As the world continues to recover from massive business and travel disruptions caused by a flawed software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.
Government cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing schemes involving malicious actors posing as CrowdStrike employees or other technology specialists offering to help those recovering from the outage.
“We know that adversaries and malicious actors will attempt to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and make sure to communicate with official CrowdStrike representatives.”
The UK Cyber Security Centre said it had seen an increase in phishing attempts around the event.
Microsoft says 8.5 million devices running its Windows operating system were affected by Friday’s flawed cybersecurity update, which caused disruptions worldwide. That’s less than 1% of all machines running Windows, Microsoft cybersecurity chief David Weston said in a blog post Saturday.
He also said such a major disruption is rare but “demonstrates the interconnected nature of our vast ecosystem.”
What’s happening with air travel?
With tight flight schedules and complex technology systems, many major airlines struggle to meet deadlines when everything is going well. Perhaps unsurprisingly, the sector was one of the worst hit by the outage, with crews and planes stranded out of position.
As of Saturday afternoon, airlines worldwide had canceled more than 2,000 flights on the U.S. East Coast, according to tracking service FlightAware. That’s down from 5,100 cancellations on Friday.
About 1,600 of the flights canceled Saturday were in the United States, where carriers have struggled to get planes and crews back on track after massive disruptions the day before. U.S. carriers canceled about 3.5% of their flights scheduled for Saturday, according to travel data provider Cirium. Only Australia was hit harder.
Cancelled flights accounted for around 1% in the UK, France and Brazil and around 2% in Canada, Italy and India among major air travel markets.
Robert Mann, a former airline executive who now works as a consultant in the New York area, said it was unclear exactly why U.S. airlines were experiencing disproportionate cancellations, but possible causes included a greater degree of outsourcing of technology and greater exposure to Microsoft operating systems that received the flawed CrowdStrike upgrade.
The outages affected major companies including Visa, Amazon, Delta and United.
Which airlines are most affected?
Delta Air Lines canceled more than 800 flights, or a quarter of its Saturday schedule, not including Delta Connection regional flights. It was followed by United Airlines, which canceled nearly 400 flights.
The worst-rated airport, for the second day in a row, was Hartsfield-Jackson Atlanta International Airport, where Delta is the dominant airline. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the ground.
European airlines and airports appear to be slowly recovering from the crisis, although Lufthansa and its subsidiaries have cancelled dozens of flights. Its low-cost subsidiary Eurowings said that check-in, boarding, booking and rebooking of flights were possible again, although “isolated disruptions” were possible.
London’s Heathrow Airport said it was busy but operating normally on Saturday and that “all systems were back up and running.” Flights from Berlin’s main airport were leaving on time or almost as scheduled, German news agency dpa reported, citing an airport spokesman.
How are health systems holding up?
Health systems affected by the outage have had to close clinics, cancel surgeries and appointments, and restrict access to patient records.
Cedars-Sinai Medical Center in Los Angeles, California, said “steady progress has been made” in getting its servers back online and thanked its patients for their flexibility during the crisis.
“Our teams will be actively working through the weekend as we continue to resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a statement.
In Austria, a leading doctors’ organization said the outage had exposed the vulnerability of digital systems. Harald Mayer, vice president of the Austrian Chamber of Physicians, said the outage showed that hospitals needed analog backups to protect patient care.
The organization also called on governments to impose high standards for patient data protection and security, and for health providers to train their staff and put in place systems to manage crises.
“Fortunately, where there were problems, they were limited and short-lived and many areas of care were not affected” in Austria, Mayer said.
The University Hospital of Schleswig-Holstein in northern Germany, which cancelled all elective procedures on Friday, said on Saturday that systems were gradually being restored and elective surgery could resume by Monday.
A widespread outage affecting Microsoft computers was caused by a cybersecurity firm, CrowdStrike. The company offered a temporary fix to those affected while it worked to roll out an update.
Will the tech industry be held accountable?
“I wasn’t surprised that an accident caused a massive global digital disruption. I was a little surprised that the cause was a software update from a very well-respected cybersecurity company,” said Ciaran Martin, a professor of management at the University of Oxford and former chief executive of the UK’s National Cyber Security Centre.
“CrowdStrike is asking itself some very difficult questions. How on earth did this update pass QA?” he said. “It’s clear that whatever testing regime it was failed.”
Martin said the UK and European Union governments would be powerless to take action to prevent such outages “because we have become dependent on a very American version of technology, and the power to do anything about it does not lie on this continent”.
Other analysts doubt that the outage will lead Washington or any other government to propose new obligations to tech companies.
“I don’t know what the mission would be. Improving quality assurance?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.
What did the scammers learn from the outage?
Grenier expects the majority of affected machines to be repaired in about a week, with more time needed to reach laptops used by remote workers because the work can’t be done remotely – it’s a hands-on operation.
In the meantime, scammers will try to take advantage of businesses that have indicated they are affected by the outage.
“The threat is real,” Grenier said. “Malicious actors have the information they need to send targeted phishing emails and calls. They know what endpoint protection tools you’re using. They know you’re using CrowdStrike.”
Grenier said affected companies should make sure they are using a patch provided by CrowdStrike. “Don’t accept help from someone who comes out of nowhere and says, ‘I’m going to fix this for you,’” he said.
___
Isabella O’Malley in Philadelphia, Stephen Graham in Berlin and technology writer Matt O’Brien contributed to this report.
