Several PH companies report service disruptions
Airlines, banks, TV channels and other businesses across the globe were scrambling to deal with one of the biggest IT crashes in recent years on Friday, apparently caused by an update to an antivirus program.
The disruption, which was linked to Microsoft’s Windows, appeared to be related to an issue with cybersecurity software from CrowdStrike. From Amsterdam to Zurich, across all continents, airports were reporting problems with their check-in systems.
Several Philippine companies, including major airlines and banks, reported delays caused by technical issues in their computer systems.
Cebu Pacific (CEB) and its sister airline CebGo said they canceled 24 domestic and 10 international flights scheduled for Friday due to the Microsoft system outage.
AirAsia Philippines head of communications Steve Dailisan added: “This outage is causing unexpected rebooting of machines, leading to some operational disruptions related to check-in processes and navigating the AirAsia MOVE app.”
Flag carrier Philippine Airlines, for its part, said its technical systems were “not affected” by the issue.
MIAA general manager Eric Ines mobilized additional manpower to manage extended queues at check-in counters and ordered his team to provide “Malasakit Kits” which include food snacks and bottled water to affected passengers.
At least four banks – BPI, Metrobank, UnionBank and RCBC, reported experiencing a slowdown or temporary unavailability of some online bank products and services.
“You may also experience delays in crediting of financial transactions including bills payment and interbank fund transfers as other institutions are likewise affected. Our technical team is already coordinating closely with the provider on the resolution of this issue,” BPI said in its advisory.
According to CrowdStrike, there have been widespread instances of “BSODs” (Blue Screen of Deaths) on Windows hosts, indicating system crashes on Microsoft’s Windows operating system.
The Department of Information and Communications Technology said its Cybersecurity Bureau and the National Computer Emergency Response Team are “vigilantly monitoring the ongoing software outage allegedly caused by a faulty update of a cybersecurity provider.”
“This outage is affecting companies globally, including those in the Philippines, that use the said cybersecurity product. We are in continuous communication with relevant stakeholders to obtain detailed information and assess the full impact of this incident,” DICT spokesperson Renato Paraiso said in a statement.
The Philippine Computer Emergency Response Team (PH CERT) estimated it would take “at least several days” before local workstations and servers affected by the shutdown of cybersecurity firm CrowdStrike are up and running again.
PH CERT president Lito Averia said while it cannot be completely ruled out that malicious threat actors had a hand in the shutdown.
“There is no immediate solution to this. The specific file that is causing trouble must be removed from every PC, laptop and server manually. Then, these devices can be restarted and set on recovery mode. This is a very laborious chore, especially for companies with thousands of devices… because the remedy has to be done to each and every device separately,” Averia explained in Filipino.
Major US air airlines initially grounded all flights over a communication issue—though American Airlines later said it had reinstated its flights.
Airports across the world said check-in systems were down and services were being handled manually, with delays likely.
Microsoft said in a technical update on its website that the problems began at 1900 GMT on Thursday, affecting users of its Azure cloud platform running cybersecurity software CrowdStrike Falcon.
“We recommend customers that are able to, to restore from a backup from before this time,” the US software giant said.
CrowdStrike CEO George Kurtz said on social media platform X that customers had been “impacted by a defect found in a single content update for Windows hosts.”
“The issue has been identified, isolated and a fix has been deployed,” he said.
Shares in CrowdStrike slumped by 20 percent in pre-market trading.
“I’m just in limbo as to how long I’ve got to wait here,” flight passenger Alexander Ropicano told Agence France Presse (AFP), as he waited at Sydney Airport in Australia.
The 24-year-old, flying to Brisbane to see his girlfriend, said the airline told him to “wait until the system is operational again,” but there is no indication how long that could be.
Media companies were also struggling with Britain’s Sky News saying the glitch had ended its morning news broadcasts and Australia’s ABC similarly reporting a major “outage.”
Some banks reported difficulties in processing digital payments, mobile phone carriers were disrupted and customer services in a number of companies were down.
The global nature of the failure prompted some experts to call for greater resilience in networks and question the reliance on a single provider for such a variety of services.
“We need to be aware that such software can be a common cause of failure for multiple systems at the same time,” said software engineering professor John McDermid from Britain’s York University. With AFP
“We need to design infrastructure to be resilient against such common cause problems,” he added.
All flights “regardless of destination” were grounded because of “communication issues,” the FAA said in a notice to airlines.
However, American Airlines later said that as of 0900 GMT “we have been able to safely re-establish our operation.”
Major airports including Berlin, which had earlier said all flights had been suspended, said flights were gradually resuming after the “technical issue.”
All airports in Spain were experiencing “disruptions” from an IT outage, the airport operator Aena said.
Hong Kong’s airport also said some airlines had been affected, with its authority issuing a statement in which it linked the disruption to a Microsoft outage.
The UK’s biggest rail operator warned of possible train cancellations due to IT issues.
Australia’s National Cyber Security Coordinator said the “large-scale technical outage” was caused by an issue with a “third-party software platform.”
France’s cybersecurity agency ANSSI said it was “fully mobilized” to identify and support those affected.
“There is no evidence to suggest that this outage is the result of a cyberattack,” the agency said.
As of this posting, the following countries have been affected by the massive IT outage: Australia, New Zealand, United States, United Kingdom, Spain, France, Netherlands, Hong Kong, India, Germany, Philippines, Singapore, Switzerland, Turkey, and Kenya. With AFP
