Global IT Outage on 19/7/2024: Causes, Impact & Protection Tips
A widespread technology outage caused major disruptions around the world on July 19th, 2024, impacting businesses, government agencies, and critical infrastructure.
A widespread technology outage caused major disruptions around the world on July 19th, 2024, impacting businesses, government agencies, and critical infrastructure. Flights were grounded, banks went offline, and media outlets were knocked off the air, highlighting the global dependence on a handful of software providers.
Global-IT-Outage_on_19th -July_2024
Reason: A Flawed Security Patch
The culprit behind the global tech outage wasn’t a malicious cyberattack, but rather a faulty update. CrowdStrike, a major cybersecurity firm, released a defective update for their antivirus software designed for Windows systems. This update contained a bug that caused unexpected malfunctions in countless organizations that rely on interconnected Microsoft products and services.
CrowdStrike’s-CEO,-George-Kurtz
CrowdStrike’s CEO, George Kurtz, has apologized for the outage, which the company stated was due to faulty code.
This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz wrote on Twitter. “We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
The update itself didn’t directly target specific systems, but rather created a cascade effect. Imagine a critical piece of software in a car malfunctioning. It wouldn’t directly disable the engine, but it could mess with the electrical system, which in turn could impact everything from the lights to the brakes. This analogy reflects what happened. The faulty update disrupted underlying functionalities, impacting applications and services that relied on them.
Geographically Affected Sectors
Global-IT-Outage
While it’s difficult to pinpoint exactly which countries were affected by the July 19th IT outage on a strictly country-by-country basis, reports indicate the outage likely impacted several regions globally, including:
Australia
Asia (including Japan and Singapore)
Europe (including Germany, France, and the United Kingdom)
North America (including Canada and the United States)
South America (including Brazil)
Focus on Widespread Disruption
Understanding the outage’s global reach is more valuable than a specific country list. The interconnectedness of technology today means a problem in one region can ripple outwards.
News Reports Offer Glimpses
News reports mentioned disruptions in various sectors across these regions:
Australia: Telecommunication issues were reported.
Asia: Banks and computer systems in parliaments experienced problems.
Europe: Airports, broadcasters, and several companies faced disruptions.
North America: Major US airlines grounded flights, and hospitals encountered issues.
AUSTRALIA
Australia
Based on news reports from the July 19th global IT outage, several Australian companies were likely affected, though a definitive list might not be available. Here’s what we know:
Telecommunication providers: Reports mentioned disruptions in the telecommunication sector, suggesting companies like Telstra, Optus, and Vodafone might have experienced issues.
Airlines: While specific airlines weren’t always named, major global outages often impact airlines worldwide. Qantas and Virgin Australia are strong possibilities.
Banks: Although details on specific banks are limited, major Australian financial institutions like Commonwealth Bank, National Australia Bank (NAB), and Westpac could have faced disruptions.
Media: The national broadcaster, Australian Broadcasting Corporation (ABC), and Sky News Australia were confirmed to be affected.
Beyond these confirmed cases, the outage likely impacted other sectors in Australia that rely on Microsoft products and CrowdStrike software, such as:
Retail: Inventory management and point-of-sale systems in supermarkets and other stores.
Government: Services offered by various government agencies.
Healthcare: Appointment scheduling and other software used in hospitals and clinics.
It’s important to remember that these are potential impacts based on news reports and the nature of the outage. While some companies might have faced significant disruptions, others might have implemented workarounds or have less critical reliance on the affected software.
The outage’s impact transcended geographical boundaries, affecting various sectors globally:
Transportation: Flight management and air traffic control systems are heavily reliant on software. The outage grounded flights worldwide, causing major travel disruptions.
Finance: Banking transactions rely on complex networks and software for authorization and processing. The outage caused online and even in-person transactions to stall, impacting businesses and consumers.
Communication: Telecom companies and media outlets depend on software for routing calls, managing networks, and delivering content. This resulted in phone service outages, disrupted internet connectivity, and limited access to news and information.
Other Sectors: Government agencies, healthcare systems, and even supermarkets heavily utilize software for various functions. The outage impacted everything from appointment scheduling in hospitals to managing inventory at grocery stores.
The interconnectedness of modern infrastructure turned a seemingly isolated software issue into a global problem.
INDIA
India
In India, the July 19th global IT outage caused significant disruptions in several sectors, according to news reports. Here’s a breakdown of the impact:
Airports: Major Indian airports, including Delhi, Mumbai, Bengaluru, and Chennai, were significantly affected. Reports indicate that some airlines, potentially including IndiGo (which cancelled over 200 flights), faced issues with check-in systems due to the outage. This resulted in long queues and delays for passengers. The news channel showed images from passengers in Delhi with hand writing boarding card and as due computer glitch. The Airline staff had to use the age old method of White board writing and shouting the Gate no for the passengers at their counter. The baggage tags where handwritten. The in-bound flights travelers had to queue for longtime as technology glitch really put the airport staff and customs to the test.
Financial Sector: The Reserve Bank of India (RBI) reported that the financial sector was largely unaffected, with only around 10 banks experiencing minor disruptions.
Other Sectors: While specific details are limited, the outage likely impacted other sectors reliant on Microsoft products and CrowdStrike software. This could include:
Government Agencies: Disruptions to online services offered by various government departments.
Businesses: Issues with internal systems used by companies across various industries.
Hospitals: Potential problems with appointment scheduling or other software used in healthcare facilities.
JAPAN
Japan
Japan was certainly not immune to the global IT outage that occurred on July 19th, 2024. Here’s what we can glean about the impact on Japan:
Transportation: While specific details are limited, major disruptions likely affected some aspects of Japan’s transportation system. This could include issues with airline check-in systems, similar to what happened in India, causing delays and cancellations. Train schedules might have also been impacted due to reliance on computerized control systems.
Businesses: News reports specifically mentioned problems with computer systems in Japanese parliaments, suggesting disruptions likely extended to businesses across various sectors. Companies heavily reliant on Microsoft products and CrowdStrike software would have been most susceptible. This could encompass:
Financial institutions facing issues with internal systems crucial for daily operations.
Retail stores experiencing problems with inventory management or point-of-sale systems.
Manufacturers encountering disruptions in production lines or supply chain management software.
Universal Studios Japan: This popular theme park confirmed that the outage impacted their ticket sales system. While rides and attractions remained operational, visitors couldn’t purchase tickets online or through the park’s ticketing booths on July 19th and 20th.
SINGAPORE
Singapore
Singapore was one of the regions significantly impacted by the global IT outage on July 19th, 2024. Here’s a breakdown of the reported disruptions:
Airports: Changi Airport, a major international hub, faced significant challenges. The check-in process for several airlines, potentially including Singapore Airlines (SIA), was disrupted due to software malfunctions. This resulted in:
Manual check-in procedures, leading to long queues and delays for departing passengers.
Disruptions to reservation hotlines and services at SIA’s ION service centre, although these were reportedly resolved later in the day.
Media: Local media outlets like The Straits Times and Lianhe Zaobao were also affected by the outage, potentially experiencing issues with publishing content or maintaining online operations.
Social Services: News reports mentioned disruptions to some social services in Singapore, but the specific nature of these disruptions isn’t entirely clear.
There was a global IT outage that affected France on July 19, 2024. It disrupted many critical services, including airlines, banks, media, and even the Paris Olympics IT operations.
The good news is that French and other cybersecurity agencies believe it was not a cyberattack, but rather a technical issue with a third-party software platform. This should help to prevent similar outages in the future.
UAE
UAE
The global IT outage on July 19, 2024, did impact the UAE [1, 2, 4]. Here’s a breakdown of what happened:
Disruptions: The outage affected various sectors in the UAE, including government services, airlines, and potentially some businesses.
I personally had experience with Insurance company in Dubai were I was told the system was down and it took almost the whole day for my medicine approval. I came know even the hospital Insurance portal were not working and I presume the patients were given priority over the insurance as it mandatory in UAE to 1st take care of the patient then the procedure. Even some banking system was affected and as well as Real estate system which were on the Microsoft based Cloud system.
Limited Scale: Thankfully, the impact in the UAE seems to have been relatively minor compared to other regions.
Response: UAE authorities responded swiftly. The Ministry of Foreign Affairs temporarily suspended online transactions, and Dubai Airports implemented alternative check-in systems to minimize disruption for travelers.
While the exact financial losses are unknown, the UAE took a proactive approach to minimize the outage’s impact.
How much loss Globally has happened due to IT outage on 19/7/2024
Financial loss due to the IT outage on 19/7/2024 globally cannot be determined using publicly available information. Estimating financial losses from such an outage would likely require private data from various sectors that were affected, and this data is not typically made public.
However, there are reports that the outage caused significant disruption to critical services around the world, including airlines, banks, and stock exchanges. This disruption likely resulted in lost productivity and economic activity. For instance, airlines may have had to cancel flights, and banks may have been unable to process transactions.
Even though financial markets were not significantly impacted, some experts believe the outage could have a negative impact on the global economy in the long run, as businesses and consumers become more aware of their reliance on technology.
Darren Anstee, Chief Technology Officer for Security, NETSCOUT
“The worldwide IT outage currently affecting airlines, media, banks and much more appears to have been caused by a faulty software update which was automatically applied, and not a cyberattack. This is another demonstration of how dependent we are on both our IT infrastructure, and the supply chains that deliver tightly integrated capabilities within it.
“There will undoubtedly be a huge fall out from this, with a lot of questions set to be raised around how to balance the need for regular security updates for defence, compliance etc, with the risk of applying unqualified updates to systems. Most enterprise software goes through testing and controlled roll-out before it is pushed to a whole population, but this doesn’t seem to be the case in this instance.”
Here are several ways to protect yourself and organizations from future IT outages:
Prevention
Prevention
Invest in reliable infrastructure: Ensure hardware and software are well-maintained, up-to-date, and from reputable vendors.
Redundancy is key: Implement redundant systems and data backups across multiple locations to minimize impact if one fails. This includes cloud-based backup solutions.
Regular testing and monitoring: Proactively test systems and monitor for vulnerabilities or potential issues. Regularly update software and patch vulnerabilities to prevent them from being exploited.
Diversify vendors and service providers: Relying on a single vendor for critical services makes you more vulnerable to their outages. Explore options with different vendors to minimize single points of failure.
Cybersecurity awareness training: Train employees on cybersecurity best practices to prevent accidental data breaches or malware infections that could trigger outages.
Preparation
Preparation
Disaster recovery plan: Develop a comprehensive disaster recovery plan that outlines steps to take during an outage. This plan should include communication protocols, data restoration procedures, and roles and responsibilities for recovery efforts.
Offline contingency plans: Have alternative methods for critical tasks in case systems become unavailable. This could involve paper backups or alternative communication channels.
Communication plan: Establish a clear communication plan for employees, customers, and stakeholders during an outage. Regularly test the plan to ensure effective communication channels.
Mark Jow, Security Evangelist EMEA at Gigamon, commented:
Mark-Jow,-Security-Evangelist-EMEA-at-Gigamon
“This Microsoft IT outage demonstrates the need for more robust and resilient solutions so that when these issues do arise, they can be resolved quickly without causing such widespread customer chaos and security risk. Preparedness is key – every IT and security vendor must have a robust system in place across its software development lifecycle to test upgrades before they are rolled out to ensure that there are no security flaws within the updates.”
Alexey Lukatsky, Managing Director, Cybersecurity Business Consultant, Positive Technologies
This case reminds us of the importance of secure development, since in this case it was most likely the lack of update checking both on the side of the manufacturer – CrowdStrike – and on the side of consumers who automatically installed all the updates that reached them, and led to a massive global outage around the globe. With the exception of those countries that are not using infosec products from this American corporation.
In addition, this story shows us how firmly information technologies have become embedded in people’s lives and in various business processes, and how catastrophic the consequences of an accidental or unauthorized, malicious impact on the IT infrastructure can be. That is, in other words, businesses are faced with the task of assessing those non-tolerable events with catastrophic consequences that can occur in their activities due to the impact on the IT infrastructure.
And this is not the only case of a similar scale. There have already been cases of this kind. For example, related to the McAfee antivirus update in 2010. A similar problem occurred with updates to the Windows operating system itself, as well as its Microsoft Defender protections, which resulted in the inability to perform normal functions for users. Therefore, this problem is of a general nature, it is not connected with the country of origin of this or that software and simply raises once again the question of how much the influence of the IT infrastructure on business can lead to the implementation of certain non-tolerable events.
At the moment, the root cause, based on the scale of the disaster, the way the incident manifested itself, appears to be failure to follow safe development practices. But there is a version that cannot be ruled out: it has not yet found any confirmation, but we, as experts in the field of cybersecurity, cannot completely deny it. This is the intrusion of attackers into the software development process at CrowdStrike, which could have led to the introduction of malicious functionality into the next update, which ultimately led to this kind of massive failure.
Everyone remembers the story with SolarWinds, also an American company, which suffered from such an incident a couple of years ago when attackers penetrated the development process and introduced malicious functionality into an update that was rolled out to the computers of almost 20 thousand SolarWinds customers.
The only thing that can suggest that these are unlikely to be malicious actions of cybercriminals who have intruded into the development process is that usually in these types of stories the task of cybercriminals is to remain undetected for as long as possible. In order to be able to penetrate the networks of companies in which software products with malicious loads are installed.
In this case, the update almost instantly led to computer inoperability, which is often not the goal of most APT-groups, whose task is not to disable systems, but to obtain either data that can then be sold, or blackmail the victim’s company, or perform some kind of other functions related to cyber espionage.
Learning from the incident
Learning-from-the-incident
Post-incident analysis: After an outage, conduct a thorough analysis to identify the root cause and areas for improvement.
Update disaster recovery plan: Use insights from the incident to update your disaster recovery plan with more specific steps and procedures.
By implementing these strategies, organizations and individuals can improve their resilience against IT outages and minimize the impact of future disruptions.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.