CrowdStrike, the company that shut down airports, banks and hospitals worldwide yesterday due to a glitchy update, has already been found to be issues to have had with updates, although it went largely unnoticed.
Debian and Rocky Linux users faced significant disruptions a few months ago due to CrowdStrike updates.
In April, a CrowdStrike update caused all Debian Linux servers at an unnamed tech lab to simultaneously crash and refuse to boot. The update was found to be incompatible with the latest stable version of Debian, even though the specific Linux configuration was supposedly supported.
A team member involved in the incident expressed his displeasure at CrowdStrike’s slow response. It took them weeks to determine the cause, which was that the Debian Linux configuration was not included in their testing program.
CrowdStrike users also reported similar issues after upgrading to RockyLinux 9.4, with their servers crashing due to a kernel bug. Once again, Crowdstrike acknowledged that insufficient attention was given to cross-OS compatibility issues.
It’s also unclear why CrowdStrike rolled out the update for Windows globally all at once rather than in phases, which could have prevented many problems.
The consequences of the outage were greatest at international airports, including Schiphol. More than 200 flights were cancelled. 150 flights departed with delays. According to the ANVR, the damage to the travel industry is ‘enormous’. In the province of Utrecht and the regions of Amersfoort and Almere, no buses were running because the bus drivers could no longer contact the emergency centre of regional transporter Keolis. The Scheperziekenhuis in Emmen, Ziekenhuis Slingeland in the Achterhoek and the hospital Nij Smellinghe in Drachten were barely able to treat patients for a few hours.
CrowdStrike appears to have covered Incidents like this. The terms of CrowdStrike’s Falcon security software – used by businesses and government agencies around the world – limit liability to what’s called “paid fees.” As a result, companies filing claims can’t recover the full damages they suffered, only what they paid CrowdStrike.
Larger companies using CrowdStrike’s software – such as some of the affected airlines or hospital chains – may have negotiated contracts with different terms. It is likely that most of the damages will be settled with cyber insurers.
The reputational damage will not do the company any good, however. Shareholders are also expected to file lawsuits against the company. The SEC will also get involved. The company, which is listed on the stock exchange, will have to file a so-called 8-K report with the SEC in the coming days, detailing what went wrong with the Falcon update.
Source: www.emerce.nl
