Microsoft has since released a patch to address the issue.
On July 23, 2024, a flawed CrowdStrike cybersecurity update caused widespread disruptions affecting approximately 8.5 million devices worldwide.
The outage affected various industries including airlines, hospitals, and government services.
The vulnerability was related to the .NET Framework and was quickly exploited by bad actors.
Global Tech Outage: A Single Bug, Millions Affected
On the morning of July 22, 2024, a cybersecurity update from CrowdStrike caused widespread disruptions across various sectors worldwide. The flawed software update put millions of Windows operating systems into Blue Screen of Death mode and affected some 8.5 million devices (Forbes, JPost).
The ripple effect was felt in numerous industries, including airlines where thousands of flights were canceled or delayed due to the outage (CNN). Hospitals and government services also experienced throttling as IT staff scrambled to address the issue. In some areas, 911 communications even stopped functioning (JPost).
The incident serves as a stark reminder of the interconnected nature of technology infrastructure and the potential chaos that can ensue from a single mistake. The centralized nature of cybersecurity companies, such as CrowdStrike, also highlights the importance of robust backup systems and emergency preparedness plans for organizations (MIT Sloan School of Management).
The vulnerability in question was related to the .NET Framework, which bad actors were quick to exploit. Microsoft has since released a patch to address the issue (CNN). However, this incident underscores the importance of staying informed about software updates and maintaining a secure IT environment.
As we continue to rely more on technology for essential services and communication, it's crucial that organizations are prepared for potential disruptions. The global tech outage caused by CrowdStrike serves as a reminder that even the most reliable systems can fail, leaving us all just one mistake away from chaos.
A computer glitch in CrowdStrike’s enterprise cybersecurity platform caused computers running on Windows operating systems to shut down worldwide.
Microsoft estimated that 8.5 million computers were taken offline by the update.
Delta Airlines is still experiencing disruptions with thousands of passengers trying to get to their destinations and 18% of all its flights canceled.
Accuracy
]A computer glitch in CrowdStrike's enterprise cybersecurity platform caused computers running on Windows operating systems to shut down worldwide.[
8.5 million computers were taken offline by the update.
Deception
(100%)
None Found At Time Of
Publication
Fallacies
(95%)
The author is making valid points about the risks of relying too heavily on a single server or platform for important company information and operational systems. She is not committing any logical fallacies in her assertions. However, she does make an appeal to authority when quoting Spencer Kimball, CEO of Cockroach Labs, about the need for IT resilience and diversification.
“You want to have perfect fidelity in your business even when things go wrong,” he said.
“That's the way we frame it: It's moving from disaster recovery to IT resilience. You're reclassifying things that were disasters or will lead to disasters to things that can be tolerated, that you're resilient to.”
An American company named CrowdStrike announced on Friday morning that there was an issue with the latest version of its cybersecurity protection system, causing Windows operating systems not to load and paralyzing organizations.
Risks can be internal or external to an organization. External risks include cyberattacks.
Accuracy
The event affected critical infrastructure and business operations in the US, Australia, and Europe.
Deception
(80%)
The article contains selective reporting and emotional manipulation. The author focuses on the impact of a cyberattack on various organizations and industries, implying that every organization must be prepared for such an event. However, the author fails to mention that CrowdStrike had released a patch for the issue before the attack occurred, but many organizations failed to install it. This is selective reporting as it only reports details that support the author's position and omits important information that would contradict it. Additionally, the article uses emotional manipulation by describing the impact of the cyberattack on various industries and people's lives to elicit an emotional response from readers.
But the issue didn’t end there. During the repair actions distributed by the company, hackers ‘jumped on the bandwagon,’ posing as company employees and distributing instructions that essentially meant inserting malicious code into the organization and deleting its databases. This was the second derivative of the event.
Every organization must know how to carry on in an emergency, even without computers.
Look at what happened in hospitals in Israel. Due to numerous cyberattacks experienced before the war, but mainly around the Gaza war, staff was trained to work manually, without computers. During last weekend’s event, they continued to operate more or less in a reasonable state.
Fallacies
(90%)
No formal fallacies found. The author provides a clear and informative account of the global tech shutdown incident, discussing the importance of risk management and preparedness for organizations. However, there are some inflammatory rhetoric and appeals to authority.
. . . we immediately connected the event to warfare, to the UAV that arrived from Yemen and exploded in Tel Aviv, assuming that Iran was attacking in the cyber dimension.
The state must implement mandatory regulation on the business continuity of organizations for the functional continuity of the economy.
Bias
(95%)
The author expresses a bias towards the importance of being prepared for potential cyberattacks or shutdowns, implying that such events can have a significant impact on the world. The author also implies that organizations should be able to continue functioning without computers in an emergency.
And yes, a keyboard mistake by one employee in one company can affect the entire world, impacting all our daily lives.
Every organization must know how to carry on in an emergency, even without computers
What can be done? How do we prepare for the next time this happens? Here we enter the fascinating world of risk management.
A cybersecurity company named CrowdStrike caused a major computer outage by releasing a flawed software update.
The bug in the update put Windows computers into Blue Screen of Death mode and affected some 8.5 million devices.
Thousands of flights were canceled worldwide due to the outage, along with delays in various sectors including hospitals and government services.
Accuracy
]A cybersecurity company named CrowdStrike caused a major computer outage by releasing a flawed software update.[
Deception
(30%)
The article makes several statements that are sensational and emotional in nature. The author uses phrases like 'biggest computer outage in history', 'kind of stop', 'screwed by the company's mistake', and 'once again underscoring just how interconnected the world has become'. These statements are not factual, but rather an attempt to elicit an emotional response from the reader. The author also uses selective reporting by focusing on the negative aspects of the CrowdStrike outage, while ignoring any potential positive outcomes or solutions. Additionally, there is no clear indication that any peer-reviewed studies have been cited in support of the author's claims.
This was pretty bad as it is.
The centralized nature of cybersecurity companies means that we now have 'a few big failure points'
A bad actor looking to do serious damage could use software to 'make computers or other equipment blow up, catch fire, burn'.
Fallacies
(85%)
The author makes an appeal to authority when quoting IT experts such as Kevin Beaumont and Anil Khurana. The author also uses inflammatory rhetoric by describing the CrowdStrike outage as 'the biggest computer outage in history' and 'once again underscoring just how interconnected the world has become through a network almost none of us understand and which is largely self-regulating'. However, no formal fallacies were found.
][author] There are broader systemic problems at play here. [[Anil Khurana]] The centralized nature of cybersecurity companies means that we now have 'a few big failure points'.[[// Anil Khurana]]
Bias
(95%)
The author expresses a general concern about the fragility of the global order and the potential for major disruptions. While this is not inherently biased, the author does seem to place undue emphasis on one specific incident (the CrowdStrike outage) as an example of this fragility, without providing any context or comparison to other similar incidents. This could be seen as a disproportionate focus on one particular event and therefore a form of bias.
Airlines canceled 5,000 flights around the world Friday, while delays persisted through the weekend and into Monday.
A version of this story appeared in CNN Business’ Nightcap newsletter. To get it in your inbox, sign up for free, here.
Hospitals and government services were throttled, and in some areas 911 communications stopped working.
In case recent events – an assassination attempt, a new Republican vice presidential nominee, the sitting president contracting Covid before dropping his reelection bid – didn’t leave you feeling sufficiently anxious about the fragility of the global order, let’s not forget that a cybersecurity company you’ve probably never heard of made a major oopsie that showed how the internet could, without warning, just kind of stop.
Microsoft estimated the CrowdStrike outage affected some 8.5 million Windows devices.