How did one company – Crowdstrike – cripple the world?
A company most people have never heard of upended the world, triggering a massive tech outage that knocked out big banks, hospitals, media companies and forced airlines to ground flights.
Crowdstrike – a US cybersecurity firm with a market value of $US83.5bn – triggered the chaos on Friday afternoon, rendering Microsoft-based PCs and laptops useless.
Australians – and millions of others across the globe – were left unable to pay for groceries at supermarket checkouts, complete internet banking or access essential medicines among other widespread disruption. At this masthead, editorial staff had to boot up 10-year-old MacBooks to get the paper out after their PCs displayed what is known as the “blue screen of death”.
The root cause wasn’t Windows, rather a faulty “single content update” from Crowdstrike, that it had pushed out to clients using Microsoft’s operating system.
While Crowdstrike’s engineers have identified the error and deployed a fix, its corporate clients still need to use a workaround. It could take days, if not weeks, for some users to get back online.
So how did one company cripple the world?
A cyber attack has become the biggest thing that keeps Australian executives at night after high-profile assaults on Medibank, Optus, Latitude Financial and most recently MediSecure.
Crowdstrike has been touting itself as a trusted partner and has been taking big swings at Microsoft. Chief executive George Kurtz accused Microsoft last year of using the “the same failed model that McAfee and Symantec have been using for the past 25 years”.
In March, it stepped up its criticism of Microsoft, branding it a “national security threat” after it was attacked by Russian hackers.
“In a year where 42 per cent of the world’s population is electing new leadership, I am concerned with how the potential access to Microsoft’s sensitive data and AI models may be misused by hostile nation states,” Crowdstrike’s head of counter adversary operations Adam Meyers said at the time.
There was a reason for Crowdstrike’s confidence. In the past year, it’s share price had more than doubled to $US343.05, becoming one of the hottest companies in the cybersecurity space, with its revenue growth averaging 67 per cent in the past three years, compared with 45 power cent growth for other cloud software companies.
And Australian companies – and others across the globe – were buying what it was selling.
Qantas, Coles, Woolworths and Bunnings were among some of the biggest companies to suffer outages as a result of a large-scale collapse at global cybersecurity firm Crowdstrike.
Bendigo Bank, Foxtel, National Australia Bank, Australia Post, Suncorp, Xero, NBN, Commonwealth Bank, MYOB, ME Bank, Telstra Amazon, Westpac, Google, ANZ and Microsoft were also among the companies caught in the mass shutdown.
Microsoft and Crowdstrike did not issue statements about the outage until about four hours after it left businesses paralysed. This has exposed a gaping flaw in Australia’s IT sovereignty.
The federal government convened a National Coordination Mechanism meeting on Friday evening, which Home Affairs Minister Claire O’Neil confirmed Crowdstrike attended.
“The company has informed us that most issues should be resolved through the fix they have provided, but given the size and nature of this incident it may take some time to resolve,” Ms O’Neil said.
“Governments are closely engaged at all levels, focused on bringing together the affected parties and ensuring government entities institute the fix as quickly as possible.”
But Monash University IT expert Nigel Phair said the outage underscored the dependency on internet related technologies.
“Organisations need to take an ‘all hazards’ approach to the availability of their IT networks and take appropriate risk management practices to ensure they can be resilient against any future incidents.”
Omer Grossman, chief information office at IT security company CyberArk, expected it would take days to restore full access.
“There are two main issues on the agenda: The first is how customers get back online and regain continuity of business processes. It turns out that because the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days,” Mr Grossman said.
“The second is around what caused the malfunction? The range of possibilities ranges from human error – for instance a developer who downloaded an update without sufficient quality control – to the complex and intriguing scenario of a deep cyberattack, prepared ahead of time and involving an attacker activating a “doomsday command” or “kill switch”. Crowdstrike’s analysis and updates in the coming days will be of the utmost interest.”
Crowdstrike chief executive George Kurtz ruled out a cyber attack.
“Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” he said late on Friday.
“The issue has been identified, isolated and a fix has been deployed.”
But the chaos Crowdstrike’s fault caused underlines how IT has become as essential as running water. It has become the bedrock of our economy and when it sneezes, everyone catches a cold.
Thus it has become a fresh cause of insomnia for the nation’s top execs.
![](data:image/svg+xml;charset=utf-8,<svg height="100px" width="178px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)