October 31, 2024 • 7 mins
Crowdstrike caused the world's worst cyber event in history, which took place on July 19th, 2024.
Roughly 8.5 million computers were affected, over 9000 flights were delayed, and massive shutdowns were felt across every industry from healthcare, to banks, and even retail. This event was caused by a simple routine software update from the cyber-security company known as CrowdStrike.
Roughly 8.5 million computers were affected, over 9000 flights were delayed, and massive shutdowns were felt across every industry from healthcare, to banks, and even retail. This event was caused by a simple routine software update from the cyber-security company known as CrowdStrike.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
On July nineteenth, twenty twenty four, the world was shaken
by what many are calling the worst cyber event in history.
Roughly eight point five million computers were affected, over nine
thousand flights were delayed, and massive shutdowns were felt across
the world.
Speaker 2 (00:19):
Breaking news, a massive global technical outage has not critical
computer infrastructure offline all across the country, and in fact, all
around the world.
Speaker 1 (00:29):
Every one of them suffering at the hands of the
same blue screen of death.
Speaker 3 (00:34):
Businesses, hospitals, airlines, government offices all knocked offline because of
a simple software update.
Speaker 1 (00:41):
Thousands of people suddenly stranded at airports, Countless medical procedures
canceled and delayed. The effects went far and beyond what
anyone could have expected, instantly highlighting our heavy reliance on
technology and how swiftly everything could crumble.
Speaker 3 (00:59):
To give you another vision, here is a time lapse
showing the number of active flights nationwide overnight as the
outage became more widespread. You can see the quick shrinkage
as more airlines grounded planes and canceled flightlightlightlightlight.
Speaker 1 (01:14):
Who exactly is responsible for this? What happened, how did
they respond, and ultimately what can we learn from it.
The story centers primarily around an Austin, Texas based cybersecurity
company known as CrowdStrike, but more specifically the antivirus software
known as CrowdStrike. Falcon received an update to what's called
a vulnerability scanner, the part of the program designed to
(01:36):
assess devices and networks for weaknesses and well vulnerabilities. Essentially,
they released an update containing in error. Since launched, the
program has built up a client base of over thirty
thousand users, roughly three hundred of which being Fortune five
hundred companies, as well as countless high profile and high
risk customers like banks, airlines, and healthcare. However, to this point,
(01:57):
CrowdStrike has played a trustworthy and powerful role in the
fight for cybersecurity. They were hired to investigate such scandals
as the twenty fifteen and twenty sixteen Democratic National Committee
cyber attacks, and even the twenty fourteen Sony Pictures hack
that saw a massive leak of personal information surrounding Sony employees.
In April of twenty twenty four, three months before the
(02:20):
big crash that would lose companies millions of dollars, the
company would begin seeing some crashes, and while they weren't
merely as severe as they would be later on, and
they only affected Linux users. They were all caused by
the same problem routine software updates. However, just because a
small number of users were affected by these aforementioned crashes,
in the long run, this should have absolutely been raising
(02:42):
red flags within the company, especially in regards to their
QA process, whether due to mismanagement, oversight, or incompetence. CrowdStrike
didn't seem to notice these foundational cracks, that is, until
they had no other choice. This is an end. DCWS
special reports.
Speaker 2 (03:02):
A massive global technical outage tied to CrowdStrike, which is
a major cybersecurity provider, has noted critical computer infrastructure offline
all across the country and in fact all around the world.
Speaker 1 (03:14):
Video footage began emerging of countless passengers at LAX sleeping
on the floor, exhausted from flight after flight being delayed
in a never ending cycle of disappointment. Banks became unable
to access their customer's account information. Doctors in the UK
were barred from accessing critical programs responsible for accessing blood
tests and patient histories. In New York City, emergency systems
(03:37):
such as nine to one one were down across the state.
Even extending as far as Alaska, where citizens couldn't contact
police or emergency services. Things were bad. CrowdStrike stock dropped
from a market cap of ninety four billion all the
way down to fifty three billion, losing the company just
short of forty billion dollars in market value. Even Microsoft,
(03:57):
who played no role in this besides Windows, the operating
system I Falcon had been installed on, dropped six percent.
One tech analyst for Webbush Securities went on record estimating
CrowdStrike could lose about five percent of its customer base,
which might not sound like a lot, but considering this
is a seventy two billion dollar company and adding up
the amount of money they may owe in legal fees, lawsuits,
and refunds, this is not going to be something CrowdStrike
(04:20):
can just walk off, at least not for a while,
which really begs the question of what their testing process
really is and why basic errors like this weren't caught
by something like automated testing. If so many computers were
affected so immediately, with CrowdStrike seeing such a sudden uptick
in crashes beginning even months before the July twenty fifth incident,
they've got to figure out what's slipping in the office
(04:41):
and fix it immediately. But how did CrowdStrike respond to this? Well,
many believe the response from CEO George Kurtz as well
as COSO Sean Henry to have been more timely, direct,
and confident than we may have expected.
Speaker 4 (04:54):
How is it that one single software bug can have
such a profound and immediate impact.
Speaker 5 (05:00):
Well, when you look at the complexity of cybersecurity, you're
always trying to state, what, excuse me.
Speaker 1 (05:06):
One step ahead of the adversaries.
Speaker 5 (05:10):
Excuse me, man, it's one second thief.
Speaker 1 (05:15):
Kurtz went on the Today Show showing face and owning
up to everything that happened, as well as releasing a
statement on the company's website in which he would write.
Speaker 5 (05:23):
I want to sincerely apologize directly to all of you
for today's outage. All of CrowdStrike understands the gravity and
impact of the situation. We quickly identified the issue and
deployed a fix, allowing us to focus diligently on restoring
customer systems as our highest priority.
Speaker 1 (05:38):
He would go on to offer a link to the
company's support portal to work with the company's tech support
and representatives, and offered full transparency on how this all
occurred and what steps were being taken to prevent anything
like this from happening again. This is honestly a great response.
They immediately began working to fix the problem, offered solutions
to those still affected, showed face on the news, and
(06:00):
worked diligently to take responsibility and remain accessible through the struggle.
While it's important to do everything you can with your
own company to prevent catastrophe, it's also paramount that we
understand how we can bounce back, take ownership, and ultimately recover.
In the case of CrowdStrike, this recovery is already on
its way, with company stock rising nearly three percent since
(06:22):
the incident, and they don't seem to be losing as
many customers as some previously estimated. Mission Critical Systems CEO
Ken Mitra would tell CRN.
Speaker 4 (06:30):
I haven't had a customer say hey, we're going to
rip and replace CrowdStrike. That hasn't happened. They still have
really really good technology and they kind of dominate the market.
Will they recover and go on to do bigger things? Yes, absolutely, But.
Speaker 1 (06:45):
While CrowdStrike may have dodged a bullet in the long term,
their short term costs are adding up by the day,
and it's hard to say how well they would be
recovering right now had it not been for the swift,
direct and honest response from those in charge, and of course,
the actual ability to fix the problem. If you like
this story and want more like it, tap that like
button somewhere down there and subscribe for more
On July nineteenth, twenty twenty four, the world was shaken
by what many are calling the worst cyber event in history.
Roughly eight point five million computers were affected, over nine
thousand flights were delayed, and massive shutdowns were felt across
the world.
Speaker 2 (00:19):
Breaking news, a massive global technical outage has not critical
computer infrastructure offline all across the country, and in fact, all
around the world.
Speaker 1 (00:29):
Every one of them suffering at the hands of the
same blue screen of death.
Speaker 3 (00:34):
Businesses, hospitals, airlines, government offices all knocked offline because of
a simple software update.
Speaker 1 (00:41):
Thousands of people suddenly stranded at airports, Countless medical procedures
canceled and delayed. The effects went far and beyond what
anyone could have expected, instantly highlighting our heavy reliance on
technology and how swiftly everything could crumble.
Speaker 3 (00:59):
To give you another vision, here is a time lapse
showing the number of active flights nationwide overnight as the
outage became more widespread. You can see the quick shrinkage
as more airlines grounded planes and canceled flightlightlightlightlight.
Speaker 1 (01:14):
Who exactly is responsible for this? What happened, how did
they respond, and ultimately what can we learn from it.
The story centers primarily around an Austin, Texas based cybersecurity
company known as CrowdStrike, but more specifically the antivirus software
known as CrowdStrike. Falcon received an update to what's called
a vulnerability scanner, the part of the program designed to
(01:36):
assess devices and networks for weaknesses and well vulnerabilities. Essentially,
they released an update containing in error. Since launched, the
program has built up a client base of over thirty
thousand users, roughly three hundred of which being Fortune five
hundred companies, as well as countless high profile and high
risk customers like banks, airlines, and healthcare. However, to this point,
(01:57):
CrowdStrike has played a trustworthy and powerful role in the
fight for cybersecurity. They were hired to investigate such scandals
as the twenty fifteen and twenty sixteen Democratic National Committee
cyber attacks, and even the twenty fourteen Sony Pictures hack
that saw a massive leak of personal information surrounding Sony employees.
In April of twenty twenty four, three months before the
(02:20):
big crash that would lose companies millions of dollars, the
company would begin seeing some crashes, and while they weren't
merely as severe as they would be later on, and
they only affected Linux users. They were all caused by
the same problem routine software updates. However, just because a
small number of users were affected by these aforementioned crashes,
in the long run, this should have absolutely been raising
(02:42):
red flags within the company, especially in regards to their
QA process, whether due to mismanagement, oversight, or incompetence. CrowdStrike
didn't seem to notice these foundational cracks, that is, until
they had no other choice. This is an end. DCWS
special reports.
Speaker 2 (03:02):
A massive global technical outage tied to CrowdStrike, which is
a major cybersecurity provider, has noted critical computer infrastructure offline
all across the country and in fact all around the world.
Speaker 1 (03:14):
Video footage began emerging of countless passengers at LAX sleeping
on the floor, exhausted from flight after flight being delayed
in a never ending cycle of disappointment. Banks became unable
to access their customer's account information. Doctors in the UK
were barred from accessing critical programs responsible for accessing blood
tests and patient histories. In New York City, emergency systems
(03:37):
such as nine to one one were down across the state.
Even extending as far as Alaska, where citizens couldn't contact
police or emergency services. Things were bad. CrowdStrike stock dropped
from a market cap of ninety four billion all the
way down to fifty three billion, losing the company just
short of forty billion dollars in market value. Even Microsoft,
(03:57):
who played no role in this besides Windows, the operating
system I Falcon had been installed on, dropped six percent.
One tech analyst for Webbush Securities went on record estimating
CrowdStrike could lose about five percent of its customer base,
which might not sound like a lot, but considering this
is a seventy two billion dollar company and adding up
the amount of money they may owe in legal fees, lawsuits,
and refunds, this is not going to be something CrowdStrike
(04:20):
can just walk off, at least not for a while,
which really begs the question of what their testing process
really is and why basic errors like this weren't caught
by something like automated testing. If so many computers were
affected so immediately, with CrowdStrike seeing such a sudden uptick
in crashes beginning even months before the July twenty fifth incident,
they've got to figure out what's slipping in the office
(04:41):
and fix it immediately. But how did CrowdStrike respond to this? Well,
many believe the response from CEO George Kurtz as well
as COSO Sean Henry to have been more timely, direct,
and confident than we may have expected.
Speaker 4 (04:54):
How is it that one single software bug can have
such a profound and immediate impact.
Speaker 5 (05:00):
Well, when you look at the complexity of cybersecurity, you're
always trying to state, what, excuse me.
Speaker 1 (05:06):
One step ahead of the adversaries.
Speaker 5 (05:10):
Excuse me, man, it's one second thief.
Speaker 1 (05:15):
Kurtz went on the Today Show showing face and owning
up to everything that happened, as well as releasing a
statement on the company's website in which he would write.
Speaker 5 (05:23):
I want to sincerely apologize directly to all of you
for today's outage. All of CrowdStrike understands the gravity and
impact of the situation. We quickly identified the issue and
deployed a fix, allowing us to focus diligently on restoring
customer systems as our highest priority.
Speaker 1 (05:38):
He would go on to offer a link to the
company's support portal to work with the company's tech support
and representatives, and offered full transparency on how this all
occurred and what steps were being taken to prevent anything
like this from happening again. This is honestly a great response.
They immediately began working to fix the problem, offered solutions
to those still affected, showed face on the news, and
(06:00):
worked diligently to take responsibility and remain accessible through the struggle.
While it's important to do everything you can with your
own company to prevent catastrophe, it's also paramount that we
understand how we can bounce back, take ownership, and ultimately recover.
In the case of CrowdStrike, this recovery is already on
its way, with company stock rising nearly three percent since
(06:22):
the incident, and they don't seem to be losing as
many customers as some previously estimated. Mission Critical Systems CEO
Ken Mitra would tell CRN.
Speaker 4 (06:30):
I haven't had a customer say hey, we're going to
rip and replace CrowdStrike. That hasn't happened. They still have
really really good technology and they kind of dominate the market.
Will they recover and go on to do bigger things? Yes, absolutely, But.
Speaker 1 (06:45):
While CrowdStrike may have dodged a bullet in the long term,
their short term costs are adding up by the day,
and it's hard to say how well they would be
recovering right now had it not been for the swift,
direct and honest response from those in charge, and of course,
the actual ability to fix the problem. If you like
this story and want more like it, tap that like
button somewhere down there and subscribe for more
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.