Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

An in-depth analysis of the CrowdStrike Falcon sensor incident

An in-depth analysis of the CrowdStrike Falcon sensor incident

In July 2024, CrowdStrike's Falcon sensor update caused a global IT outage that disrupted critical industries worldwide, including healthcare, aviation, and financial services. 

 

The cause of the global IT outage

On July 19, 2024, CrowdStrike released what was intended to be a routine content update for their Falcon sensor. The update was designed to enhance the system’s threat detection capabilities by refining the logic used to interpret and act upon security events. 

However, a defect within the update led to widespread crashes, known as the  ‘blue screen of death,on systems running Falcon sensor version 7.11 and above. The defect in the Rapid Response Content, designed to improve real-time threat detection, went unnoticed during standard validation checks. 

Consequently, the update triggered an "out-of-bounds memory read" that caused crashes across Windows hosts globally. These crashes brought down IT systems in multiple sectors, including healthcare, airlines, and banking services.

 

The technical breakdown

Falcon sensor’s failure was reportedly due to a mismatch in the IPC (Inter-Process Communication) Template Type. Specifically, the flaw emerged when the sensor code was programmed to handle 20 input fields, while the Template Type Definitions file expected 21 input fields. 

CrowdStrike’s executive summary explains, "At the time of the incident, the sensor code for the IPC Template Type described 20 different input sources for use by the Template Instance... the definition of the IPC Template Type in the Template Type Definitions file stated that it expected 21 input fields.

The discrepancy between the actual inputs provided and those anticipated created operational challenges, particularly with the processing of data files like Channel File 291. 

Ultimately, the system struggled to correctly interpret data, leading to the global IT outage.

 

The global impact

Healthcare sector

  • Northern Ireland’s NHS: Approximately two-thirds of GP practices could not access patient records, generate prescriptions, or view lab results due to the IT outage. 
  • Radiology reporting and voice recognition software: The outage delayed patient care and medical services.
  • Alaska: The 911 emergency system was unavailable due to the outage.

 

Aviation sector

  • Global flight cancellations: The IT outage canceled around 1,400 flights worldwide. Major disruptions occurred in the US, Germany, and India, causing global logistical issues.
  • Booking systems down: Transport booking systems were severely affected, with airlines unable to process bookings, check-ins, or manage flight schedules.

 

Financial services

Financial institutions, like Bank of America Corp. and JPMorgan Chase & Co. experienced service disruptions, affecting transaction processing and customer service operations. 

Read also: Global cyber outage hits multiple sectors due to CrowdStrike update

 

CrowdStrike’s response and vendor relations

Following the incident, CrowdStrike CEO George Kurtz stated: "We’re deeply sorry for the impact that we’ve caused to customers, travelers, and anyone affected by this, including our companies."

Microsoft also acknowledged the issue, stating, "Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally. We are actively supporting customers to assist in their recovery."

However, the company’s attempts to make amends with affected vendors and customers were met with mixed reactions.

 

Vendor compensation

$10 Uber Eats vouchers: CrowdStrike offered a $10 Uber Eats voucher to third-party agents and vendors affected by the outage. The gesture was intended as a token of appreciation for their hard work during the crisis. However, many felt that the compensation was inadequate given the scale of the disruption.

CNN reports, "A lot of users across social media platforms compared this to an office pizza party. Those tend to happen when bosses want to show they appreciate their employees’ hard work. There’s just a slight problem: Cheese and pepperoni don’t pay the bills."

 

Customer impact

The outage could cost Fortune 500 companies as much as $5.4 billion in revenues and gross profit, according to Parametrix, a cloud monitoring and insurance firm. Despite the losses incurred by customers, there has been no public indication from CrowdStrike regarding financial compensation beyond apologies.

Furthermore, CrowdStrike’s shares dropped by 15%, wiping out approximately $12.5 billion in market value. The sharp decline reflects investor concerns about the company’s handling of the incident and its potential long-term impact.

Beyond the immediate financial losses, the incident has raised concerns about the reliability of CrowdStrike’s software update processes. 

 

Broader implications for cybersecurity and compliance

As organizations increasingly rely on digital tools, the consequences of software failures are magnified. So, cybersecurity companies, like CrowdStrike, must test and validate their software to prevent future incidents. 

Additionally, implementing staggered deployment strategies with checks can help identify problems before they escalate, minimizing the impact on end-users.

Moreover, healthcare organizations affected by the CrowdStrike incident must train their staff to recognize and respond to cybersecurity threats. When these organizations infuse cybersecurity awareness into every employee, they ensure stronger and better protection.

Investing in advanced threat detection systems will also maintain HIPAA compliance, and safeguard patient trust.

Learn more: HIPAA Compliant Email: The Definitive Guide

 

FAQs

What caused the CrowdStrike incident on July 19, 2024?

The incident was caused by a defect in a routine content update for CrowdStrike's Falcon sensor, which led to widespread system crashes, also known as theblue screen of death’, on systems running Falcon sensor version 7.11 and above.

 

Did the CrowdStrike update affect healthcare systems?

Yes, the update impacted healthcare systems, including radiology reporting and patient appointment systems, affecting services such as prescriptions and patient records.

Furthermore, the disruption could have compromised access to protected health information (PHI).

 

Does cybersecurity impact HIPAA compliance?

HIPAA compliance requires effective cybersecurity, as it safeguards PHI from unauthorized access, breaches, and other security threats.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.