Get in touch
Hub Login

CrowdStrike Major IT Outage

Advice, News, Threat Intelligence, Threat Intelligence Service /

Exploring the cause, consequences, and recovery efforts of the recent CrowdStrike cyber incident

On Friday 19 July 2024, global cyber security firm, CrowdStrike, released a content update for Windows hosts, resulting in a major IT outage that affected businesses and services worldwide. Significant disruptions to those included banks, airlines, railways, telecommunications companies, TV and radio broadcasters, and supermarkets.

As part of their ongoing protection mechanisms of the Falcon platform, CrowdStrike released a sensor configuration update to Windows systems, triggering a logic error and resulting in a system crash on impacted devices.

CrowdStrike have assured users that the incident was not caused by a cyber attack; the issue has been identified and isolated, with a fix being deployed. However, many are still impacted.

How big is the issue?

  • Microsoft have estimated around 8.5 million Windows computers have been affected.
  • Multiple airlines have reported over 46,000 delays and 5,171 cancellations with travellers experiencing up to 9 hours delayed flights.
  • NHS England warned disruption to GP services and pharmacy services are dealing with significant backlogs.
  • Billboards in New York City’s Times Square went blank and displayed “the blue screen of death” in place of advertisements.
  • Retailers, banks, and supermarkets experienced issues with accepting card payments.

Cyber security risks

Despite ongoing recovery efforts, cyber security experts have warned users and organisations of malicious actors capitalising on the incident, following an uplift in phishing and malware attacks.

Phishing is a social engineering tactic used to gain unauthorised access to devices and accounts. This involves contacting individuals via electronic communications (e.g., email, telephone, SMS, social media, etc) to deceive the recipient into clicking malicious links or provide sensitive information.

Phishing communications are designed to provoke a sense of fear and urgency in the recipient, causing them to act quickly without questioning their legitimacy. To avoid falling victim to phishing communications, follow our top tips:

  • Remain vigilant if you receive any unexpected emails, texts, or messages. Verify their legitimacy independently by visiting the company’s official website or calling the official phone number.
  • Look out for red flags including poor spelling, blurry images, questionable email addresses, attachments and links, and pressurising language.
  • Avoid opening any attachments or clicking on links.
  • Never share personal details over the phone, email, web page etc – this includes passwords, address, or banking information.
  • Immediately report any phishing attempts to your IT team.

Reports of malicious domains referencing the CrowdStrike incident have been registered since Friday 19 July, with many claiming to offer recovery services that users purchase via cryptocurrency. There have also been reports of cyber criminals impersonating banks, IT providers, and retailers, requesting personal and financial information from affected users.

The UK National Cyber Security Centre have warned of an “increase in phishing referencing this outage” and urges users and organisations to remain vigilant and only follow instructions from legitimate sources and vendors. 

Free cyber security guide

A cyber attack can lead to data breaches, reputational damage, and legal consequences. In our ever-evolving digital world, it’s never been more important to prioritise cyber security and implement robust solutions that boosts resilience.

Download our free guide, ‘Cyber Security Fundamentals for Businesses’, and start building your effective cyber security strategy, today.

 

Download now

Our advice

At Citation Cyber, we appreciate the complexity of this situation and have some advice for common queries:

Q: My device has been impacted by the CrowdStrike incident, what do I do?

A: Since the CrowdStrike IT outage incident, the cyber security provider has released remediation recommendations and information to support with getting you back online. There may be some users and organisations who have specific support needs and CrowdStrike have requested that you contact them directly.

Microsoft have also released a recovery tool with two options to support IT administrators expedite the repair process. You’ll be able to use this tool to recover Windows clients, servers, and Hyper-V virtual machines.

Q: Should I avoid installing software updates in the future?

A: We understand that following this incident, users and organisations are feeling uncertain about installing software updates. It’s important to remember that installing the latest software updates on your devices and systems is a fundamental security practice and you should continue to install them within 14 days of their release.

Q: I’ve been contacted by someone from CrowdStrike, should I trust them?

A: If you have been contacted by anyone referencing the CrowdStrike incident (this could include Microsoft, banks, retailers, security vendors, etc), do not provide any personal or financial information, or allow them access to your accounts or devices.

CrowdStrike have advised that all impacted users and organisations only communicate with CrowdStrike representatives through official channels and verify the legitimacy of websites, files, contacts, etc. independently.

Q: I have a Windows computer, but don’t have a blue recovery screen – is my device affected?

A: Systems that are not currently impacted will continue to operate as expected, continue to provide protection, and have no risk of experiencing this event in the future. It’s also important to note that systems running Linux or macOS were not impacted by this IT incident.

Our solution

When your business relies on 3rd-party suppliers, IT incidents such as these can never be truly avoided. However, it’s crucial to proactively mitigate cyber risks to prevent or minimise the impact of these events. 

At Citation Cyber, we offer a range of security services that cover the fundamentals of an effective cyber security strategy.

Cyber security awareness training

Cyber security awareness training is a great way to upskill your workforce and support them with understanding their role with protecting your devices and data. With eLearning modules covering the four key areas of concern, you can be sure that your team are up to date with the latest guidance on defending against cyber incidents and data breaches.

Find out more

Office 365 and Azure review

Proactively analyse and improve common misconfigurations, process weaknesses, and exploitation methods. Allowing your organisation to rest easy knowing you have reduced your risk and improved overall security.

Find out more

Phishing simulator

Phishing prevention services supports your team with becoming experts in identifying malicious emails, so you can protect your business from any attempted attacks. Equip your team with the knowledge and skills to defend against social engineering tactics by keeping your human firewall vigilant against potential threats.

Find out more

Intelligent monitoring and vulnerability scanning

Reduce the risk of a security breach through intelligence-led, cloud-based vulnerability scanning and third-party breach notifications. Allowing you to be cyber-ready, all year round.

Find out more

Cyber security services based in the UK with offices in Lancaster and Manchester. We offer a range of cyber security solutions, from threat mitigation to testing, training & much more.

  • info@citationcyber.com

Citation Cyber

Our Solutions

Copyright © 2023 Citation Cyber Limited. All Rights Reserved.

Scroll to Top