In mid July, nearly everything ground to a halt. Microsoft computers started crashing which caused an outage that globally stopped 5,000 flights from taking off, supermarket checkouts to stop working, and Marvel Stadium to only allow patrons in based on viewing membership cards; like back in the 1990s.
Who are CrowdStrike:
CrowdStrike are a leading cyber security firm. Their EndPoint protection platform is widely used to safeguard against cyber threats and is deeply integrated into Microsoft’s own security offerings.
What Happened:
On Friday 19th July 2024, CrowdStrike pushed out a failed software update. This update introduced a critical bug that affected any system running Microsoft Windows. Millions of devices experienced a restart loop which ended with a Blue Screen of Death. Azure, Microsoft’s Cloud Services platform, went down bringing with it all software running on this infrastructure. This included airlines, banking, retail and media. Spreading the problem wider is the fact that Microsoft 365 was also impacted, taking down cloud services such as email and SharePoint.
Getting Back to Normal:
Recovery was particularly challenging for systems with encrypted drives, as these required additional steps and recovery keys to fix. The problem required manual intervention to delete the corrupted driver file, which meant that IT teams had to address each affected machine individually, a process expected to take several days.
Opportunistic Hackers:
The CrowdStrike outage has created an opportunity for cybercriminals to launch various attacks and scams. One of the primary tactics employed by hackers is setting up fake websites that appear to offer solutions to the CrowdStrike issue. These sites are designed to lure victims by promising quick fixes or updates but instead aim to harvest personal information or install malware on the visitors’ devices.
Additionally, hackers have been sending phishing emails and making scam phone calls while impersonating CrowdStrike or Microsoft employees. These messages often contain malicious attachments or links, such as a misleadingly named file called “crowdstrike-hotfix.zip,” which installs malware when opened.
The overall impact of these cyberattacks is exacerbated by the urgency and confusion surrounding the CrowdStrike incident, making it easier for hackers to deceive users and organisations scrambling to recover from the update’s fallout.
Please make sure to not engage with suspicious communication, and instead, report to your IT department.