommend organisations ensure they're communicating with CrowdStrike representatives through official channels.

"Our team is fully mobilised to ensure the security and stability of CrowdStrike customers."

What has been impacted?

The technical issue is affecting Windows PC users globally.

On its X account, Microsoft said it was investigating the incident, which appears to be affecting Microsoft 365 apps and services worldwide.

Users are reporting seeing the Blue Screen of Death error messages across banking institutions, supermarkets and media companies including the ABC.

Payment systems are causing major disruption at supermarkets and fuel stations.

People are stuck at fuel pumps unable to pay for their petrol.

And shops have been forced to close their doors.

The global outage earlier forced airlines in the US to ground flights.

It also caused flight cancellations and delays in India, Japan and across Europe.

PAK'nSAVE Wairau Rd on Auckland's North Shore as global cyber outages hit.

PAK'nSAVE Wairau Rd on Auckland's North Shore as global cyber outages hit. Photo: RNZ

What is CrowdStrike?

CrowdStrike, a US-based company, is among the largest cybersecurity companies in the world.

Australian cybersecurity company CyberCX has said it is aware of the outage and is advising its customers in Australia and New Zealand.

"We understand that this has been caused by an issue affecting organisations who have installed CrowdStrike Falcon in their IT environments," a CyberCX spokesperson said.

"CrowdStrike is a global cybersecurity company who provide detection and monitoring tools to cyber and IT teams.

"At this time, CyberCX is actively tracking the situation and are awaiting information detailing scope and recovery. "We will continue to support affected customers as this incident evolves."

- ABC