Incident review
Brief description
A serious error in the CrowdStrike (ticker: CRWD) security software caused automatic updates to be pushed to computers and terminal devices using Microsoft Windows systems around the world, causing computers and terminal devices to crash. Global IT crash happen!
Due to the widespread use of Microsoft Windows systems, the largest information system outage in history broke out, and the global supply chain was also severely damaged. Among them, the highly complex aviation system has been hardest hit, and it may take several weeks for air transportation to return to normal.
Worst ever in history
This is the largest information systems outage in history resulted in the cancellation of more than 5,000 commercial airline flights worldwide. Aviation analytics company Cirium said 6,855 flights were canceled worldwide that day, accounting for 6.2% of all scheduled flights.
It disrupted operations ranging from retail sales to package deliveries to hospital surgeries, resulting in a loss of revenue and employee time and productivity .
Why does a computer using Microsoft crash?
Most people think that Microsoft’s systems are only used in offices. This is actually a big misunderstanding. Twenty years ago, it was true that most users of Microsoft systems were businesses or individuals. But it has now expanded to most industries, and its influence exceeds most people’s imagination.
Stock market reaction
The stock price of CrowdStrike, the culprit, closed down 11.1% that day, and Microsoft also suffered a loss of 0.47%. This incident also caused an overall decline in U.S. stocks that day: the Dow Jones fell more than 0.93%, the Nasdaq fell 0.81%, the S&P 500 fell 0.71%, the Russell 2000 closed slightly down 0.63%, and the Philadelphia Semiconductor Index closed 3.1% lower.
Two days after the incident, CrowdStrike’s stock price plummeted 23% in two days.
Almost the whole world is affected
A heavily injured industry
According to media reports on the day of the incident, most countries around the world, including government, ,organization, hotel, enterprise, aviation industry, airports, hospitals, railways, television stations, finance, banks, Wall Street, pharmacies, automobiles, retail, and even factory production lines and ATMs of large manufacturing industries, Machines and teller machines were also paralyzed.
Many famous or representative companies have been severely affected; including American 911, JPMorgan Chase, Nomura Holdings, Bank of America, McDonald’s, Tesla, Renault, and the three major U.S. airlines United Airlines, American Airlines and Delta Air Lines , Charles Schwab, E*Trade, Merrill Edge; even Taiwan’s largest airport and many hospitals have been hit. Please note that this is only the part that has been reported in the media. In fact, more industries will be affected.
How many computers hitted?
Microsoft officially announced that it is estimated that about 8.5 million computers around the world have crashed, accounting for about 1% of the world’s computers using Windows. But this is just Microsoft’s own preliminary estimate, and the actual number will definitely be much higher than this number.
Has this happened before?
In fact, this kind of thing happens every day, and the difference is only the size of the impact.
This reminds me of a similar incident in 2010, when an enterprise software update launched by anti-virus software maker McAfee (acquired by Alphabet’s Mandiant) mistakenly identified a Windows core file as an infected file, causing global The client’s computer crashed.
An internal report from CrowdStrike sent to customers obtained by the media showed that in April this year, CrowdStrike pushed a software update to customers running Linux systems, which caused the computer to crash. At the time, it took CrowdStrike nearly five days to fix the vulnerability.
Note: The founder of CrowdStrike, the anti-virus security software company that got into trouble this time, was an employee of McAfee many years ago, and the way he got into trouble was actually no different; see below for details.
I wrote an article three years ago and introduced a similar case. For details, please see my post of “Why Fastly shutdown thousands websites but its stock soaring 11%?“
Why did this happen?
Security protection market
According to IDC, CrowdStrike has about 18% of the $12.6 billion global market for so-called “modern” endpoint protection software, trailing its main rival Microsoft at 25.8%. Another survey pointed out that McAfee, which has been acquired by Mandiant, a subsidiary of Alphabet, has a market share of approximately 17.02% in the anti-drug market.
Why do antivirus and security software cause this?
Because anti-virus security software needs to obtain the highest access rights to the operating system in order to remove computer viruses.
However, cybersecurity experts pointed out that although CrowdStrike was responsible for the software vulnerability, the poor flexibility of Microsoft’s Windows operating system was the reason for such serious losses.
But why are computers using competitors safe?
In order to be watertight, CrowdStrike’s anti-virus security software adopts an endpoint-to-endpoint anti-virus security method (see my previous post of “How perform well and high growing CrowdStrike makes money?” for details). The software from CrowdStrike is installed on all computer or terminal devices, instead of just installing it on the remote server for remote management.
When CrowdStrike automatically pushes updated problematic software to customers, it will of course be installed on every terminal computer device, thus affecting every terminal computer device.
Influence
US Cybersecurity criticize CrowdStrike
Jane Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), commented on the matter on July 20, saying that the incident was caused by a defective update of Crowdstrike’s Falcon platform, which triggered a widespread collapse of Windows systems around the world. This is a major incident that seriously affects the operation of critical infrastructure around the world. While this is not malicious, it is a serious mistake.
Full recovery takes time
The tragedy was caused by some buggy code in a “update” of CrowdStrike’s own software. Unfortunately, fixing an error takes more time than causing it, and it can take several days before all systems are certain to be back to normal.
Trigger customer claims
While CrowdStrike has apologized, it has not mentioned whether it plans to provide compensation to affected customers. When CNN asked if it planned to provide compensation, its response did not answer the question. Experts say they expect pay demands and likely lawsuits.
Marsh (ticker: MMC), the world’s largest insurance brokerage, said dozens of customers were preparing to file claims after a global computer system failure disrupted the operations of airlines, banks and government agencies. Meredith Schnur, head of the company’s U.S. and Canada cyber business, said more than 75 customers have sent notices of potential claims to their cyber insurance providers.
This is only the information from one of the insurance companies the day after the incident. The actual number of customer claims in the end will be far greater than this number.
How big will the compensation figure be?
Fitch said in the report that preliminary estimates of insurance coverage losses may be in the mid-to-high range of billions of dollars, and most claims will be covered by primary insurers.
Loretta Worters, a spokesperson for the Insurance Information Institute, pointed out: “Although standard security insurance covers cloud outages caused by security issues, or operational failures or system failures of the policyholder’s own operations, they usually do not cover them. Covers non-malicious security incidents of third-party network service providers. However, Fitch also pointed out that it is not easy for the insurance industry to calculate security risks.
Although CrowdStrike is a leader in cybersecurity, its annual revenue is less than $4 billion.
How many customers will lose?
It is difficult to estimate how many customers CrowdStrike will lose because of this. The industry estimates that less than 5% of customers may switch to other manufacturers. Because CrowdStrike is a leader and security software is entangled, suddenly abandoning CrowdStrike would be a gamble.
For many customers, switching from CrowdStrike to a competitor would be difficult, and that’s before factoring in additional unseen costs.
But the real blow to CrowdStrike may be reputational damage, which will make it difficult to win new customers.
Why are China and Russia immune?
China
Hardware
China will publish procurement guidelines for computer systems for state-owned enterprises and government agencies in March 2024. Configuration standards for centralized computer procurement: seven manufacturers, Huawei, Inspur, Lenovo, Tongfang, China Great Wall, Zhongke Controllable, and Ziguang Hengyue, have successfully entered the supplier list.
On April 12, 2024, China further instructed China Mobile and other large domestic telecom operators to gradually phase out foreign processors in their network cores by 2027. This move will have a particularly heavy impact on the US chip giants Intel and Advanced Micro Devices. . The report pointed out that China’s Ministry of Industry and Information Technology issued the directive earlier this year. The Ministry of Industry and Information Technology ordered state-owned mobile operators including China Unicom and China Telecom to inspect their own networks and provide time for replacement of imported chips. arrange. This caused the stock prices of Intel and AMD to plummet that day.
OS
Regarding the operating system software used in computer systems, the system suppliers behind these hardware manufacturers are certified domestic system suppliers such as Kirin, UOS, and NFS China. After all, domestic operating system manufacturers have not been particularly prosperous in the Chinese market for a long time.
However, with the support of the China government policy, from 2018 to 2021, the combined revenue of Kirin and Union Tech jumped directly from RMB 141 million to 1.814 billion── Such operating data illustrates the progress of the past few years.China’s domestic operating systems are indeed sold in the market.
SOFTWARE
Unlike their international counterparts, Chinese airlines prefer to use domestic security solutions, such as 360 QiangXin.
China TravelSky is the world’s fourth largest GDS travel distribution system supplier and has the world’s largest BSP data processing center. TravelSky’s core production system has already completed the migration from Windows to Linux, almost completely getting rid of its dependence on the Microsoft ecosystem.
Analysis of China’s IT Power
For an analysis of China’s strength in computer systems, please see the in-depth analysis of the article I wrote two years ago: “The hardware and software gap between China and US, is all China-made software and hardware possible?“
Russia
The main infrastructure in Russia is fine because they are not using Western systems, but Astra Linux developed by themselves.
Related articles
- “Why China and Russia immune from global IT crash? Why does it happen? What is the impact?“
- “GoDaddy, world’s largest hosting platform, snapped the best year of share performance since listing“
- “The hardware and software gap between China and US, is all China-made software and hardware possible?“
- “How perform well and high growing CrowdStrike makes money?“
- “How Palo Alto Networks, a rare long-term continuous and stable growth
- security giant, makes money?“
- “Why Fastly shutdown thousands websites but its stock soaring 11%?“
- “Microsoft, the dominant overlord of cloud computing“
- “Failed Taiwan Software Industry Policy“
Disclaimer
- The content of this site is the author’s personal opinions and is for reference only. I am not responsible for the correctness, opinions, and immediacy of the content and information of the article. Readers must make their own judgments.
- I shall not be liable for any damages or other legal liabilities for the direct or indirect losses caused by the readers’ direct or indirect reliance on and reference to the information on this site, or all the responsibilities arising therefrom, as a result of any investment behavior.