CrowdStrike Inc

Subterms

    Latest story

    113 Shares99 Views

    Congress Calls for Tech Outage Hearing to Grill Executive

    by

    The House Homeland Security Committee called on the chief executive of the cybersecurity firm CrowdStrike to testify on the disruption.A Congressional committee called on the chief executive of CrowdStrike to testify at a hearing about its role in a tech outage that roiled the global economy, in one of the first attempts to hold the cybersecurity company responsible.CrowdStrike sent a faulty security update to its customers Thursday night, resulting in millions of Microsoft Windows devices shutting down and disruptions to airlines, hospitals, logistics companies and others.Americans “deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking,” wrote Representative Mark Green of Tennessee, the Republican chairman of the Homeland Security Committee, and Representative Andrew Garbarino, Republican of New York.The letter was sent to George Kurtz, CrowdStrike’s chief executive. Mr. Green and Mr. Garbarino asked the company for a response to scheduling the hearing this week, but did not specify when it would take place.“CrowdStrike is actively in contact with relevant congressional committees,” said a company spokeswoman. “Briefings and other engagement timelines may be disclosed at members’ discretion.”The request came as the world continued to deal with the fallout from the widespread outages. Delta Air Lines canceled more than 800 flights on Monday, leaving more passengers stranded. And other industries were still recovering after being knocked offline for hours.The outage underscores how the world has become reliant on a small group of companies to maintain its digital infrastructure. CrowdStrike, while little-known to most consumers, is the second largest American cybersecurity company. More than half of Fortune 500 companies use its products.“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers,” said a Microsoft executive, David Weston, in a blog post on Saturday. “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist.”CrowdStrike’s products are used primarily by large businesses, not consumers. Its flawed update sent computers running Microsoft’s Windows operating system into a spiral where they continually rebooted. Although CrowdStrike sent a fix, many computers didn’t get it because of the loop. In many cases, businesses had to delete the damaging file from each machine manually.Mr. Kurtz on Friday told NBC’s “Today” show that the incident was not a cyberattack and was the result of the faulty update. But the congressional committee said in its letter to Mr. Kurtz on Monday said that the incident still presented vexing security questions.“Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely,” the lawmakers said. “Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again.”Representative Ritchie Torres, Democrat of New York, on Friday also asked the Department of Homeland Security to investigate the outages. More

    More stories

    • 163 Shares169 Views

      in Elections

      Scams Tied to the CrowdStrike Crash Have Bloomed. Here’s How to Stay Safe

      by

      People posing as airline customer service representatives may be making fraudulent attempts to access your money or private data, experts warn.In the hours after the American cybersecurity firm CrowdStrike deployed a flawed software update that crippled critical businesses and services around the world, scammers pounced.Government agencies and businesses have warned that the panic caused by the CrowdStrike crash on Friday has given criminals an opening to take advantage of customers who are looking to reschedule flights, access banking information or fix their technology.Here are some ways to guard against the fraudulent schemes.Scammers see an opportunity.CrowdStrike provides cybersecurity for some 70 percent of Fortune 100 companies, so the crash led to widespread failures that grounded planes, crippled businesses, disrupted 911 emergency systems and delayed banking transactions.Thieves online are using the confusion to carry out a variety of scams, including phishing attempts, the U.S. Cybersecurity and Infrastructure Security Agency said. The National Cyber Security Center in the United Kingdom issued a similar statement noting that an “increase in phishing referencing this outage has already been observed.”Scammers may look to get your money immediately by offering a product like a bogus plane ticket. But they could also be after personal identifying data that would allow them to access your finances in the future.What industries are being targeted?Because grounded planes caused frustrated customers to look to reschedule their flights, travel has been particularly subject to schemers, said Anton Dahbura, the executive director of the Information Security Institute at Johns Hopkins University.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 125 Shares99 Views

      in Elections

      Flight Delays and Cancellations Continue Saturday but in Lower Numbers

      by

      An estimated 3,400 flights to, from and within the United States were canceled on Friday because of a tech outage. That made it the worst day of the year for flight cancellations.Airlines made progress toward containing the fallout from a tech outage that disrupted global travel on Friday, though some flight delays and cancellations extended into Saturday.In all, about 3,400 flights to, from and within the United States were canceled on Friday, according to FlightAware, a company that tracks flight information. That made it the worst day of the year for flight cancellations, beating Jan. 15 when airlines besieged by bad winter storms canceled nearly 3,200 flights in the United States.Delays and cancellations on Saturday appeared on track to be much lower than on Friday. Airlines had canceled a little more than 1,000 flights as of midday, with Delta Air Lines and United Airlines among the hardest hit, according to FlightAware.“Delta teams in airports, on board flights, on the phones and in messaging are working tirelessly to care for customers as the airline works to put flight crews and aircraft back in position following the disruption,” the airline said in a statement. Most of the flight cancellations on Saturday were concentrated in the morning and early afternoon, Delta said.Several carriers said they would waive fees and fare differences or offer refunds for affected passengers. The Transportation Department said that carriers may also have to compensate some travelers for food, lodging and transport.The outage on Friday was caused when CrowdStrike, a widely used cybersecurity provider, issued a flawed software update to Microsoft devices. Soon after, airlines and many other businesses and institutions began suffering technical failures. For airlines, a wide range of systems were affected, including those that calculate aircraft weight, check in customers, issue boarding passes and manage call center phone lines.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 100 Shares119 Views

      in Elections

      After CrowdStrike Causes Outage, Are U.S. Networks Safe?

      by

      With each cascade of digital disaster, new vulnerabilities emerge. The latest chaos wasn’t caused by an adversary, but it provided a road map of American vulnerabilities at a critical moment.In the worst-case scenarios that the Biden administration has quietly simulated over the past year or so, Russian hackers working on behalf of Vladimir V. Putin bring down hospital systems across the United States. In others, China’s military hackers trigger chaos, shutting down water systems and electric grids to distract Americans from an invasion of Taiwan.As it turned out, none of those grim situations caused Friday’s national digital meltdown. It was, by all appearances, purely human error — a few bad keystrokes that demonstrated the fragility of a vast set of interconnected networks in which one mistake can cause a cascade of unintended consequences. Since no one really understands what is connected to what, it is no surprise that such episodes keep happening, each incident just a few degrees different from the last.Among Washington’s cyberwarriors, the first reaction on Friday morning was relief that this wasn’t a nation-state attack. For two years now, the White House, the Pentagon and the nation’s cyberdefenders have been trying to come to terms with “Volt Typhoon,” a particularly elusive form of malware that China has put into American critical infrastructure. It is hard to find, even harder to evict from vital computer networks and designed to sow far greater fear and chaos than the country saw on Friday.Yet as the “blue screen of death” popped up from the operating rooms of Massachusetts General Hospital to the airline management systems that keep planes flying, America got another reminder of the halting progress of “cyber resilience.” It was a particularly bitter discovery then that a flawed update to a trusted tool in that effort — CrowdStrike’s software to find and neutralize cyberattacks — was the cause of the problem, not the savior.Only in recent years has the United States gotten serious about the problem. Government partnerships with private industry were put together to share lessons. The F.B.I. and the National Security Agency, along with the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, issue bulletins outlining vulnerabilities or blowing the whistle on hackers.President Biden even created a Cyber Safety Review Board that looks at major incidents. It is modeled on the National Transportation Safety Board, which reviews airplane and train accidents, among other disasters, and publishes “lessons learned.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 175 Shares199 Views

      in Elections

      Is Your Flight Delayed by the Tech Outage? Here’s What You Need to Know.

      by

      While service is slowly recovering, flights have been delayed and canceled worldwide. Here’s information on the most affected airlines and airports, passengers’ rights and how to reach airline customer service.Travel plans across the world were thrown into disarray on Friday, as a global technology outage disrupted businesses and services — including air travel — leaving thousands of flights canceled or delayed across the United States and beyond.While service was slowly recovering by midmorning Eastern time, the ripple effect was still snarling travel plans as delayed and canceled flights created a buildup of passengers waiting at airports, and some planes and crews out of position.“The anxiety is getting up a little,” said Adonis Ajayi, 35, at Ronald Reagan Washington National Airport on Friday morning. Mr. Ajayi was on his way to Key West, Fla., for a long weekend and said he had been checking social media constantly for flight updates — his flight had been delayed for nearly three hours. “I’ve never seen anything of this scale.”The outage was caused by a flawed update from the cybersecurity firm CrowdStrike, whose software is used globally by scores of industries to protect Microsoft systems. Messages posted on social media by travelers worldwide showed flights grounded, some terminal monitors down and crowds of stranded passengers waiting at airport gates and customer service desks. Some passengers at one airport in India had to stand in long lines to obtain handwritten boarding passes.Which airports have been hit the worst?In the United States, Hartsfield-Jackson Atlanta International, the world’s busiest airport, appeared to have the most flights affected by the outage on Friday morning, with more than 230 incoming and outgoing flights canceled and more than 370 flights delayed, according to FlightAware, a real-time flight tracker.Many other airports, including hubs in New York, Chicago and Charlotte, N.C., also appeared to experience significant disruption.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares99 Views

      in Elections

      Counting the Costs of the Microsoft-CrowdStrike Outage

      by

      A “historic” tech failure alarmed investors, after a security update caused problems for Microsoft devices and services, and took down businesses worldwide.A major IT outage involving Microsoft and CrowdStrike has caused major delays at airports around the world.Clemens Bilan/EPA, via ShutterstockThe glitch felt around the world Grounded flights, emergency services unreachable, payment systems not functioning — the world is assessing the damage caused by a cascade of IT outages that is spooking investors and grinding many businesses and government services to a halt.“This outage is historic in scale,” Mikko Hypponen, a research specialist at the software company WithSecure and a cybercrime adviser to Europol, told DealBook.The problem is being attributed to a tech upgrade gone wrong. All eyes are on CrowdStrike, the cybersecurity company. It issued a software update that is causing Microsoft systems, including its Azure cloud service, to crash or not function properly. George Kurtz, the C.E.O. of CrowdStrike, said on X that a fix is being deployed, adding it’s “not a security incident or cyberattack.”Here’s the latest: American, United and Delta had grounded flights, according to the F.A.A. Airlines in Europe and Asia, including Air France-KLM and Japan Airlines, also had reported delays or cancellations. Some had reported a partial return to service.Long queues of airline passengers could be seen at airports around the world, with some resorting to manual check-in. In France, the television networks TF1 and Canal+ told the public on X that they could not go on the air on Friday morning. Comcast’s Sky News in the U.K. also went dark for a spell.The incident points to how reliant the global economy is on a handful of major tech companies to run vital infrastructure. CrowdStrike, a major cybersecurity vendor, is taking the brunt of the hit. Its stock was down nearly 12 percent in premarket trading. Microsoft was down about 1.4 percent, and also said a resolution was forthcoming.Security has become a big focus in the cloud wars. Google is trying to bolster its cloud operations with an eye on cybersecurity. The company is in talks to buy Wiz, a New York-based cybersecurity firm, in what would be its biggest acquisition ever, and an effort to take market share from Microsoft.Expect tough questions about the business world’s computing systems. Financial regulators in the U.K. have already begun speaking with financial services companies to learn the extent of the damage on banks and payment companies, The Financial Times reports.In other IT news: A U.S. judge dismissed most claims against SolarWinds, an IT security company, and its chief information security officer; the S.E.C. had sued the company after it was hacked by Russian agents in 2020.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More