Companies such as AENA, banks from around the world and a large number of security and emergency companies have woken up to a major failure in their systems that has left them inoperative. It seems that the explanation lies in an update to the software of the cybersecurity company CrowdStrike. The situation is critical and, at the moment, there is no estimated time for resolution. If it drags on, we could be facing one of the greatest security failures in modern history.
It’s not a good day to take a plane. Friday dawned with a security problem that has caused chaos worldwide. It all started with the AENA network nationwide, a situation that is causing massive cancellations and delays on all its flights. However, as more details and affected companies become known, we are learning more information about the scope of the problem. If it continues, it could become one of the biggest security failures of recent years.
Airlines such as Ryanair are advising their customers to arrive at airports up to three hours before the plane’s departure in order to check in. However, it has not been confirmed that all flights can be managed on time, as it appears that the management is being done manually.
Ryanair Spain
@Ryanair_ES
🚨🚨🚨🚨🚨🚨
PLEASE NOTE: https://t.co/IhypaH5nVOJuly 19, 2024 • 09:48
94
2
The emergency situation is not only affecting air transport. Top-level banking institutions and leading companies around the world are reporting problems that are preventing them from continuing their operations. In our country, it has also impacted the circulation of the railway network and companies such as Ibedrola, Vocento or Bizum, among thousands of others.
The explanation could be a widespread Windows failure as a result of an update in the CrowdStrike cybersecurity software used by all kinds of top-level companies, which, following this situation, has seen its shares plummet on the stock market. The failure would be causing the appearance of the classic Windows blue screen (BSOD) when it shows a problem in its operation. The interruption of the software linked to Microsoft systems is sowing unprecedented chaos.
Specifically, it is due to a “software update to CrowdStrike’s EDR solution, a tool that runs with high privileges and protects endpoints.” A malfunction can cause “the operating system to crash,” according to Omer Grossman of CyberArk.
Simo Kohonen
@SimoKohonen
Latest #Crowdstrike update seems to be pushing machines into a BSOD loop. Major outages around the globe. https://t.co/VYCTMoSu7Z
July 19, 2024 • 07:53
453
38
World chaos
As we have already anticipated, it seems that everything has its origin in a computer failure which has put a large number of systems around the world in jeopardy. Some initial reports even spoke of a possible computer attack, which has since been ruled out.
Aena
@aena
The global technical incident is affecting, above all, billing and passenger information points, but some systems are already being set up as a contingency.
We continue to work with all parties involved. https://t.co/timpBulTJi
July 19, 2024 • 09:24
38
5
What is certain is that social media is currently ablaze with messages from users expressing their desperation at the massive cancellation and delays of a large number of flights. The problem is even greater if we take into account that it would not only affect our country, but that European airports have also issued alerts, such as in the case of Berlin or Edinburgh. In the United States, hundreds of flights have been cancelled throughout the night and things have still not returned to normal. This has forced operators to update the status of flights manually. In fact, airlines such as United, Delta and American Airlines have opted to ground all their flights until the situation allows a gradual return to normality.
Andrew Chiles
@AndrewChiles
@troyhunt Delta Airlines in ATL hit https://t.co/SrghLWFcbF
July 19, 2024 • 08:16
93
16
In Australia, even the security forces have used their social networks to confirm the situation, setting up an emergency number so that people with problems can contact specialized services. This is one of the most affected areas, with gas stations closed as a result of the cuts in their systems, causing chaos on the roads.
NSW Police Force
@nswpolice
Police are aware of the current system outage.
For emergency situations, please dial 000.
July 19, 2024 • 08:00
46
2
In countries such as the United States, specialized media report that even 911 services have been interrupted in several states, such as Alaska, Arizona, Indiana or Minnesota. In England, the London Stock Exchange has been forced to stop its activity due to the impossibility of continuing to operate.
A simple look at the DownDetector platform, which collects all the interruptions of online services worldwide, is enough to get an idea of the problems that companies around the world are suffering. From Microsoft to Movistar, through banks such as Unicaja and even Google itself. No one is being spared.
Some users have posted on internet forums such as Reddit that they have up to 70% of their computers stuck in a boot loop from which they cannot continue. The situation has forced companies such as Sky News to suspend morning news, as they are unable to use any of their systems.
The Basque health system also appears to be having difficulties in continuing to operate normally, due to the incidents in the Osakidetza network, as reported by El Mundo. This situation could also be extended to the Basque Government’s IT services, as well as to the rest of the companies located in Euskadi.
In Madrid, the Municipal Transport Company also reports that it is experiencing a technical incident that is affecting its systems.
bicimad
@bicimad
⚙️ We are currently experiencing a technical incident that is affecting our systems.
We are working to resolve it as soon as possible.
Sorry for the inconvenience. https://t.co/v39dn5VsRa
July 19, 2024 • 08:06
6
1
Omer Grossman, CIO of CyberArk, has sent a statement in which he claims that we are facing “one of the most important cyber problems of 2024.” He describes the damage that is being caused to all the companies that have been affected as “dramatic.” The challenge now, for Grossman, is to know how customers will reconnect and regain continuity of their business processes. With the current information, “it is expected that it will be a process that will take days.”
CyberArk does not rule out the possibility that the problem is caused by a “deep cyber attack.” However, it is still early and “the range of possibilities” is very wide. In addition to the aforementioned, it could also be a human error due to having launched an update without the corresponding quality control. Only the analysis and updates of the company during the next few days will allow obtaining information on “the resolution of the error.”
AENA, inoperative
The incident is believed to have caused the terminal screens to go dark across the network, affecting the check-in and information systems and thus making it very difficult to organise passengers and the thousands of planes scheduled for today.
However, as we have already anticipated, air transport is not the only service affected. Banks, payment methods, public administration and emergency services are also affected by partial outages, which are hampering their work and, if prolonged, could compromise their operation throughout the day.
Everything points to the fact that this is an update to one of the most powerful antiviruses on the market, developed by the cybersecurity company Crowdstrike, but there is still no official explanation for this. Specifically, its origin would be found in the official product of the technology company, called Falcon. A protection system that guarantees the integrity and security of Windows systems.
In forums like Reddit we can see how the situation is also affecting users and companies located in Australia, India, the United States or the Czech Republic, among many others. We will continue to update the news as more information becomes available.
An individualized solution
Just a few minutes ago, it seems that the company Crowdstrike has started sending its customers the solution to begin reversing the situation. Those affected will have to delete a file that is in the update that has caused chaos and is the cause of the incompatibility with Windows.
However, there is one major drawback: this process will have to be done manually, user by user. In the case of companies with thousands of affected devices, it seems that they will have to spend a good number of hours trying to restore their systems.
(Developing…)
