A worldwide CrowdStrike system malfunction led to massive failures on Microsoft Windows systems globally, including in Israel, due to a recent software update that did not undergo proper quality checks.Security experts said CrowdStrike’s routine update of its widely used cybersecurity software, which caused clients’ computer systems to crash worldwide on Friday, apparently did not undergo adequate quality checks before it was deployed.The latest version of its Falcon Sensor software was meant to make CrowdStrike clients’ systems more secure against hacking by updating the threats it defends against, but faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft’s Windows operating system. Hospitals, mail rooms, ports, and shopping centers in Israel were forced to halt or alter operations, although they resumed normal activity a few hours after the incident. Affected government agencies and healthcare institutions used paperwork throughout the morning and evening to remain operational.CrowdStrike is an American cybersecurity technology company that provides penetration workload and endpoint security, threat intelligence, and cyberattack services.
The hospitals that were impacted
The system error impacted the following hospitals:
- Shaare Zedek Medical Center
- Hillel Yaffe Medical Center
- Laniado Hospital
- Barzilai Medical Center
- Sheba Medical Center
- Wolfson Medical Center
- Shamir Medical Center
- Rambam Health Care Campus
- Mayanei Hayeshua Medical Center
- Galilee Medical Center
- Tzafon Medical Center (Poriya)
- Bnai Zion Hospital (Rothschild)
- Ziv Medical Center
- The French Hospital in Nazareth
- The Italian Hospital in Nazareth
Since the crash, most medical centers have either returned to full operation or diverted to a manual tracking system and continue operating normally.
Nevertheless, the hospitals were in a state of chaos. One Sheba doctor told Maariv, “We are in complete chaos. Work without computer systems is impossible. We are experiencing extremely heavy loads, and I only pray that our patients do not die here because tests were not taken or a mess was created in the registration.”
The system bug was falsely reported to have also impacted Magen David Adom’s emergency lines. A fake online message claiming to be the organization urged the public to dial 100 instead of 101 in medical emergencies. MDA has since clarified that emergency medical line 101 is in full operation.
Meuhedet Health Maintenance Organization reported that the system issues were impacting its functionality. They have diverted to manual operations until the issue is resolved.
Israel Post
The Communications Ministry said on Friday that the system error is impacting mailrooms nationwide.
According to them, service is currently impossible at post offices or Israel Post’s call center and website.
Indeed, the Israel Post soon after said that “due to a global software failure in an external company that affects many companies in Israel, it is currently not possible to receive service at the post offices and on the website.”
Shopping centers and malls
People around the country have taken to social media to state that stores are being shut down in shopping centers and malls, supposedly due to this malfunction.
Ashdod Port
Ashdod Port investigated how the error impacted its systems and notified that trucks and ships are not currently served.
Airlines
Due to computer failure, American Airlines, Delta, and United grounded all planes.
The error in the systems update
“What it looks like is, potentially, that the vetting or the sandboxing they do when they look at code... maybe somehow this file was not included in that or slipped through,” said Steve Cobb, chief information security officer at SecurityScorecard, which also had some systems impacted by the issue.Problems emerged quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as “blue screens of death.”Patrick Wardle, a security researcher who specializes in studying threats against operating systems, said his analysis identified the code responsible for the outage.He said the update’s problem was “in a file that contained either configuration information or signatures.” Signatures are code that detects specific types of malicious code or malware.“It’s very common that security products update their signatures, like once a day... because they’re continually monitoring for new malware and because [companies] want to make sure that their customers are protected from the latest threats,” he explained.The frequency of updates “is probably the reason why (CrowdStrike) didn’t test it as much,” he said.It is unclear how that faulty code entered the update and why it was not detected before it was released to customers.“Ideally, this would have been rolled out to a limited pool first,” said John Hammond, principal security researcher at Huntress Labs. “That is a safer approach to avoid a big mess like this.”Other security companies have had similar episodes in the past. McAfee’s buggy antivirus update in 2010 stalled hundreds of thousands of computers.But the global impact of this outage reflects CrowdStrike’s dominance. Over half of Fortune 500 companies and many government bodies, such as the top US cybersecurity agency itself, and the Cybersecurity and Infrastructure Security Agency, use the company’s software.The outage affected nearly 8.5 million Microsoft devices, Microsoft said in a blog on Saturday.“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices or less than one percent of all Windows machines,” it reported in the blog.
Jerusalem Post Staff contributed to this report.