A likely update with the Crowdstrike Falcon Sensor software has caused millions of individuals in Australia, India, New Zealand, and Japan, among other countries, to face the dreaded ‘Blue Screen of Death’ (BSOD) on Windows. The company has deployed a fix and is referring customers to the support page for further help.
This global outage has badly affected several industries, including banking, retail, airports, and public services. Prominent financial institutions, such as NAG, Bendigo Bank, Suncorp Bank, Commonwealth Bank, and Me Bank, have reported service disruption, reports news.com.au.
Customers and employers faced significant challenges as computer systems crashed and repeatedly restarted.
“Your device ran into a problem and needs to restart. We’re just collecting some error info and then we’ll restart for you,” said the bluescreen error message.
Several media houses including ABC, SBS, Channel 7, Channel 9, and News Corp Australia, reported network issues.
“The current event appears – even in July – that it will be one of the most significant cyber issues of 2024. The damage to business processes at the global level is dramatic. The glitch is due to a software update of CrowdStrike’s EDR product. This is a product that runs with high privileges that protect endpoints,” Omer Grossman, Chief Information Officer at CyberArk, told Candid.Technology.
Crowdstrike quickly acknowledged the problem, explaining that their engineering teams are working diligently to resolve the issue.
Broader impact: Airlines, Railways, Retail, and Public Service
The airline industry was not spared, with Qantas experiencing delays in boarding flights. Retail operations also took a hit; customers at Coles and Woolworths faced malfunctioning point-of-sale systems, causing manual checkouts and considerable inconvenience.
Melbourne Airport also reported issues with operations. “Melbourne Airport is experiencing a global technology issue which is impacting check-in procedures for some airlines. Passengers flying with these airlines this afternoon are advised to allow a little extra time to check-in. Please check with your airline for flight updates,” tweeted the airport. Edinburgh Airport also halted departure due to the systems being out of order.
In the United States, United, Delta, Frontier and American Airlines have issued a global call to ground all flights, reports FL360aero. Indian airline companies such as IndiGo, Akasa Air, and SpiceJet’s check-in systems are also hit. Major airports, including Delhi, Mumbai, and Bengaluru, are also facing issues.
In the United Kingdom, railway services took a major hit. All four brands of Govia Thameslink Railway — Southern, Thameslink, Gatwick Express, and Great Northern — reported widespread IT issues.
Public services in New South Wales were disrupted, with customers being turned away at Service NSW locations and government workers unable to access essential applications like Microsoft Teams.
Official responses and current status
Crowdstrike has communicated that the problem stems from a bug check or blue screen error associated with the Falcon Sensor. They assured users that there was no need to open support tickets as their engineering teams were addressing the issue. The company promised to provide ongoing updates as more information becomes available.
“I am aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon. Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies,” tweeted Michelle McGuinness, Australia’s National Cyber Security Coordinator. “There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders.”
Meanwhile, Crowdstrike offered a workaround to continue working on the systems. It involves:
- Booting the Windows operating system in the Safe Mode or the Windows Recovery Environment.
- Navigating to the C:\Windows\System32\drivers\CrowdStrike directory.
- Locating the file matching “C-00000291*.sys”, and deleting it.
- Finally, booting the device normally.
This issue underscores the importance of infrastructure testing and diversity in the usage of large-scale IT infrastructure.
“Businesses must test their infrastructure and have multiple fail safes in place, however large the company is, this is typically referred to as a cyber-resilience plan,” Jake Moore, a cybersecurity researcher with ESET, told Candid.Technology. “Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects.”
In the News: USPS found sharing customer data with major tech companies
