As the world continues to recover from major business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation to their own advantage.
Government cyber security agencies around the world and CrowdStrike CEO George Kurtz are warning businesses and individuals about a new phishing scheme involving malicious actors posing as CrowdStrike employees or other technology specialists offering to help those recovering from outages.
“We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I urge everyone to be vigilant and make sure you engage with an authorized CrowdStrike representative.”
The UK Cyber ​​Security Center says there has been an increase in phishing attempts in this event.
(For today’s top tech news, subscribe to Cache’s current tech newsletter)
Microsoft said 8.5 million devices running its Windows operating system were affected by a cybersecurity update on Friday that caused disruptions around the world. That’s less than 1% of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post on Friday.
He also said that significant disruptions are rare but “demonstrate properties associated with broad ecosystems.”
With tight schedules, intertwining and complex technology systems, many large airlines struggle to keep up with the times when everything is going well. It may come as no surprise that the industry is one of the hardest hit by disruption, with crews and aircraft caught out.
As of Saturday afternoon on the US East Coast, airlines around the world had canceled more than 2,000 flights, according to tracking service FlightAware. That’s down from 5,100-plus cancellations on Friday.
About 1,600 flights were canceled on Saturday across the United States, where operators scrambled to get planes and crews back into position after major disruptions the previous day. According to travel data provider Cirium, US carriers canceled about 3.5% of their scheduled flights on Saturday. Only Australia was hit hard.
Canceled flights accounted for about 1% in the UK, France and Brazil and about 2% in Canada, Italy and India among major air travel markets.
Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear why US airlines suffered from disproportionate cancellations, but possible causes included greater levels of technology outsourcing and greater exposure to Microsoft’s operating system. a faulty upgrade from CrowdStrike.
Delta Air Lines canceled more than 800 flights, or one-fourth of its Saturday schedule, and that number does not include Delta Connection regional flights. It was followed by United Airlines, which dropped almost 400 flights.
The worst airport, for the second straight day, was Atlanta’s Hartsfield–Jackson International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.
European airlines and airports appear to be slowly recovering, although Lufthansa and its affiliates have canceled dozens of flights. Budget subsidiary Eurowings said check-in, boarding, booking and rebooking flights were all available again, although “isolated disruptions” were possible.
London’s Heathrow Airport said it was busy but operating normally on Saturday and “all systems are back and running.” Flights at Berlin’s main airport are departing or close to schedule, the German Press Agency dpa reported, citing an airport spokesman.
Health care systems affected by the outage faced closing clinics, canceling surgeries and appointments and limiting access to patient records.
Cedars-Sinai Medical Center in Los Angeles, California, said “steady progress has been made” to bring servers back online and thanked patients for being flexible during the crisis.
“Our team will be working actively over the weekend as we continue to resolve outstanding issues in preparation for the start of the work week,” the hospital wrote in a statement.
In Austria, a major doctors’ organization said the blackout showed the vulnerability of relying on digital systems. Harald Mayer, vice president of the Austrian Chamber of Doctors, said the outage showed that hospitals needed analog backups to protect patient care.
The organization also called on the government to adopt high standards for the protection and security of patient data, and for healthcare providers to train staff and create systems to manage crises.
“Happily, if there is a problem, it remains small and short-lived and many treatment areas are not affected” in Austria, Mayer said.
The University Hospital of Schleswig-Holstein in northern Germany, which canceled all elective procedures on Friday, said on Saturday that systems were gradually being restored and elective operations could resume on Monday.
“I’m not surprised that the accident caused a severe global digital disruption. I’m a little surprised that it caused a software update from a very respected cybersecurity company,” said Oxford University management professor Ciaran Martin, former chief executive of the UK’s National Cyber ​​Security Centre.
“There are some very difficult questions for CrowdStrike. How does this update pass quality control?” he said. “Clearly the testing regime, whatever it is, is failing.”
Martin said that governments in the UK and the European Union will not have the power to take measures to prevent the damage “because we are dependent on the American version of technology, and the power to do anything is not on this continent.”
Other analysts doubt that the blackout will lead Washington or other governments to propose new mandates for tech companies.
“I don’t know what the mandate is. Is QA better?” said Gartner analyst Eric Grenier, using the acronym for quality assurance.
Grenier expects that the majority of affected machines will be repaired in about a week, with more time to reach the laptops used by remote workers because the work can’t be done remotely — it’s a hands-on operation.
In the meantime, there will be scammers trying to take advantage of businesses that have indicated they are affected by the outage.
“The threat is very real,” Grenier said. “Bad actors have the information to send targeted phishing emails and phone calls. They know what endpoint protection tools you use. They know you use CrowdStrike.
Grenier said affected businesses should make sure to use the fixes provided by CrowdStrike. “Don’t accept help from someone out of the blue and say, ‘I’ll fix that for you,'” he said.