Crowdstrike Global IT Outage

As you’re no doubt aware, there has been a global IT outage related to Crowdstrike starting Friday afternoon that’s been heavily covered by the news. (NZ Herald article)

Crowdstrike is one of the larger computer protection software companies in the world, mostly supplying to businesses.

Fortunately, ACIT don’t use or supply this software, so none of our clients or our operations are directly affected, but if you have a service that uses Crowdstrike (like airlines, hospitals, supermarkets etc), then you may have witnessed the impact.

The fault

A bad update was pushed out to their customers. This type of update usually occurs multiple times a day, to help computers identify threats. The update was removed within 90 minutes, but the update was already causing issues.

Impact

Any computer that was online and received the update, immediately rebooted and was unable to finish starting, due to the bad update. This affected any machine protected by Crowdstrike, so desktops, laptops, servers and other devices. Depending on specific configurations, some companies struggled to fix their servers before they could start fixing everything else.

Due to the issue with the machine starting, this meant a lot of devices needed to be physically fixed, either meaning users had to be walked through the steps, or IT staff had to visit and physically update each affected machine. This means companies affected could still be resolving issues this week, or even over the next month depending on severity.

Ongoing risks

The largest risk beyond the obvious impact is scammers using this to send emails luring people into false fixes. Hundreds of domains have already been established for this, and the entire community will be fighting this for a while. We’ll be adjusting rules on your Watchguard to try and prevent as much access to these websites as possible, but as always, check links and who sent you emails, before clicking on links. If in doubt, reach out to us to check first. As mentioned, we don’t use the software, so no computer managed by us is affected (this is like a bank you don’t use, sending you a message). Crowdstrike will also not reach out to individual people.

Impact to our clients

As mentioned, no computer we support has the software installed, but if you rely on a service that does use it, then there may be some impact. Reach out to that provider to receive an ETA for resolution, if you’re still having issues.

If you’d like to review what you do currently have, or how your systems are setup, in light of this unprecedented outage, feel free to get in touch with your engineer, or ACIT directly. Regular reviews of your systems are always encouraged, as IT in general is constantly changing.