On Friday, July 19th, the tech world experienced an unprecedented event as an IT outage affected a staggering 8.5 million Windows devices worldwide. Users across the globe were confronted with the dreaded “Blue Screen of Death” (BSOD) on their screens, indicating a critical system failure.

This massive disruption, caused by an update from CrowdStrike, marks the largest IT outage in history, surpassing notable incidents like the WannaCry cyberattack in 2017.

blue screen of death for largest IT outage

The Scale of the Outage

Microsoft reported that the outage affected 8.5 million Windows devices worldwide. Although this represents less than 1% of all Windows devices globally, the sheer number of affected machines underscores the extensive impact of the incident. The large scale of this disruption shows just how widespread and significant the problem was. 

Microsoft was able to determine the number of affected devices using performance telemetry data collected from their internet connections. This data allowed them to accurately assess the scope of the outage and understand its far-reaching effects.

Microsoft’s Response and the Role of CrowdStrike

Microsoft has been “working around the clock” to provide ongoing updates and support, collaborating closely with CrowdStrike to address the issue. The cause of this outage came from an Update from CrowdStrike, deployed to computers running Microsoft Windows. This incident underscores the critical need for robust cybersecurity measures and preparedness for unforeseen disruptions.

logo of crowdstrike

Economic and Societal Impacts

The outage’s broad economic and societal impacts cannot be overstated. The affected devices are used by enterprises running many critical services, illustrating how deeply interconnected modern businesses are with their IT infrastructure. 

The disruption has had ripple effects across various sectors, from finance and healthcare to logistics and retail, demonstrating the far-reaching consequences of such an event.

Historical Context: Comparisons to Previous Outages

To put this event into perspective, it’s helpful to compare it to previous significant cyber incidents:

  • WannaCry Cyberattack (2017): Estimated to have impacted around 300,000 computers in 150 countries. This ransomware attack caused widespread disruption and highlighted vulnerabilities in unpatched Windows systems.
  • NotPetya Attack (2017): Occurring just a month after WannaCry, this attack similarly caused extensive damage and financial losses across multiple industries.
  • Meta Outage (2021): A major six-hour outage at Meta affected Instagram, Facebook, and WhatsApp, but its impact was largely contained within the social media ecosystem and some linked partners.

Hacker Exploitation of the IT Outage

Whenever a major tech-related news event occurs, hackers are quick to exploit the situation. Following the CrowdStrike-related outage, researchers at Secureworks observed a sharp increase in CrowdStrike-themed domain registrations. These domains are likely created to deceive IT managers and the public into downloading malicious software or divulging private information.

Hackers have been known to tweak their phishing tactics during significant events, as seen during the Covid-19 pandemic. In this case, hackers may use the fear and uncertainty surrounding the outage to trick individuals and organisations. The advice from cybersecurity experts is clear: IT managers and individuals should be vigilant and only rely on information from official CrowdStrike channels.

In this case, hackers may use the widespread news coverage and the associated panic to:

  • Create Fake Websites: These sites may appear legitimate and related to CrowdStrike, but they are designed to distribute malware or steal personal data.
  • Send Phishing Emails: Hackers might send emails that seem to be from official sources, urging recipients to take immediate action, such as downloading a patch or providing login credentials.
  • Spread Misinformation: By distributing false information, cybercriminals can further confuse and panic the public, increasing the likelihood of successful attacks.

Lessons Learned and the Path Forward

The massive IT outage serves as a stark reminder of the importance of cybersecurity preparedness. Businesses should seize this opportunity to reassess their disaster recovery plans and ensure they have robust measures in place to mitigate the impact of such incidents. 

Here are key takeaways to consider:

Prioritise Safe Deployment:

It’s essential to ensure that updates and deployments are thoroughly tested and rolled out in a controlled manner. 

This involves:

  • Rigorous Testing: Conduct extensive testing in a controlled environment before deploying updates to production systems.
  • Phased Rollouts: Implement updates gradually to monitor for any issues and minimise widespread disruptions.
  • Rollback Plans: Have a clear rollback strategy in place to revert changes if unexpected problems arise during deployment.

Implement Strong Disaster Recovery Plans:

Having clear procedures and backup systems is crucial to quickly recover from outages. 

This includes:

  • Comprehensive Backup Solutions: Regularly back up critical data and systems to ensure you can restore operations swiftly in case of a failure.
  • Disaster Recovery Drills: Conduct regular drills to test the effectiveness of your recovery plans and identify areas for improvement.
  • Redundant Systems: Implement redundant infrastructure to minimise downtime and maintain business continuity during an outage.

Stay Informed and Vigilant:

Regularly monitor cybersecurity news and updates from trusted sources to stay ahead of potential threats.

 This involves:

  • Continuous Monitoring: Utilise cybersecurity tools and services to continuously monitor your systems for vulnerabilities and threats.
  • Timely Updates: Keep your software and systems up to date with the latest security patches and updates.
  • Threat Intelligence: Subscribe to threat intelligence services to receive real-time information on emerging threats and trends.

Educate Employees:

Ensuring that all staff members are aware of cybersecurity best practices and know how to identify and report suspicious activities is vital.

This includes:

  • Regular Training: Conduct regular training sessions to educate employees on the latest cybersecurity threats and safe practices.
  • Phishing Simulations: Run simulated phishing attacks to help employees recognize and respond to phishing attempts.
  • Clear Reporting Channels: Establish clear channels for reporting suspicious activities and ensure employees know how to use them.
 

By incorporating these strategies, businesses can significantly enhance their cybersecurity posture and be better prepared to handle unexpected IT disruptions. This proactive approach will not only protect critical assets but also ensure business continuity and resilience in the face of future cyber threats.

image for microsoft IT outage

The recent IT outage, affecting 8.5 million Windows devices, stands as the largest cyber event in history. While Microsoft’s swift response and collaboration with CrowdStrike are commendable, the incident highlights the critical need for businesses to prioritise cybersecurity and disaster recovery. 

By learning from this event and implementing robust cybersecurity measures, organisations can better protect themselves against future disruptions.

Stay ahead of Cybersecurity Threats and ensure your Business is prepared. 

Contact Creative Networks today for expert guidance and support in safeguarding your IT infrastructure.

Get in touch now and secure your business’s future.

GET IN TOUCH