Microsoft noted that the faulty CrowdStrike update hit "less than 1%" of Windows PCs. But given the cyber security firm's critical services focus, that 1% included banks, supermarkets, emergency services and airlines.
Analysis by Chris Keall
Chris Keall is the technology editor and a senior business writer for the NZ Herald.
A fix for affected systems has been released but getting them back online will take time as it requires manually weeding out the flawed code.
CrowdStrike software that injected the bug has almost 20% market share and is common in critical services.
ANALYSIS
It sounds relatively harmless when you put it like this: “We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than 1% of all Windows machines,” Microsoft enterprise and OS security head David Weston wrote in a post lateyesterday.
But CrowdStrike’s market is big organisations that do important stuff to keep society going, and that “less than 1%” included your bank, your supermarket – and in many cases, especially in the US, their airline, health provider or emergency services too.
As Weston added: “While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.”
The odds are relatively low that your work PC will be suffering the “blue screen of death” when you arrive in the office this morning.
If you work for a large organisation, it should be sorted by now by your in-house IT team over the weekend (remember to buy them a coffee) – at least in terms of customer-facing systems. If you’re part of a large organisation that uses CrowdStrike, like several of our major councils, you could perhaps find it takes a couple of days for your IT team to get around to fixing your PC, given the manual nature of the process.
If you work for a smaller employer, you’re likely outside CrowdStrike’s target market (and the Austin, Texas-based firm’s 2023 accounts indicate its New Zealand presence is below its global 20% market share; of $140 million in Australia-New Zealand revenue, less than $4m came from this side of the Tasman).
Regardless, CyberCX security expert Dan Richardson noted over the weekend that the full extent of the CrowdStrike chaos won’t be known until today, when firms without inhouse tech staff return to the office.
Netsafe chief executive Brent Carey has a battle plan for who have been affected.
“Kiwis hit by the CrowdStrike outage should review the incident report to understand the nature and extent of the breach,” he told the Herald this morning.
“Businesses should work with their internal or outsourced ICT team to apply the fix that has been sent around and take any remediation steps.
“If it has affected your business consider a company-wide password reset. Ensure all systems are patched and free of malware.
“Monitor systems and communicate with customers what you have done to fix any issues.”
Make sure any advice or updates are actually coming from your IT team or trusted partners, Carey adds.
If you are suffering the “blue screen of death” it’s best to get tech support to fix it, unless you’re a deep geek – but if you’re up to it, there are instructions here.
That warning was echoed by the National Cyber Security Centre – part of the GCSB.
Manager for incident triage and response Jordan Heersping said there had been an increase in phishing referencing the CrowdStrike outage.
“Primarily this looks like emails or other types of messages being sent to people and they might be imitating CrowdStrike support or Microsoft security, or something like that, trying to get people to provide credentials or download software which the attacker might use to conduct further activity.”
Mopping up
Elsewhere, things seem in the mopping-up stage.
Meanwhile, Banking Association chief executive Roger Beaumont said banks would scrutinise what happened over the coming week.
Beaumont applauded local banks for how they managed the outage.
“Given the scale of the issue and the global nature of the issue, our banks responded incredibly fast, and were able to affect change and resume normal services relatively quickly for customers.”
ASB, for example, was able to restore basic core online banking services in the wee hours of Saturday morning (the outage hit around 5.20pm Friday), with an all-systems-restored update. Whoever you bank with, double-check transactions from late Friday to make sure there was no double-billing.
Emergency Management and Recovery Minister Mark Mitchell told RNZ he had not received any information to indicate ongoing issues as a result of the CrowdStrike fault.
He said at this early stage the Government had not identified any need to talk to CrowdStrike about compensation.
Bright spot for Palo Alto Networks
CrowdStrike shares fell 11% in Friday (Saturday NZT) Nasdaq trading, wiping some US$10.8 billion ($18.9b) from its market cap.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.