Hello friends! In today’s digital age, cybersecurity has become essential for every business and individual. But what happens when the security provider itself suffers a major failure? Today, we’ll talk about CrowdStrike—a leading American cybersecurity company that made headlines due to a global IT outage in July 2024. This incident was so massive that it was called the largest outage in information technology history. In this blog post, let’s learn more about CrowdStrike, discussing the causes, impact, and lessons learned from this outage.

What is CrowdStrike?

CrowdStrike is an American cybersecurity company founded in 2011. Its main product is Falcon software, which provides endpoint security. Simply put, it protects computers, servers, and mobile devices from hacking, malware, and cyberattacks. The company has approximately 30,000 customers, including large companies, banks, hospitals, and government organizations. CrowdStrike focuses on cloud-based solutions that provide real-time threat detection. However, the July 2024 incident raised questions about its reliability.

July 2024 Global IT Outage: What Happened?

On July 19, 2024, CrowdStrike released a routine update for its Falcon sensor software. This update was intended for Windows systems, but it contained a logic error. The update corrupted a configuration file (channel file 291), causing Windows to crash in kernel mode. The result: approximately 8.5 million Windows systems (1% of total Windows devices) displayed a Blue Screen of Death (BSOD) and were unable to restart.

The outage began at 4:09 AM UTC and spread globally within hours. CrowdStrike CEO George Kurtz immediately confirmed that it was not a cyberattack, but a faulty content update. The company rolled back the update at 1:27 AM ET, but by then millions of systems had been affected. Recovery required manual intervention, which in many cases took weeks.

Causes of the Outage: A Small Mistake Leads to Massive Loss

The cause was simple yet fatal. CrowdStrike’s testing system contained a bug that allowed the malicious update to pass. The Falcon software operates at a deep level (the kernel) of Windows, so a small error caused the entire system to crash. The update was based on a template tested in March 2024, but the version released on July 19th contained a logic error in a file with a specific timestamp.

Additionally, a separate Microsoft Azure outage (on July 18th) exacerbated the problem. Cybercriminals took advantage of this opportunity and launched phishing attacks, posing as CrowdStrike support.

Impact: The world ground to a halt

The impact of this outage was global. The healthcare and banking sectors were the hardest hit, with losses of $1.94 billion and $1.15 billion, respectively. Overall, Fortune 500 companies suffered direct losses of $5.4 billion, which could reach a total of $10 billion.

• Aviation: More than 3,300 flights canceled, Delta Airlines suffered a $500 million loss. The company sued CrowdStrike.
• Healthcare: Hospital surgeries canceled, emergency services affected.
• Financial: Banking systems down, transactions halted.
• Other: Triple-0 emergency services affected in Australia, people stranded after the Republican National Convention in the US.

This incident highlights the risks of centralization in the IT sector.

What lessons were learned from this incident?

This outage teaches us several important lessons:

1. Change Management: Rigorous testing and validation are essential before updates. CrowdStrike later added bounds checking and input validation.
2. Incident Response: Companies should have pre-approved plans for third-party vendors.
3. Diversification: Don’t rely on a single vendor. Increase multi-factor authentication and training.
4. Regulatory: Policies like the European Union’s Cyber ​​Resilience Act can prevent similar incidents in the future.

CrowdStrike recovered 99% of its systems by July 29 and testified before the US Congress in September.

Conclusion

Companies like CrowdStrike are leaders in cybersecurity, but the 2024 outage proves that no system is completely invincible. This incident reminds us that the benefits of technology also come with risks. Businesses should focus on robust backups and risk assessments.

What are your thoughts? Were you affected by this outage? Let us know in the comments! If you liked this post, please share and subscribe. Thank you!

Note: This information is based on an incident in July 2024. Check official sources for more updates.