close
close

CrowdStrike causes global chaos: IT systems come back online, but full recovery could take days

ASB reported today that its mobile app, FastNet Classic and FastNet Business services are operational again, albeit with limited functionality.

“Unfortunately, due to the global technical issue, some customers may be experiencing issues with account balances and transactions. Our team is still working with the affected vendor to resolve this.”

ANZ told the Herald this morning that all systems had been restored overnight, but a spokeswoman qualified: “For customers who were expecting a payment from another bank overnight, there may be a delay while a small number of disrupted payments are processed. These would include direct deposits, bill payments and direct debits. All outgoing ANZ payments have been processed.”

Long queues formed outside retailers on Friday night, with Woolworths closing a number of its stores and halting online orders. Online shoppers at multiple retailers have been warned of likely delivery delays today.

AdvertisementAdvertise with NZME.

Civil Protection reported in an update on Friday evening that the CrowdStrike patch was being implemented. 111 calls and other systems were operational.

The Civil Aviation Authority warns that while there were no delays to flights to New Zealand, the domino effect of groundings in the US and elsewhere over the weekend could have consequences here. Photo/Getty Images
The Civil Aviation Authority warns that while there were no delays to flights to New Zealand, the domino effect of groundings in the US and elsewhere over the weekend could have consequences here. Photo/Getty Images

Air New Zealand said last night that all flights were operating on schedule, but that some customers had faced payment problems due to the disruption. The Civil Aviation Authority reported no delays to flights in New Zealand, but warned of potential problems today with the flow of flights from countries – including the US – where flights were grounded for much of Friday.

Jetstar was hit, with the airline cancelling all flights until 2am on Saturday morning – forcing passengers to sleep at Wellington Airport – and then two flights to Australia at 6.15am and 7am. Auckland Transport said HOP card payments were no longer possible. Several councils reported problems with their IT systems.

Who is CrowdStrike?

The global outages, which saw many hospitals switch to manual systems, broadcasters such as Sky News UK forced to go offline, traffic chaos and long queues at many service points or supermarkets from around 5pm NZT on Friday, were not caused by a cyberattack, but by software specifically designed to stop the attack.

CrowdStrike, based in Austin, Texas, makes cybersecurity software including Falcon, which monitors an organization’s IT systems for hacking attempts, viruses and other threats.

It was a bug in a Falcon update on Thursday night NZT that caused global chaos.

Founded in 2012, CrowdStrike says its customers include 298 of the Fortune 500, eight of the world’s 10 largest financial services firms and six of the world’s 10 largest healthcare providers.

Manual repair can take days

CrowdStrike released a fix early Friday night, NZT said, but it took hours for many organizations to implement it. And cybersecurity experts warn that because individual Windows PCs must be manually updated, it could take days for some systems to fully recover.

“The solution CrowdStrike provides is quite manual and can be difficult to implement at scale in some cases,” said Simo Kohonen, founder of Finland-based network security company Defused.

The full damage will become clear next week

And CyberCX executive director of strategy and risk Dan Richardson told the Herald“Smaller organizations that aren’t monitoring their systems and security 24/7 may not even realize there’s a problem until they come into work on Monday, so it’s unlikely that this problem will be fixed for everyone.”

AdvertisementAdvertise with NZME.

Richardson added: “This is probably the biggest outage in history. It’s a small piece of software that happens to be in millions of computers around the world and we’re seeing the impact of that today in every sector of the economy.

“This is a reflection of how connected we are now – when a key piece of software has a problem, we see huge impacts. Given the complexity of large IT environments, we are likely to see a long chain of impacts across the New Zealand economy for some time to come.”

Slow Apology

Cloudstrike CEO George Kurtz was criticized on social media for his post announcing a fix, which failed to apologize for the global chaos his company had caused.

But shortly before midnight NZT, Kurtz appeared on NBC’s Today show, where he said: “We deeply regret the impact we have caused to customers, travellers and everyone affected by this.”

And six hours after his first post, he also wrote a mea culpa about X.

a Daily telegram reporter who visited CrowdStrike Australia-NZ’s Sydney headquarters at 5:08 p.m. yesterday found the office empty. Shortly after, an employee showed up.

AdvertisementAdvertise with NZME.

He said he was told employees work remotely on Fridays.

@daily telegram

The Sydney offices of CrowdStrike, the company at the center of the current global tech blackout, stood empty on Friday as the impact of the crash continues to be felt around the world. #tech #technology #techcompany #sydney #office

♬ original sound – The Daily Telegraph

Billions of market capitalization disappeared

CrowdStrike made just over $140 million in the Australian and New Zealand market last year – up from $75 million in 2022 – according to Companies Office data. But just $4 million of the total was booked on this side of the Tasman.

Tech commentator Peter Griffin told RNZ that some tech companies “are delivering software without doing all the checks and they can be fined big time for it.” He saw the problem potentially getting worse as big companies take over smaller ones and AI accelerates the race to roll out new software.

READ MORE: CloudStrike Bungle Is Founder George Kurtz’s Second Global Meltdown

It was not immediately clear whether CrowdStrike would face a fine from regulators if the company demonstrated that it released an update without sufficient due diligence.

But the market immediately made a judgment.

AdvertisementAdvertise with NZME.

Shares in the cybersecurity company fell 11% on the Nasdaq exchange on Friday (Saturday NZT), pushing the tech giant’s market capitalisation down by US$10.8 billion ($18.9 billion).

Microsoft, which suffered a cloud outage unrelated to its 365 products including Teams that coincided with the bankruptcy of CloudStrike, saw its shares relatively unscathed, falling 0.5%, in line with a broader market dip.

“Today, a CrowdStrike update caused a number of IT systems to be shut down globally. We are actively supporting customers to help them recover,” a Microsoft spokesperson said.

Cybersecurity expert and founder of ASafaWeb security analysis firm Troy Hunt said it was “the largest IT outage in history.” Hunt posted on X, referring to the scale of the outage: “This is basically what we were all worried about with Y2K, except this time it actually happened.”

Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is technology editor and senior business writer.

Related Posts