Microsoft: Historic system outage caused by small, unintentional error | Technology

Human error triggered a crisis yesterday that has affected many countries. Flights were cancelled, hospital systems crashed, digital payment methods were temporarily suspended, some critical infrastructure was disrupted and work in many offices was paralysed. All because an update to Falcon, the star antivirus from US cybersecurity company CrowdStrike, included a code error that caused computers running Microsoft Windows, the operating system most widely used by businesses, to crash.

Chance also wanted the update in question to be done before Friday in July. This increased the impact of the incident, as the airport is busier than average on summer weekends. The number of people directly or indirectly affected is not yet known, but will be high given the thousands of flights affected.

Tech teams at companies were scrambling, moving from computer to computer to fix the dreaded “blue screen of death,” the error message that Windows displays when it freezes. Authorities in many affected countries, from India to Germany, including Spain and the United States, sent messages of calm and offered citizens and businesses advice on how to fix the problem. For those affected, all they had to do was delete the file containing the CrowdStrike update, though depending on the case, that process could be complicated.

Are we facing the biggest computer outage in history? Some experts are already saying yes. Others point out that the true scale of the problem is days or even weeks away, and some systems will take longer to restore than others, making such claims risky. “The scale of this breach is unprecedented and will undoubtedly go down in history, potentially surpassing the WannaCry attacks of 2017,” said Junad Ali, a cybersecurity expert at the Institution of Engineering and Technology (IET) in London. This was reported to the SMC portal.

Santiago Escobar, director of the cybersecurity department at Incibe-UPV and a researcher at the Valencian VRAIN institute, believes that the comparison with the effects of WannaCry, which affected at least 300,000 computers in 150 countries, is exaggerated: “It says a lot. I would be surprised if an antivirus patch could have such a significant effect.”

The comparison also makes us highlight the differences between the two cases. The CrowdStrike outage was an inadvertent error: “Someone touched the code and didn’t do the proper checks before running it,” says Escobar. WannaCry, on the other hand, was ransomwarea type of computer virus that hijacks infected computers and releases them after a ransom is paid. It was developed by the North Korean cybercrime group Lazarus, allegedly with a profit motive. It is considered the most destructive cyberattack in history.

Were there any solutions comparable to Friday’s? “This is not the first time we have faced a similar problem due to questions softwareLet’s think about the Y2K effect, which caused a global problem, as well as other small glitches, such as video game updates. Call of Duty: Warzone” says Erisa Karafili, associate professor at the University of Southampton’s Centre for Cyber ​​Security Research. “What happened is essentially what we feared would happen in 2000. The only difference is that it’s happened now,” agrees Troy Hunt, a cybersecurity expert and creator of the site Have You Been Pwned?, where you can plug in an email address and see if it’s been compromised.

Cybersecurity expert Adam Leon Smith says it could be worse. “The operating system used in critical infrastructure is Linux, not Windows,” he told SMC. He believes that in some cases the solution can be implemented very quickly, while in others it will take longer: “If the machines behave in a way that causes blue screens and endless loops, it may be difficult to recover from them, it will take days or weeks.”

Other major recent computer outages

In May 2017, a glitch in British Airways’ computer systems forced the British airline to cancel all flights from London’s Heathrow and Gatwick airports, leaving 75,000 passengers stranded. On December 14, 2020, Alphabet’s core services (Google, Gmail, Google Docs, YouTube, and cloud storage) experienced a temporary outage worldwide due to an authentication issue.

In June 2021, thousands of websites around the world went down due to an incident on the Fastly content distribution network, affecting EL PAÍS, Amazon, Twitch, among others. New York Times and Reddit. On October 4, 2021, Meta recorded an outage that lasted seven hours and affected Facebook, Instagram, and WhatsApp.

In July 2022, a service outage at the American cloud services company Akamai caused service disruptions for companies such as Airbnb, video game platforms such as Playstation Network or Steam, airlines such as Delta Air Lines, and distribution networks such as Costco. Wholesale and financial services such as American Express, as well as banks such as BBVA, or media such as EL PAÍS, among others. In December of the same year, two months after its acquisition by Elon Musk, the social network X experienced incidents that resulted in access to the platform being blocked.

The Biggest Cyberattacks in History

If unintentional mistakes can wreak havoc, cyberattacks are not far behind. On May 12, 2017, more than 300,000 computers around the world were effectively hijacked. The screens went black and a scary message appeared: your documents are encrypted, and to get them back you must pay $300 in Bitcoin. ransomware WannaCry paralyzed thousands of companies in minutes. Forensic analysis and subsequent investigations called it the largest murder in history. Direct and indirect losses were estimated to exceed $4 billion.

A year earlier, in 2016, another one appeared ransomwarePetya, which attacked Windows systems via an executable PDF file. The prank cost the Danish shipping company Maersk around 250 million euros. However, this was just an appetizer. In March 2017, just a month before WannaCry, NotPetya, a new version of this malware which infected tens of thousands of computers around the world. This time, there was no need to execute anything: the virus caught and encrypted the systems. And it offered no way to free them, ruling out economic motives. It was later revealed that it had been launched by Kremlin-linked groups in Ukraine, with the aim of crippling critical infrastructure in that country, although it later spread to the rest of the world.

NotPetya is not the only virus launched for political and/or military purposes that has gotten out of control. The first known successful move of this type was called Stuxnet. In the summer of 2010, someone managed to insert flash drive on a Siemens computer at a nuclear power plant in Iran. This is how this computer worm, a type of virus that replicates and infects other machines, even if they are not connected to the Internet, was created via local area networks. Stuxnet installed itself on systems, stole information, and then self-destructed. The virus, which infected about 100,000 computers (60% of them in Iran), temporarily shut down Iran’s uranium enrichment program. The authorship of Stuxnet is unknown, although some analysts point to Israeli or American intelligence services due to its extreme complexity.

You can follow El Pais Technology V Facebook And X or sign up here to receive our weekly newsletter.