CrowdStrike down first reported in Australia

[ChunkyKong]

Sky news posted a tweet. Apparently Cloudstrike has been hit casusing BSOD (Blue screen of death) to their systems.

Reuters:
SYDNEY, July 19 (Reuters) - A cyber outage affecting Australian media, banks and telecoms companies appears to relate to an issue at global cybersecurity firm Crowdstrike (CRWD.O), opens new tab, a spokesperson for Australia's home affairs minister said on Friday.
Crowdsourced website Downdetector showed outages at several banks and telecoms companies.
"I am aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon,” the office of Australia's National Cyber Security Coordinator Michelle McGuinness said in a post on X.
"Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies."
"There is no information to suggest it is a cyber security incident. We continue to engage across key stakeholders."
Her statement did not mention Crowdstrike.
State broadcaster ABC said it was experiencing a "major network outage", without giving a reason.
In a pre-recorded message played on Sky News Australia as regular programming was disrupted, correspondent Tom Connell said the outage was not believed to the result of a hack.
"Our computers, our systems are down, all the things that make Sky News run down and indeed for many other major companies around the country," he said.
Get the latest news and expert analysis about the state of the global economy with Reuters Econ World. Sign up here.
Reporting by Alasdair Pal in Sydney; Editing by Christopher Cushing and Muralikumar Anantharaman

Story unfolding.

NDVT (archive)
Reuters (archive)
Daily Mail (archive)
KSBW (archive)
Times Pajeet (archive) < only included for first report
Microsoft365 Twitter < x wont fucking archive in wayback for me

Not sure if directly related:

Delta, United and American Airlines flights grounded due to communication issue (archive)
London Stock Exchange experiences Glitches (archive)

Please feel free to add any additional info here.

 

[Kane Lives]

My entire wagie company is grinding to a standstill now. Entire terminals crashing, laptops unable to be booted.

Based Crowdstrike hacker giving us time off.

 

[Thiletonomics]

And to think that Australia is trying to push to replace paper currency with CBDC, when shit like this means that you can't even use your "money".

 

[HahaYes]

>Cloud strike
Lol

Looks like a recent update of the sensor is considered to be the root cause at this stage, and while AUS/NZ have been hit the worst so far, it's now confirmed to be affecting a lot of other businesses globally.
Global cyber outage grounds flights, hits media, financial, telecoms | Archive
Australia and New Zealand Cyber Outage Hits Government, Media and Telcos | Archive

Crowdstrike ran a recorded phone message on Friday when Reuters contacted its technical support saying it was aware of reports of crashes on Microsoft's Windows operating system relating to its Falcon sensor, without mentioning Australia.

After hearing about this initially I thought they'd somehow fucked the sensor so badly that it was containing hosts by itself, but with the BSOD factor who even knows wtf they did. CS for the most part are reasonably trusted as a vendor/business in a general sense across the industry as well, so this is probably going to be pretty damaging considering how much downtime and financial loss this has caused

 

[Pedophobe]

All the clustered z-frames in the world won't mean shit if you're critically dependent on third-party cloud services you blue chip shmucks.

TCD.

 

[Flaggy but One]

This is crowdstrike's article on the update responsible for this mess. This shit is beyond parody, the AI meme strikes again.

"CrowdStrike is setting a new standard for managed detection and response (MDR), building on our established reputation as pioneers and industry leaders. Falcon Complete Next-Gen MDR combines cutting-edge AI-powered cybersecurity technology with the expertise of the industry’s top security analysts to stop breaches across the entire attack surface 24/7 with unmatched speed and precision.
Powered by the AI-native CrowdStrike Falcon® cybersecurity platform and elite cyber expertise, Falcon Complete Next-Gen MDR stays one step ahead of the adversary by expanding the scope of MDR operations beyond native endpoint, identity and cloud security telemetry to include critical third-party data."
BS artist blog

 

[Dr. Eldon Tyrell]

>Cloud strike
Lol

Looks like a recent update of the sensor is considered to be the root cause at this stage, and while AUS/NZ have been hit the worst so far, it's now confirmed to be affecting a lot of other businesses globally.
Global cyber outage grounds flights, hits media, financial, telecoms | Archive
Australia and New Zealand Cyber Outage Hits Government, Media and Telcos | Archive


After hearing about this initially I thought they'd somehow fucked the sensor so badly that it was containing hosts by itself, but with the BSOD factor who even knows wtf they did. CS for the most part are reasonably trusted as a vendor/business in a general sense across the industry as well, so this is probably going to be pretty damaging considering how much downtime and financial loss this has caused

I've never even heard about this anti virus brand. Who the fuck still installs "le norton antivirus" tier root kits on their machines?

 

[Male Idiot]

What are the chances they thought the cheap Indian programmers were a steal?

Saaaar I reddeeeeem code saar. Good morning saaar you say my code bad? You bitch moderchod bad saaar!

 

[Pixy]

And to think that Australia is trying to push to replace paper currency with CBDC, when shit like this means that you can't even use your "money".

I was able to use my "money" just fine all-day, didn't even know there was an outage until I clocked off and checked the internet. Card purchases were just hunky-dory.

This isn't the same as Commbank's screwup back in 2023, banking services were intact to enough of an extent that things hadn't ground to a holdstill.

 

[The Last Stand]

Wasn't MS considering having their OS be centered around a constant Internet connection?

 

[theshep]

Yep. I had the afternoon off. WFH so I got a cheeky afternoon nap.

 

[Fascist Kirk]

If you don't control your own corporate data, you don't control your company.

What this goes to show is that Microsoft and/or Clownstrike CAN at any time disable and disrupt worldwide communications.

But you should of course be afraid of TikTok.

 

[ImJustJokingGuys]

I've never even heard about this anti virus brand. Who the fuck still installs "le norton antivirus" tier root kits on their machines?

It's an EDR, most enterprises have EDRs attached to managed endpoints like VMs. Any data handling entity that doesn't install EDRs should be met with every class action lawsuit under the sun when a data breach happens. EDRs save our asses more often than you'll ever know.

Microsoft have been updating systems in the background to the detriment of millions of end-users that rely on Azure for years. In 2022/2023 a Unix update caused outages similar to this but the outage was confined. Clearly zero lessons have been learned by Microsoft before they start rolling out system updates.

Heads are going to roll at Crowdstrike/Microsoft and it'll be the overworked dev and test teams. They might give a c-suite exec a multi-million dollar deal to quietly walk away and "take accountability".

If you don't control your own corporate data, you don't control your company.

The latest Google Cloud data loss that almost wiped over $153,000,000,000 (153 billion kangaroos) off the face of the planet proved that. The entire fund was saved by someone taking offline backups. It was probably a guy that kept insisting offline backups are needed and fought tooth and nail to keep them.

I'm waiting for the snap back away from cloud only platforms. Hybrid and re-centralisation is coming.

Wasn't MS considering having their OS be centered around a constant Internet connection?

If they are, it's going to be a way to price gouge anyone that needs an OS that has an offline mode.

Met a kiwi just now at UPS, his schizo theory is that this was a cyber attack.

Edit to avoid double replies: It's possible it was and can't be ruled out until full root cause analysis is done. Look at the XZ Utils exploit story for CVE-2024-3094. It's not schizo to think this could be a cyber attack.

 

[msd]

Met a kiwi just now at UPS, his schizo theory is that this was a cyber attack.

Honestly I can see that, but if it's truly an outage, that's embarrassing!

Still shout out to my fellow autist I met, make it home safe brother

 

[Napoleon III]

I'm waiting for the snap back away from cloud only platforms. Hybrid and re-centralisation is coming.

2024 is the year of the serverlesslessness. Honestly I think Serverless was fucking retarded dumb bullshit by retarded dumb bullshit companies that deserve to die so I'm happy to see it.

 

[Geddy Lee's Fee and See]

It's so embarassing that we used to know the solution to these types of problems (don't connect everything on the goddamn Internet unless it is necessary, in this case) yet these problema are created by retarded apes in suits introducing them in the name of appearing to make technical progress in the world rather than actual progress. Even the Y2K bug and the fear around that was more reasonable than having a kernel level antivirus be connected to the Internet always so it could BSOD your computer when pajeets fuck up an update.

 

[oldTireWater]

This is absolutely fucking me over right now.

Encrypted laptop won't boot. DaaS won't launch. About to go into the office and see if my main machine is fucked too (no reason to think it's not).

I can happily accept not being able to work, but I have a non-work presentation trapped on that fucking laptop that needs to be submitted this weekend. I put it together yesterday and thought "I'll sleep on it to see if I want to make any changes before submitting. What are the odds my computer will die?" I'm fucking PISSED.

 

[Dr. Eldon Tyrell]

It's an EDR, most enterprises have EDRs attached to managed endpoints like VMs. Any data handling entity that doesn't install EDRs should be met with every class action lawsuit under the sun when a data breach happens. EDRs save our asses more often than you'll ever know.

So, since I'm not in the trade - at lest that's long behing me, I looked up "EDR":

1. Continuously monitors endpoints. When your devices are onboarded, the EDR solution will install a software agent on each of them to ensure the whole digital ecosystem is visible to security teams. Devices with the agent installed are called managed devices. This software agent continuously logs relevant activity on each managed device.
2. Aggregates telemetry data. The data ingested from each device is sent back from the agent to the EDR solution, which can be in the cloud or on-premises. Event logs, authentication attempts, application use, and other information are made visible to security teams in real time.
3. Analyzes and correlates data. The EDR solution uncovers IOCs that would otherwise be easy to miss. EDRs typically use AI and machine learning to apply behavioral analytics based on global threat intelligence to help your team fend off advanced tactics being used against your organization.
4. Surfaces suspected threats and takes automatic remediation actions. EDR solution flags a potential attack and sends an actionable alert to your security team so they can respond quickly. Depending on the trigger, the EDR system may also isolate an endpoint or otherwise contain the threat to prevent it from spreading while the incident is being investigated.
5. Stores data for future use. EDR technology keeps a forensic record of past events to inform future investigations. Security analysts can use this to consolidate events or to get the big picture about a prolonged or previously undetected attack.

So it's a rootkit antivirus "suite" (with keylogger AND firewall!).
I guess the centralized real-time network data aggregation is kinda neat tho, certainly gives someone at the company those star trek NSA command bridge vibes.

We noticed you didn't wiggle your mouse in the last 15 minutes.
To mitigate this probable breach of company security and productivity, an asset retirement specialist has been deployed to your location!

 

[AeroGavin Rossdale]

Had a half day scheduled anyway and decided to take a full one last minute because there's nothing on the schedule but cleaning up submittals. Checked the work phone and they managed to get out the internal servers were down before our outlook took a shit. And none of it is my problem.

 

[ImJustJokingGuys]

So it's a rootkit antivirus "suite" (with keylogger AND firewall!).
I guess the centralized real-time network data aggregation is kinda neat tho, certainly gives someone at the company those star trek NSA command bridge vibes.

Keylogger, firewall and "AI". The logs that get sent to cloud providers or external platforms get churned through analysis tools. Some analysis happens on the endpoint.

The access to more powerful processing of threats through external platforms like Azure Sentinel is why these solutions have gained popularity.

Usually EDR reports don't end up in the hands of HR unless something is reported. There's separate dedicated employee monitoring systems that provide better insight for HR teams.