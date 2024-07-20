A faulty update knocked out several Windows computers and servers around the world on Friday, sending them through a boot loop featuring a so-called blue screen of death, disrupting aviation, banking, telecommunications, hospitals, TV channels and other companies. The update was part of the Falcon endpoint threat detection and response product developed by CrowdStrike, a Texas-based cybersecurity firm, for Microsoft’s Azure cloud service. Flights were briefly grounded in the United States, with airports reeling under a complete collapse of their digital systems worldwide. In India, airlines started checking passengers in manually at airports serving Bengaluru, Chennai, New Delhi, Hyderabad, Kochi, Thiruvananthapuram and Mumbai, among others, issuing handwritten boarding passes as blue error screens took over flight information display boards. Many flights were delayed for hours or cancelled, with IndiGo alone reporting that it had cancelled at least 283 trips on Friday and Saturday. Other airlines such as Akasa Air, SpiceJet, Vistara, Air India and Air India Express did not provide details of their cancellations. The issues began at 3.30 a.m. and hit Indian airports and airlines when their systems received the faulty update. Bangalore International Airport Ltd said in a statement that airports were facing issues due to downtime affecting a departure control system developed by the firm Navitaire. Civil Aviation Minister Kinjarapu Ram Mohan Naidu urged airlines to accommodate affected passengers with food and water during the delays. Airlines were able to implement the fix to some extent and restore digitised boarding procedures. However, airline executives warned that the disruption would “cascade” over subsequent days, due to planes reaching late for subsequent flights. Minister for Electronics and Information Technology Ashwini Vaishnaw said the National Informatics Centre was not impacted. While CrowdStrike has withdrawn the faulty update and says it has issued a fix, network and IT administrators have had to manually execute a manual four-step recovery process to fix affected systems, as computers and servers need to boot completely to download the fixed software. The Indian Computer Emergency Team (CERT-in) under the Ministry of Electronics and Information Technology shared these steps in an advisory in the afternoon. Mr. Vaishnaw said the government was “continuously” engaging with Microsoft, and that CERT-in was talking to chief information security officers at various critical infrastructure entities. “All impacted entities are working to bring up their systems,” Mr. Vaishnaw said. “In many cases, systems are partially up.” The government did not name the impacted entities. In a statement, the Reserve Bank of India said “only a few banks are using the CrowdStrike tool,” and that only 10 banks or non-banking financial institutions were impacted. “Overall, the Indian financial sector in the Reserve Bank’s domain remains insulated from the global outage,” the RBI said.

CrowdStrike CEO George Kurtz told a U.S. news channel that the firm would extend support to impacted customers. Microsoft, while acknowledging the outage in a blog post, noted that “Virtual Machines running Windows Client, and Windows Server, running the CrowdStrike Falcon agent, may encounter a bug check”. While Microsoft has not fully revealed what caused the outage, one incident seems to have triggered this cyberevent — a glitch in the software update of Falcon Sensor, the endpoint protection programme of CrowdStrike.

CrowdStrike is a cybersecurity firm that deploys unified security programmes to stop breaches in real time. The Falcon Sensor platform runs with high privileges and is built to protect endpoints (basically, any devices connected to a computer network). A mishap in this security platform can cause the operating system to crash, like what several users faced globally on Friday with the Blue Screen of Death (BSOD). Once BSOD flashes on a user’s screen, they will be caught in a boot loop cycle, which means that they won’t be able to access their devices linked to CrowdStrike’s Falcon platform. According to CyberArk’s CIO, Omer Grossman, there is a range of possibilities that may have caused the glitch, starting from human error — for instance, a developer who downloaded an update without sufficient quality control — to the intriguing scenario of a deep cyberattack, prepared ahead of time and involving an attacker activating a “doomsday command” or “kill switch”. It is anyone’s guess until CrowdStrike’s own analysis and updates are out in the coming days. Alternatively, the software update made by CrowdStrike could have conflicted with the changes introduced in the latest Windows update, CYFIRMA’s CEO, Kumar Ritesh, pointed out. The latter could be a good area to probe as other cloud service providers, like Google Cloud or Amazon Web Services (AWS), did not suffer any outage. It is also important to note that both Google and Amazon have built their cloud platform on Linux.

The Hindu’s Editorials

The Hindu’s Daily Quiz

Which political party in India has the highest proportion of women MPs in the current Lok Sabha at 38%?

Bharatiya Janata Party

Naam Tamilar Katchi

Trinamool Congress

Congress

To know the answer and to play the full quiz, click here.