It was not a cyberattack but the world almost came to a standstill after a massive IT outage wrought havoc on computer systems worldwide on Friday.
Planes were grounded; airports crowded with passengers waiting for their flights; ATMs stopped dispensing cash, supermarkets and petrol stations declined digital payments; companies were forced to reboot after their computers crashed and displayed only the so-called blue screen of death.
What caused the IT outage?
The system glitch stemmed from a defect found in a single content update for Microsoft Windows. The Falcon Sensor by US-based cybersecurity technology firm CrowdStrike that was supposedly “purpose-built to stop breaches and prevent all types of attacks”—including malware and more – caused the outage. Systems restarted or shut down automatically.
George Kurtz, CrowdStrike CEO, has apologised for the global outage. “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” he said in a post on social media platform X on Friday.
Microsoft said it had fixed the underlying cause for the outage that affected its 365 apps and services; while Mac and Linux hosts were not impacted by the issue.
How bad was the situation?
Air travel was the most seriously hit with airports and major airlines around the world reporting delays following issues with their system network. According preliminary data released at 2pm on Friday (UAE time) by aviation analytics company Cirium, out of more than 110,000 scheduled commercial flights that day, 1,390 have been cancelled globally, and the numbers were rising.
Across Asia, airports in Singapore, Bangkok, Hong Kong, India and Manila were among those affected, with long lines seen at check-in counters; while major US air carriers including Delta, United and American Airlines have also grounded all flights, according to US Federal Aviation Administration.
Bank transactions, hospital services and financial markets were also disrupted.
How was the UAE affected?
Some online services by the UAE Government were affected while Dubai International Airport (DXB) also confirmed that their operations were temporarily impacted.
UAE residents, however, were assured that no hacks or cyberattacks were detected amid the large-scale technical failure on Friday. The UAE Cyber Security Council issued an alert urging users of Crowdstrike software to be wary of any software updates and the Dubai Electronic Security Centre (DESC) also issued a statement assuring that it “acted quickly to avoid any impact on Dubai government services”.
The General Civil Aviation Authority (GCAA) said the global technical glitch “had minor impacts on the operation of the country’s airports and airlines. Minor delays were reported in the check-in processes for a limited number of flights, as an alternative system was used by the airlines, allowing the check-in operations to resume normally.”
Some residents, however, were surprised as they did not expect some shops were forced to switch to “cash-only” payments due to technical issues. Some who were buying groceries or tanking up their cars had to scramble for instant cash as card payments weren’t working. Others weren’t able to withdraw from ATMs.
A fix has been deployed, but what’s next?
Dubai-based IT expert Rayad Kamal Ayub, managing director of Rayad Group, told Khaleej Times “tech experts in coming days will analyse if this was a cyberattack or a blunder on the part of the company to have deployed an update without following the complete protocols of testing.”
“This is a wake-up call for most governments and multinationals about their vulnerabilities. This is a case of complete dependence on one company for their cybersecurity requirements,” he underscored.
“In the next few weeks and months, cybersecurity experts and security professionals will have to look at back-up options if the enterprise software and cybersecurity company gets compromised again,” he added.
Irene Corpuz, founding partner and board member at Women in Cybersecurity Middle East, said: “I can sense that CrowdStrike will be called by the US Senate to explain.”
“It was not a cyberattack but businesses and companies were heavily affected. Residents also felt the impact. The card payment system crashed in some stores and not everyone is carrying cash nowadays,” she added.
Corpuz said tech companies normally do testing on test environment before deploying patches on live environment. “However, we do not know the case of the update on CrowdStrike and the patch management policy (methodology used to ensure hardware and software on a corporate network are regularly maintained) used before it was deployed to a live environment.”
One thing is for sure, as Ayub pointed out the irony of the situation: “What was supposed to be protector for cybersecurity has compromised us.”