/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

Banks and payments hit as faulty CrowdStrike update causes global Microsoft outage

Banks and card payment systems are among the victims of the worldwide tech outage on Microsoft platforms.

1 comment

Banks and payments hit as faulty CrowdStrike update causes global Microsoft outage

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The issue is being blamed on a software update at cybersecurity firm CrowdStrike. The firm's CEO George Kurtz says there was a "defect found in a single content update for Windows hosts”.

Adds Kurtz: "This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."

Microsoft stated early this morning: ““We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July.”

The outage has hit banks, with Lloyds in the UK and South Africa's Capitec among those reporting issues. Waterstones, Waitrose and Wetherspoons are among the retailers having problems accepting card payments.

The London Stock Exchange's RNS (regulatory news service) has been knocked out while trading has been disrupted, with JP Morgan and UBS among those reported to be struggling to finalise trades.

Meanwhile, Melanie Pizzey, CEO the Global Payroll Association warns of potential trouble to come: “We’ve been contacted by numerous clients already today who have been unable to access their payroll software due to the Microsoft outage and others who have been urged to log out with immediate effect.

"Depending on the length of this outage, it could have very serious implications for businesses across the nation, particularly those who process payroll on a weekly basis."

Windows online services have also been causing havoc in airports, train stations, and broadcasting stations, among others. Ryanair, American Airlines, KLM, Qantas, and Air New Zealand are among the numerous airlines delayed by the system failure, leading to massive delays at airports. Services and companies such as Allianz, NHS, BBC, Waitrose, and Sky News have also been impacted.

The stock prices for Microsoft and CrowdStrike have decreased as a result of the failure. 

This outage is yet another in a long list of recent system failures that have been impacting day-to-day life and leading to mass frustration among consumers. Just yesterday, the Bank of England suffered a major payments issue that shut down RTGS system Chaps. Last week, Worldline caused a payments outage in the UK that shut down payments systems in retailers all over the country for Visa and Mastercard users.

Jake Moore, global security advisor at ESET, comments: “These outages are increasing in volume due to the sheer increase in numbers of online users and traffic.

“The inconvenience caused by the loss of access to services for thousands of people serves as a reminder of our dependence Big Tech such as Microsoft in running our daily lives and businesses.”

Al Lakhani, CEO of IDEE, states: "CrowdStrike’s platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues. For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure. Moreover, agents can become a single point of failure, as a bad update can compromise the entire network, as seen with the SolarWinds attack.

"The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient. This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences."

David Varney, partner at UK law firm Burges Salmon, says: “The effectiveness of mitigation measures during unforeseen IT outages largely depends on the preparedness and resilience built into an organisation's business continuity strategies. The current Crowdstrike outages are a stark reminder of the importance of proactive planning and regular testing to ensure business resilience in the face of unforeseen challenges.”

Sponsored [Webinar] Reimagine Banking: How to effectively modernise your core and de-risk at the same time

Comments: (1)

A Finextra member 

This is a lovely display of "flipping the switch". As the world panics they are resetting the global infrastructure by embedding DLT and new cloud systems to reduce concentrated risks. Blockchain fosters decentralization and prohibits these risks with the assist of AI. There is no time in history that global systems haulted all at once. These incidents always occur on a weekend Friday to Sunday for "maintenance". Welcome to the new world order mates.

[Impact Study] Payment Fraud in 2024: Who is Liable?Finextra Promoted[Impact Study] Payment Fraud in 2024: Who is Liable?