Travelers at Madrid-Barajas airport wait as airlines try to recover from a Microsoft outage caused by a faulty update from cybersecurity vendor Crowdstrike. Widespread outages have affected travel, banking and other industries globally, along with operations at some U.S. federal government agencies. Diego Radames/Europa Press via Getty Images
By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW
|
Social Security offices are closed for the day due to the incident. Hackers may be leveraging news to push sham security patches out to affected customers, cybersecurity training company says.
President Joe Biden was briefed on an ongoing global Microsoft outage linked to an update pushed by cybersecurity giant CrowdStrike, the White House said Friday.
The incident has led the Social Security Administration offices to close for the day, the agency said in an update. Identity verification services provided by the Login platform are experiencing outages in multiple states, according to an incident report. The Federal Communications Commission also said some 911 services have been disrupted.
The widespread outages — affecting banks, airlines and other essential services worldwide — was caused by a defect update pushed to Windows operating systems by the cybersecurity firm over the past day. CrowdStrike CEO George Kurtz said the incident is not a cyberattack.
“The President has been briefed on the CrowdStrike outage and his team is in touch with CrowdStrike and impacted entities,” a White House official said. “His team is engaged across the interagency to get sector by sector updates throughout the day and is standing by to provide assistance as needed.”
The extent of the impact on federal government operations is still not known. Crowdstrike is in wide use across federal agencies and it is a key vendor on the governmentwide Continuous Diagnostics and Mitigation cybersecurity support services contract. The company has contracts with the Justice Department, State Department and Department of Homeland Security, according to GovTribe, a federal market intelligence platform owned by Nextgov/FCW parent company GovExec.
A DOD spokesperson and a Microsoft federal spokesperson did not immediately respond to a request for comment. The Defense Department is heavily reliant on Microsoft products across its enterprise, and has plans to be fully migrated to Microsoft 365 by June 2025.
The Cybersecurity and Infrastructure Security Agency is “working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages,” DHS said in a post on the X platform. A spokesperson for the federal Chief Information Officer did not immediately respond to a request for comment.
CISA itself is affected, according to an analyst who spoke on the condition of anonymity because they were not permitted to provide updates on the internal status of agency systems.
“People in other components aren’t able to log in because of this CrowdStrike issue. IT support is swamped helping get people back up and running,” they said.
An ongoing mystery surrounding the outage is how deeply embedded CrowdStrike’s systems are within the Windows operating systems affected in the incident. Third party cybersecurity products like those offered by CrowdStrike are often bolted onto the core operating platforms of the devices they service in order to get a comprehensive view of potential cyber threats that seek to sabotage devices.
The company in a blog post flagged a specific file deployed during the update that should be removed in Safe Mode, a procedure that starts a computer’s operating system in a basic format that can help troubleshoot problems on the device.
A security architect that provides services to Delta, an airline impacted by the outage, was shocked by how the incident occurred.
“Usually, they’re better than this. CrowdStrike is a massive company at this point,” said the person, who spoke on the condition of anonymity because they were not authorized to publicly express their views. “Why are they pushing half-baked updates?”
The incident is a bit of a perfect storm, said Josh Thorngren, a strategist at cybersecurity provider ForAllSecure.
“CrowdStrike keeps millions of computers protected worldwide, but in order to do that, it requires deep system access on those machines,” he said in an email. “That same deep access means that when there’s a bug in Crowdstrike, it can cripple the entire operating system, as we’ve seen today.”
It could take some time before all affected systems are recovered, Krutz, the company CEO, said in an interview on the Today show. He apologized to anyone impacted by the update.
Hackers may be leveraging the chaos to push out sham updates claiming to be CrowdStrike support, said the SANS Institute, a company that provides cybersecurity training and certificates.
“We do not have any samples at this point, but attackers are likely leveraging the heavy media attention. Please be careful with any ‘patches’ that may be delivered this way,” said Johannes Ullrich, the company’s dean of research.
This is an ongoing story and will be updated.