A major cyber blackout last night (18) at cybersecurity company CrowdStrike caused chaos in various parts of the world. The problem caused several services such as banks, stock exchanges, television stations and airlines to become unavailable.
In recent months, the world has witnessed a series of electrical blackouts in various regions, causing enormous disruption and damage. Investigations have revealed that these events are not merely coincidental, but the result of a serious cyber-failure. One of the main companies involved in investigating and combating these flaws is CrowdStrike, a world leader in cyber security.
CrowdStrike’s role
CrowdStrike is an American cybersecurity company founded in 2011. Known for its incident response service and threat intelligence, the company has played a crucial role in identifying and mitigating complex cyber threats. In the midst of the recent blackouts, CrowdStrike was called in to investigate and resolve the root cause of these incidents.
The Cyber Failure
The cyber breach that is causing the blackouts is sophisticated and targets critical energy infrastructure. Cybercriminals used advanced malware, often referred to as “Blackout,” to penetrate the industrial control systems (ICS) that manage power grids.
How the breach occurred
- Phishing and Social Engineering: The attackers initially used phishing techniques to gain access to the credentials of energy company employees.
- Infiltration and Reconnaissance: After gaining access, the hackers infiltrated internal systems and mapped the IT and ICS infrastructure.
- Malware Trigger: Using the Blackout malware, the criminals compromised the programmable logic controllers (PLCs) that regulate energy distribution.
- Execution and Blackout: The malware was designed to interfere with the normal operation of PLCs, causing overloads, equipment failures and, eventually, large-scale blackouts.
Global Impact
The blackouts caused by this cyber flaw had severe consequences:
- Interruptions to Essential Services: Hospitals, transportation systems and other critical infrastructures were severely affected.
- Economic Losses: It is estimated that the blackouts caused billions of dollars in economic losses due to the interruption of businesses and services.
- Public Safety Risk: The power outage also resulted in significant public safety risks, including traffic accidents and increased crime.
Problems around the world
CrowdStrike’s cyber failures are causing instability in several countries in Europe and the United States. One of the main sectors of the economy affected by the problem was civil aviation. Early on Friday morning (19), the company Cirium, which monitors global aviation, reported that almost 1,400 flights had been canceled or delayed. Among the countries affected are:
- Scotland;
- Turkey;
- United States;
- Canada;
- Italy
- Germany
- Australia
- Philippines;
- Japan
- India.
As well as airlines, several other giants had problems. McDonald’s, the NHS (UK health system), Paramount TV channels such as MTV and VH1, Sky News, Visa and Xbox were on the list of those affected. And as Microsoft is one of CrowdStrike’s main clients, several of the company’s platforms were down. Among them: Microsoft Defender, Teams, Microsoft Defender for Endpoint, Intune, OneNote, OneDrive and SharePoint.
Bug caused blue screen worldwide
According to reports from the affected companies, an update from security provider CrowdStrike was the problem. The update to a kernel driver ended up not working properly and generated a chain reaction of failures.
Instead of this update working normally, it ended up corrupting and forcing computers into a reboot loop. The PCs ended up displaying the dreaded and famous blue screen, which prevented the machines from being used. As Microsoft is one of the Falcon program’s main clients, only Windows computers experienced the flashes. In other words, Linux and Mac devices didn’t experience any kind of bug.
Mitigation measures
According to George Kurtz, CEO of CrowdStrike, the problem has already been discovered and “has been resolved”. In an interview with NBC, he commented that the systems should take time to return to normal, however.
“It may take some time for some systems that just don’t recover, but our mission is to ensure that all customers are fully recovered,” he argued. “We deeply regret the impact we have caused to customers, travelers and anyone affected by this, including our companies,” Kartz added.
CrowdStrike, along with other security agencies and governments, is taking various measures to mitigate the damage and prevent future attacks:
- Strengthening Cybersecurity: Implementing stricter cybersecurity policies, including multi-factor authentication and awareness training for employees.
- Continuous Monitoring: Use of advanced monitoring technologies and artificial intelligence to detect suspicious activity in real time.
- Systems Update: Application of patches and software updates to correct vulnerabilities exploited by malware.
- International Collaboration: Cooperation between different countries and organizations to share information about threats and best security practices.
The cyber outage that is causing blackouts around the world highlights the growing threat of cyber attacks on critical infrastructure. CrowdStrike’s work is fundamental to understanding and mitigating these risks. However, preventing future incidents requires a continuous and collaborative effort between security companies, governments and international organizations. Awareness and preparation are essential to meet the cyber security challenges of the future