As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike , malicious actors are trying to exploit the situation for their own gain
Government cyber units around the world, along with CrowdStrike's CEO George Kurtz, are warning about fresh phishing cons. These scams feature fraudsters masquerading as CrowdStrike techies or other IT wizards, offering a helping hand to those entangled in the recent service disruptions.
"We know that adversaries and bad actors will try to exploit events like this," Kurtz said in a public address. "I encourage everyone to remain vigilant and ensure that you're engaging with official CrowdStrike representatives."
READ MORE: CrowdStrike fault that sparked global chaos exposed 'weakness in backbone of all IT infrastructure'
READ MORE: Crowdstrike IT outage could cause $16 BILLION loss for company - a fifth of its entire value
Britain 's cyber guardians have clocked a spike in phishing shenanigans linked to the incident.
Tech titan Microsoft has tallied up the damage, revealing that the dodgy update knocked 8.5 million Windows-run gadgets offline last Friday, causing a ripple effect felt around the world. That figure represents a mere fraction under 1%of all devices powered by Windows, according to Microsoft's digital defense guru David Weston, who shared insights in a weekend blog post.
Weston also said that such widespread disruption is uncommon but "demonstrates the interconnected nature of our broad ecosystem."
Major airlines, with their intricate schedules and complex tech systems, often find it challenging to maintain punctuality even under normal circumstances. So, it's no surprise that they were among the most affected by the recent outage, which left planes and crews out of position.
By Saturday afternoon on the East Coast, global airlines had canceled over 2,000 flights, as per FlightAware's tracking service. This was a significant decrease from the more than 5,100 cancellations on Friday.
Around 1,600 of Saturday's canceled flights were in the United States, where airlines were scrambling to reposition planes and crews following the massive disruptions the previous day. According to travel data provider Cirium, US carriers canceled approximately 3.5% of their scheduled flights for Saturday, with only Australia experiencing more cancellations.
In major air-travel markets like the United Kingdom , France, and Brazil, canceled flights accounted for about 1%, while in Canada, Italy, and India, the figure was around 2%.
Robert Mann, a former airline executive now working as a consultant in the New York area, said it was unclear why US airlines were experiencing disproportionate cancellations. However, he suggested possible causes could include a higher degree of technology outsourcing and greater exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike .
Delta Air Lines has axed over 800 flights, a quarter of its Saturday schedule, not including Delta Connection regional flights. United Airlines followed suit, scrapping nearly 400 flights.
For the second day in a row, Hartsfield-Jackson Atlanta International Airport, where Delta is the main airline, was the worst place to be. The Atlanta Journal-Constitution reported that thousands were forced to spend the night at the airport, with many resorting to sleeping on the floor.
European airlines and airports are slowly getting back on track, although Lufthansa and its affiliates have canceled dozens of flights. Its budget subsidiary Eurowings announced that check-in, boarding, booking and rebooking flights were all available again, but warned of potential "isolated disruptions".
London 's Heathrow Airport reported a busy but normal operation on Saturday, stating that "all systems are back up and running."
Flights at Berlin's primary airport were departing on or close to schedule, according to a spokesperson cited by the German Press Agency dpa.
Healthcare systems hit by the outage experienced clinic closures, canceled surgeries and appointments, and limited access to patient records. Cedars-Sinai Medical Center in Los Angeles, California, reported "steady progress has been made" in restoring its servers and expressed gratitude to its patients for their flexibility during the crisis.
"Our teams will be working actively through the weekend as we continue to resolve remaining issues in preparation for the start of the work week," the hospital stated.
In Austria, a top doctors' group has highlighted the risks of over-reliance on digital systems following the outage. Harald Mayer, the Austrian Chamber of Doctors' vice president, remarked that the incident underscores the need for hospitals to have analog backups to ensure patient care is not compromised.
READ MORE: 'I'm trapped at the airport due to CrowdStrike Microsoft outage — inside my nightmare journey home'
READ MORE: Huge global tech blunder sees CrowdStrike boss lose $322MILLION as firm sheds billions
The group also urged governments to enforce stringent patient data protection and security standards, and called for healthcare providers to train their personnel and establish crisis management protocols.
"Happily, where there were problems, these were kept small and short-lived and many areas of care were unaffected" in Austria, Mayer said.
After a system shutdown forced Schleswig-Holstein University Hospital in Germany to cancel elective surgeries on Friday, the hospital announced on Saturday that its systems were slowly coming back online and it expected to resume scheduled surgeries by Monday.
As the tech world grapples with the fallout, questions arise about accountability.
"I wasn't that surprised that an accident caused severe global digital disruption. I was a little surprised that the cause of it was a software update from a very well-respected cybersecurity company," shared Ciaran Martin, a professor at Oxford University and former head of the UK's National Cyber Security Center.
"There are some very hard questions for CrowdStrike . How on earth did this update get through quality control? " he said. "Clearly the testing regime, whatever it is, failed."
Martin expressed that governments in the UK and the European Union will find themselves without the power to prevent such tech breakdowns "because we have become dependent on a very American version of technology, and the power to do anything about that doesn't rest in this continent."
Skepticism remains among other analysts about whether the outage will prompt Washington or any other government to impose new regulations on tech companies.
"I don't know what the mandate would be. Do better QA? " asked Gartner analyst Eric Grenier, referring to quality assurance with an acronym.
Grenier predicts that most of the impacted systems should be restored within about a week, although more time may be required to fix laptops used by remote workers since the repairs necessitate physical handling and can't be done remotely.
In the interim, scammers are likely to target businesses that have revealed they were hit by the outage.
"The threat is very real," warned Grenier. "Bad actors have the information to send targeted phishing emails and calls. They know what endpoint-protection tools you use. They know you use CrowdStrike ."
Grenier advised affected businesses to utilize a solution provided by CrowdStrike . "Don't accept the help of somebody coming out of the blue and saying, 'I'll fix that for you,'" he warned.
Most Popular
Comments / 0