How a single software update is shutting down the internet
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
A single defect in an overnight cybersecurity update has taken down key internet services around the globe.
Why it matters: Major U.S. airlines have grounded their flights. TV news station Sky News went off air for an hour. Australia's largest bank, Commonwealth Bank, said customers haven't been able to transfer their funds.
Threat level: CrowdStrike, a major cybersecurity company whose customers include some of the biggest companies in the world, said a faulty software update — not a malicious cyberattack or a nation-state attack — is behind the widespread outages.
- A spokesperson for the American Hospital Association tells Axios that some U.S. hospitals and health care systems have been affected. Federal officials are also scoping the potential impact on government agencies.
- Some experts estimate it could be days until all affected organizations are back up and running.
Zoom in: Overnight, CrowdStrike and Microsoft customers started reporting network outages commonly known as the "Blue Screen of Death."
- The screen makes it impossible for anyone to access their computers, essentially locking themselves out of their systems until they can find another way to gain access.
- CrowdStrike CEO George Kurtz said earlier today that the blue screen is the result of a software bug found in an update for its endpoint security product. The issue is only affecting Windows systems.
- CrowdStrike has released guidance to resolve the issue — but many experts have flagged that in order to fix the issue, customers have to be able to access their systems, which is difficult if they're already facing the blue screen.
- "Because the endpoints have crashed — the Blue Screen of Death — they cannot be updated remotely and the problem must be solved manually, endpoint by endpoint," Omer Grossman, CIO at Israeli cyber company CyberArk, said in an emailed statement. "This is expected to be a process that will take days."
Between the lines: Endpoint detection and response products monitor what traffic is passing through a system to keep malicious files, viruses and malware at bay.
- CrowdStrike's endpoint tools rely heavily on the cloud to protect all internet-connected devices running on a corporate network.
- However, to do this, CrowdStrike's technology requires widespread access to a computer's operating system so it can scan for potentially malicious technology.
- The faulty CrowdStrike software update has hindered customers whose virtual machines are running Microsoft's Windows Client and Windows Server.
State of play: Kurtz told NBC that many customers are already rebooting their systems and coming back online. But others may take a bit more time to fully recover.
- "We're deeply sorry for the impact that we've caused to customers, to travelers, to anyone affected by this, including our company," he said.
The big picture: CrowdStrike is a huge player in the cybersecurity field, known for working with major banks, governments and universities.
- In November, CrowdStrike was considered the worldwide leader in endpoint security sales, with an 18.5% market share in the second quarter of last year, according to a report from Canalys.
What we're watching: The repercussions of an outage this widespread will be felt for weeks, if not months.
- Experts already anticipate that this will be considered the largest IT outage in history. CrowdStrike has not said how the product update passed its own internal reviews.
- A White House official confirmed to Axios that the president has been briefed on the matter. Lawmakers are also likely to send letters and hold hearings on the issue in the coming weeks.
