On Friday 19th July, a little-known computer update called CrowdStrike Falcon triggered an IT meltdown that took down digital infrastructure, systems and terminals on a global scale.
Seemingly all at once, millions of computers around the world became unusable and unable to be rebooted, showing what’s known in the industry as the “Blue Screen of Death”. The scale of the outage is unprecedented impacting many industries including the retail industry.
While the immediate crisis has now passed, with the federal government disbanding its National Coordination Mechanism (NCM) on Tuesday 23rd July , there are still some impacts being felt across the retail supply chain and a need to remain vigilant in the face of an increase in scammers trying to take advantage of the outage.
In the immediate aftermath of the initial outage on Friday, the Australian Retailers Association (ARA) published this online resource for members, compiling information about the CrowdStrike outage – including links to a range of websites with more detail.
This blog has now been updated to reflect advice from government on Wednesday, 24th July in addition to information to help members – large and small – navigate next steps for their business.
CrowdStrike
CrowdStrike is a US-based cybersecurity company with software installed on Windows, Mac and Linux systems around the world. A “bug” in an update of CrowdStrike Falcon sensor onto Windows devices has been confirmed as the cause of the outages.
On Tuesday, 23rd of July, CrowdStrike provided the following statement.
“The CrowdStrike Falcon Platform is operating and all services are working as expected across the entire platform, including our Falcon Complete and Falcon OverWatch services.
“CrowdStrike continues to focus on restoring all systems as soon as possible. In yesterday’s session we provided an update on a new cloud delivered remediation process which we tested with customers, allowing us to accelerate impacted system remediation. We continue to work directly with our customers and partners and are making significant progress on the remaining devices to be remediated. We’re also releasing incremental capabilities to scale these remediation efforts through new tooling. Our team is directly communicating with customers and partners to roll out these tools.
“We will continue to provide updates as information becomes available and new fixes are deployed. To get assistance, follow updates in our hub: Falcon Content Update Remediation and Guidance Hub | CrowdStrike
“We are on track to release a preliminary Post Incident Report tomorrow which will provide more detail on what happened, what we have learnt and our initial list of actions we are researching to limit this from occurring again.”
Michael Sentonas, President of CrowdStrike (5.30pm AEST on Tuesday, 23rd of July)
This follows advice on the weekend, that CrowdStrike had deployed a “fix” but that it could take some time for impacted systems to be fully restored, and an earlier statement on Friday, 19th of July.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
George Kutlrtz, CEO at CrowdStrike (7.45pm AEST on Friday, 19th July )
NEMA – National Emergency Management Agency
NEMA sits within the Department of Home Affairs and played a key role in navigating the impacts of the CrowdStrike outage across the economy.
NEMA is the lead agency on the National Coordination Mechanism (NCM) that brought together key stakeholders to resolve the core issues and work through the knock-ons across the economy.
The ARA sits on the NCM on behalf of the retail sector, providing a valuable feedback loop to and from the sector.
CISC – Cyber and Infrastructure Security Centre
CISC sits within the Department of Home Affairs and played a key role in the government’s response to the outage. The following statement was issued on Friday, 19 July 2024.
“CrowdStrike are working on the fix, they’ve provided technical support to their customers. Over the next hours and days we hope that this incident will self-resolve as technical responses kick in. There is no reason to panic, CrowdStrike are on it, it is not a cybersecurity incident and we’re working as fast as we can to resolve the incident.”
Hamish Hansford – Deputy Secretary, Cyber and Infrastructure Security Centre (8.00pm on Friday, 19 July 2024)
ACSC – Australia Cyber Security Centre
The ACSC sits within the Australian Signals Directorate (ASD) and played a lead role in providing information to impacted users, publishing an online resource about the widespread outages relating to CrowdStrike software update.
In the NCM call on Saturday, 20 July 2024 (9.00am AEST) the ASD reported an increase in imitation and phishing scams since the initial incident.
The ASD has updated alerts on its website and highlighted the need for vigilance to protect consumers and organisations data. More resources are available at the ASD website here.
Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator made the following statement on Saturday, 20th of July.
“There are increasing reports of scammers attempting to exploit the recovery efforts to the widespread outages caused by the CrowdStrike technical incident.
“As systems are being restored, I urge Australian businesses and members of the community to be vigilant. Do not engage with suspicious websites, emails, texts and phone calls.
“Follow the advice of Scamwatch: STOP, THINK, PROTECT, REPORT. For more information on Scamwatch click here.”
The ASD also highlighted the importance of cyber attacks and threats being reported to the ACSC at all times, but especially when scammers seek to exploit large-scale incidents. Click here to report a threat.
What were the impacts across the economy?
Computer systems: The CrowdStrike “bug” has only impacted Microsoft systems. Microsoft has issued advice on its website suggesting that impacted systems may need to be rebooted up to 15 times for the CrowdStrike “fixes” to be effective. On Sunday, 21 July 2024, CrowdStrike reported that remediations are now available and being deployed by users. However, in most situations, a manual reset of impacted systems, computers and terminals is still required.
Payments networks: Australian Payment Plus has confirmed that eftpos, BPAY and NPP remained in operation but that some retailers using Windows payments terminals were impacted. In addition, Australian Payments Network report no other significant issues in regards to the processing of payments across the system.
Banks: The Australian Banking Association confirms that the situation had largely returned to business-as-usual by Monday, 22nd of July.
Telecommunications: Telstra, Optus and Vodafone did not reported any disruption to fixed line or mobile services.
Supply Chain: No major disruptions were reported to shipping, ports, rail or rail infrastructure. However, some concerns were raised on Monday, 22nd of July about the flow of deliveries in and out of distribution centres, and onto some stores, which could impact availability in the last week of July.
Airlines: Qantas and Virgin reported that flight schedules had returned to normal by Sunday, 21st of July. Some airport services such as baggage handling remain impacted, due to knock-ons following Friday’s backlog.
Fuel: No major disruptions were reported to fuel processing sites, store sites or stores.
Energy and utilities: No major disruptions were reported to water, electricity or gas.
Emergency services: Governments confirmed that 000 services are not affected.
What does it mean and what are the consequences?
The CrowdStrike incident impacted thousands of retail businesses, impacting an inability to operate fully, process payments, manage sales, marketing, promotions, and more due to what can be equated to a “blue screen of death” scenario. This outage may still be ongoing or you might just be beginning to regain access to some of your critical systems.
Legal Issues Arising
Some legal issues that may arise as a result of the CrowdStrike event include:
- Claims against suppliers: If there are disruptions to your supply chain, including if you have IT contractors, this may bring about contractual liability. Consider reviewing existing supplier contracts to establish whether there is a remedy available to you under these circumstances (Impact on KPIs, discounts, credits etc).
- Claims from consumers: Consider whether you owe any contractual obligations to consumers and evaluate the possibility and strength of potential claims that could arise against you.
- Insurance claims: Contact your insurance company to determine whether any of your policies cover business interruption.
- Privacy: Consider whether any of your confidential data has been jeopardised and whether there is a risk that privacy laws have been breached.
- IT security issues: Be aware that the current circumstances may give rise to potential scams. Be vigilant and conscious of potential unsolicited contact.
- Regulatory compliance: In some circumstances, operational outages may require notice. The relevant authorities are monitoring the recent events. Keep up to date with any directions to give notice and consider whether they are applicable to you.
The team at Artemide Law is available to discuss any legal issues arising from the outage, as well as mitigation strategies for future planning. Artemide Law can also provide advice on customer-facing agreements to ensure they contain sufficient protection for similar scenarios in the future that may also have detrimental business impacts. Click here for more information about how Artemide Law can support your business.
Last updated: Wednesday, 24 July 2024 (2.00pm AEST)
