Global Cyber Outage Disrupts Flights, Financial Markets, and Media Services: CrowdStrike’s Falcon Software at the Center of the Crisis

• ‘Massive blackout’: flights, television networks, stock exchanges and other services around the world are affected
• ‘Cyber mogul’: Who is the head of Crowdstrike who apologized for the ‘global blackout’

Shortly after the first reports of disruptions around the world, the National Cyber Security Coordinator of Australia said that the “large-scale technical interruption” was caused by a problem with a “third-party software platform”.

The platform in question is called Falcon, from the cybersecurity company CrowdStrike. This tool is used to detect and monitor potential intrusions (hacker actions), acting as a “watchman” behind the scenes of cyber operations. This time, however, the update seems to have led to the identification of “false positives” and labeled ordinary processes as malicious and hence subject to blocking. Secure programs either stopped working or didn’t even open for users.

According to CrowdStrike CEO George Kurz, the issue occurred due to a “defect in the content update” of Falcon, and not a cyber attack.

This failure occurred in an update for Windows servers. Therefore, Microsoft was affected, and many companies using its applications, such as airlines and TV broadcasters, were hit. Mac and Linux servers were not impacted.

• See the situation by country: The cyber blackout has already caused the cancellation of nearly 1,400 flights worldwide
• ‘Blue screen of death’: users report problems accessing Windows computers and ATMs around the world

The executive stated that the failure was being corrected.

“Crowdstrike is actively working with its clients impacted by a defect found in a single update for Windows servers. Mac and Linux servers were not affected. This was not a security incident nor a cyberattack. The problem has been identified, isolated, and the process to fix it is underway,” said Kurz on a social network.

Around 8 a.m., Microsoft said that the cause of the failure had been fixed, but some resources were still being impacted. By around noon, the company said that the failure had been addressed. However, the effects are still being felt worldwide.

• In Brazil: ‘Blackout’ cyber does not affect operations at airports in the country, says minister
• Learn about: Crowdstrike, the company responsible for the software that caused the ‘global blackout’

Earlier, Microsoft had issued a statement informing that all its services had been affected after a failure in the Azure system, its cloud computing platform. Azure uses the Falcon platform from Crowdstrike.

What is Crowdstrike Falcon?

The Falcon platform is a security tool. It was the first product launched by CrowdStrike in 2013 to provide endpoint protection and threat intelligence.

• With the cyber blackout, CrowdStrike’s shares plummeted 18% and Microsoft dropped 1.6%; CEO says the failure is ‘being corrected’

In loose translation, endpoint would be something like “end point” or “final point.” Every device connected to a network is an endpoint. Computers, laptops, smartphones, and tablets are some examples.

Endpoints are often the most targeted part for an attack since they are transmitting and receiving information and can serve as entry points for an invasion. Hence the importance of the Falcon platform.

— Falcon is known as an endpoint detection and response platform, which monitors the computers it’s installed on to detect intrusions (i.e., hacker actions) and respond to them — said Melbourne University expert Toby Murray.

CrowdStrike employs techniques and applications for an antivirus system considered to be state-of-the-art. It is a market leader and relies on artificial intelligence and machine learning to prevent hacker actions before they occur. It functions as a sensor that can be installed on Windows, Mac, or Linux operating systems.

• What is Crowdstrike, the company responsible for the software that caused the ‘global cyber blackout’

There are several product modules that connect to a “Security Solutions for Endpoint” environment, hosted in the cloud. A single agent, known as the CrowdStrike Falcon Sensor, implements such products — Security Solutions for Endpoint, Security IT Operations, Threat Intelligence, Cloud Security Solutions, and Identity Protection Solutions.

Founded in 2011, CrowdStrike has been involved in the investigations of high-profile cyberattacks, such as the one that targeted Sony Pictures in 2014; the US Democratic National Committee in 2015-16; and the leak of emails from the same US committee in 2016.

Cybersecurity researcher at the University of South Australia, Jill Slay, said that the global impact of the disruptions is likely to be “huge.”

Major US airlines, including Delta, United, and American Airlines, suspended all flights on Friday due to a communication problem, according to the Federal Aviation Administration. Flights were suspended at Berlin Brandenburg Airport, Germany, due to a “technical problem,” said a spokesperson to AFP.

• Job market: AI becomes a prerequisite in job offers across various sectors. See how to prepare

All airports in Spain experienced “disruptions” due to an IT outage affecting multiple companies worldwide on Friday, said airport operator Aena.

Hong Kong airport also said that some airlines were affected, and its authority issued a statement linking the disruption to a Microsoft service delivery issue.

• Winter holidays: Five tips from Google to improve children’s online safety

Meanwhile, the largest railway operator in the UK warned of possible train cancellations due to IT issues, while photos posted online showed long queues forming at Sydney Airport in Australia.

— Flights are arriving and departing, but there may be some delays overnight — said a spokesperson for the airport.