CrowdStrike Outage: Interos Update

July 19, 2024
Dianna ONeill

CrowdStrike Outage: What Happened? 

Interos is monitoring the widespread IT outage affecting numerous sectors globally, including airlines, banks, telecommunications companies, and many others. We are proactively alerting customers to potential impacts across their supplier ecosystem via direct email notifications and a platform-wide notice and event summary. The Interos platform has not experienced any impact. 

Cybersecurity firm CrowdStrike, the epicenter of the disruption, published an official statement as of 9:22 am ET, July 19, 2024. 

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.

The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”

Summary Timeline 

Thursday, July 18, 2024 

 Friday, July 19, 2024

  • 4:48am EST: Windows devices experienced issues due to a third-party software update, CrowdStrike reported on the Azure status page. 
  • Fri, 5:45am EST: On X, CrowdStrike CEO George Kurtz announced a fix for a defect in a single content update for Windows hosts, confirming the situation was not a security incident. 
  • Fri, 6:39am EST: Interos publishes event summary update regarding global IT outages triggering flight delays. 
  • Fri, 7:48am EST: The New York Times reported the outage was due to a flawed CrowdStrike security update, with a fix deployed, but ongoing issues expected. 
  • Fri, 7:54am EST: Interos issued automated Cyber Event Alert to all customers via our platform. 
  • Fri, 8:45am EST: Interos updates our platform’s Events Feed publishing a list of impacted banks and apps.  
  • Fri, 10:00am EST: Interos deploys event notice on front page of platform. 

Who is Impacted?  

According to company disclosures, CrowdStrike has over 21,000 customers, many of whom are large institutions, including many major airlines, banks, healthcare providers, and cloud providers, with thousands of computers and servers running the software. The protective system is utilized by 82 percent of US state governments and 48 percent of the largest US cities, resolving over 7 million incidents annually through its managed detection and response (MDR) service.   

Users have reported that their bank cards were being declined and HR departments have reported documents outages via ADP impacting payroll and other business operations. As of 12pm EST, over 2,000 flights canceled and more than 5,300 were delayed. 

Additionally, disruptions were not confined to only Microsoft customers, but all enterprises running CrowdStrike’s Falcon software. 

What Can You Do About it? 

In its Statement on Falcon Content Update for Windows Hosts, CrowdStrike published workaround steps for “individual hosts” and “public cloud or similar environment including virtual.”  

It’s worth noting that, according to news reports, U.S. customers may be less impacted because the incident occurred when many U.S. computers were off, and the corrected software was published before they were turned on. 

Companies interested in further investigating the impact of this incident on their operations must perform due diligence across their supplier ecosystem. CrowdStrike’s admission that the impact is isolated to a “single content update for Windows hosts” indicates that the impact radius is substantial.  

Recommendations:

  • Engage third parties / tier-1 suppliers to inquire if they have a material relationship with CrowdStrike AND rely on Microsoft hosting (Azure) or O365.   
  • If an existing relationship is identified, confirm with the supplier if CrowdStrike’s workaround steps and/or other mitigating actions were taken and if there is any material impact on the supplier’s operations that requires mitigation. 
  • If no mitigating action is necessary, companies should refer to established business continuity processes to protect against immediate operational risks.  

For Interos Customers   

  • Use the Interos Supplier-Buyer Relationships to identify sub-tier connections to CrowdStrike.  
  • Prioritize list for outreach, assign ownership for direct outreach, and execute the steps above.  
  • Create a group for this specific instance and enable alert notifications to receive updates via email.  
  • Investigate cybersecurity risk scoring and the potential changes to the security landscape for companies connected to CrowdStrike   
  • As an important security and threat management platform, there is an increased risk for cyber activity due to the platform being inoperable for some time, providing a potential window of opportunity for threat actors.   
  • Companies utilizing Interos’s premium support offering can engage the Operational Resilience Consulting team to perform a deep-dive analysis across their ecosystem.  

 

View next

Strengthen Your Supply Chain Resilience

Request Contact

Use Interos’ industry-first i-Score™ to track multiple supply chain risks in a single platform

  • Uncover Financial Weaknesses and Indicators of Future Shocks
  • Ensure Compliance with Trade Restrictions and Sanctions Lists
  • Stop Disruption from Hurricanes, Floods, Wildfires, Infrastructure Failure, and Other Catastrophes
  • Meet Internal ESG Policies and Expanding Regulatory Requirements
  • Protect Data Integrity, System Availability, and Cyber Regulatory Compliance
  • Assess Over-Reliance on Specific Suppliers or Regional Concentrations
  • Manage Geopolitical Turmoil, Political Shocks, Protests, and Shifting Alliances