As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity company CrowdStrike, malicious actors are trying to exploit the situation for their own benefit.
Government cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning companies and individuals about new phishing schemes involving malicious actors posing as CrowdStrike employees or other technology experts offering to help those recovering from the interruption.
“We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure they engage with official CrowdStrike representatives.”
The UK Cyber Security Center said it noticed an increase in phishing attempts around this event.
Microsoft said 8.5 million devices running its Windows operating system were affected by the faulty cybersecurity update on Friday, which led to outages around the world. That represents less than 1% of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post Saturday.
He also said such a significant disruption is rare, but “demonstrates the interconnected nature of our broad ecosystem.”
With tight, interconnected schedules and complex technological systems, many large airlines struggle to stay on schedule when everything is going well. It was perhaps unsurprising that the industry was one of the hardest hit by the disruption, with crews and planes caught out of position.
By mid-afternoon on Saturday on the U.S. East Coast, airlines around the world had canceled more than 2,000 flights, according to tracking service FlightAware. That was down from more than 5,100 cancellations on Friday.
About 1,600 of Saturday’s canceled flights were in the United States, where carriers struggled to get planes and crews back into position after major disruptions the day before. According to travel data provider Cirium, U.S. airlines canceled about 3.5% of their flights scheduled for Saturday. Only Australia was hit harder.
Canceled flights were around 1% in the United Kingdom, France and Brazil and around 2% in Canada, Italy and India among the main air travel markets.
Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear exactly why U.S. airlines were experiencing disproportionate cancellations, but possible causes include a greater degree of technology outsourcing and more exposure to Microsoft operating systems that received the faulty CrowdStrike update.
Delta Air Lines canceled more than 800 flights, or a quarter of its schedule for Saturday, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which abandoned almost 400 flights.
The worst airport, for the second day in a row, was Hartsfield-Jackson Atlanta International Airport, where Delta is the dominant airline. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.
European airlines and airports appeared to be slowly recovering, although Lufthansa and its affiliates canceled dozens of flights. Its budget subsidiary Eurowings said check-in, boarding, booking and rebooking of flights were available again, although “isolated disruptions” were possible.
London’s Heathrow Airport said it was busy but operating normally on Saturday and that “all systems were back up and running.” Flights at Berlin’s main airport departed on or close to time, the German Press Agency dpa reported, citing an airport spokesman.
Healthcare systems affected by the outage faced clinic closures, canceled surgeries and appointments, and restricted access to patient records.
Cedars-Sinai Medical Center in Los Angeles, California, said “steady progress has been made” in bringing its servers back online and thanked its patients for being flexible during the crisis.
“Our teams will be working actively throughout the weekend as we continue to resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a statement. declaration.
In Austria, a leading doctors’ organization said the outage exposed the vulnerability of relying on digital systems. Harald Mayer, vice-president of the Austrian Chamber of Doctors, said the outage showed that hospitals needed analogue backups to protect patient care.
The organization also called on governments to impose high standards on the protection and security of patient data, and on healthcare providers to train staff and implement systems to manage crises.
“Fortunately, where there were problems, they were kept small and short-lived and many areas of care were not affected” in Austria, Mayer said.
University Hospital Schleswig-Holstein in northern Germany, which canceled all elective procedures on Friday, said on Saturday that systems were gradually being restored and that elective surgeries could resume on Monday.
“I was not that surprised that an accident caused a serious global digital disruption. I was a little surprised that the cause of this was a software update from a very respected cybersecurity company,” said Ciaran Martin, professor of management at the University of Oxford, former chief executive of the UK’s National Cyber Security Center. .
“There are some very difficult questions for CrowdStrike. How the hell did this update get through QA?” he said. “It’s clear that the testing regime, whatever it was, failed.”
Martin said the UK and EU governments will be powerless to take action to prevent such collapses “because we have become dependent on a very American version of technology and the power to do anything about it does not reside on this continent. ”
Other analysts doubted the outage would prompt Washington or any other government to propose new mandates for technology companies.
“I don’t know what the mandate would be. Do better quality control?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.
Grenier expects most of the affected machines to be fixed in about a week, with more time needed to get to laptops used by distant workers because the work cannot be done remotely – it is a hands-on operation.
Meanwhile, there will be scammers trying to take advantage of businesses that have indicated they are affected by the outage.
“The threat is very real,” Grenier said. “Bad actors have information to send targeted phishing emails and calls. They know which endpoint protection tools you use. They know you use CrowdStrike.”
Grenier said affected companies need to use a solution provided by CrowdStrike. “Don’t take help from someone who comes out of nowhere and says, ‘I’ll fix this for you,’” he said.
___
Isabella O’Malley in Philadelphia, Stephen Graham in Berlin and technology writer Matt O’Brien contributed to this report.
This story originally appeared on ABCNews.go.com read the full story
