Malicious actors attempt to exploit global technical outage for their own gain

Jose Angel Saavedra, left, and his wife Sara, of Johnston, Iowa, look at their cellphones as they try to book a flight after their original flight was canceled, Friday, July 19, 2024, at Des Moines International Airport in Des Moines, Iowa. (AP Photo/Charlie Neibergall)

As the world continues to recover from massive business and travel disruptions caused by a flawed software update from cybersecurity firm CrowdStrike, malicious actors are attempting to exploit the situation for their own gain.

Cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing scams in which malicious parties pose as CrowdStrike employees or other technical specialists offering help in resolving the outage.

“We know that adversaries and malicious actors will attempt to exploit these types of events,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure you contact official CrowdStrike representatives.”

The UK Cyber ​​Security Centre reports that they have noticed an increase in phishing attempts surrounding this event.

Microsoft said 8.5 million devices running its Windows operating system were affected by Friday’s flawed cybersecurity update that led to global disruptions. That’s less than 1% of all Windows-based machines, Microsoft cybersecurity director David Weston said in a blog post Saturday.

He also said such a significant disruption is rare, but “demonstrates the interconnectedness of our broad ecosystem.”

What happens to air travel?

With their tightly timed, intertwined schedules and complex technological systems, many major airlines struggle to stay on time when everything is going well. Perhaps unsurprisingly, the sector was hit hardest by the disruption, with crews and aircraft sitting idle.

By mid-afternoon Saturday, airlines around the world had canceled more than 2,000 flights on the U.S. East Coast, according to tracking service FlightAware, down from 5,100-plus cancellations on Friday.

About 1,600 of Saturday’s canceled flights were in the United States, where airlines scrambled to get planes and crews back on track after massive disruptions the day before. U.S. airlines canceled about 3.5% of their scheduled flights for Saturday, according to travel data provider Cirium. Only Australia was hit harder.

Flight cancellations were about 1% in the UK, France and Brazil and about 2% in Canada, Italy and India, the main aviation markets.

Robert Mann, a former airline executive who now works as a consultant in the New York area, said it’s unclear why U.S. airlines are canceling flights disproportionately. Possible reasons include greater outsourcing of technology and greater exposure to Microsoft operating systems that received CrowdStrike’s flawed upgrade.

Which airlines are hit hardest?

Delta Air Lines canceled more than 800 flights, or a quarter of its Saturday schedule, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which cut nearly 400 flights.

The worst airport to be in, for the second day in a row, was Hartsfield–Jackson Atlanta International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.

European airlines and airports appeared to be slowly recovering, although Lufthansa and its subsidiaries cancelled dozens of flights. Its budget subsidiary Eurowings said check-in, boarding, booking and rebooking of flights were all available again, although “isolated disruptions” were possible.

London’s Heathrow Airport said it was busy but operating normally on Saturday and that “all systems are operational again.” Flights at Berlin’s main airport were on or near schedule, German news agency dpa reported, citing an airport spokesman.

What is the state of health care systems?

Healthcare facilities affected by the outage were faced with closed clinics, canceled surgeries and appointments, and limited access to patient records.

Cedars-Sinai Medical Center in Los Angeles, California, said “steady progress has been made” in getting its servers back online and thanked patients for their flexibility during the crisis.

“Our teams will continue to work actively throughout the weekend as we resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a statement.

In Austria, a leading doctors’ organization said the outage exposed the vulnerability of relying on digital systems. Harald Mayer, vice president of the Austrian Chamber of Physicians, said the outage showed that hospitals need analog backups to protect patient care.

The organization also calls on governments to impose high standards for the protection and security of patient data, and on healthcare providers to train their staff and implement systems to manage crises.

“Fortunately, the problems that occurred remained minor and short-lived, and many areas of concern remained unaffected,” Mayer said in Austria.

The University Hospital of Schleswig-Holstein in northern Germany, which canceled all elective surgeries on Friday, reported Saturday that systems are gradually being restored and that elective surgery can resume from Monday.

Is the tech industry facing a reckoning?

“I wasn’t that surprised that an accident caused serious global digital disruption. I was a little surprised that the cause of it was a software update from a highly respected cybersecurity company,” said Ciaran Martin, a professor of management at the University of Oxford and former CEO of the UK’s National Cyber ​​Security Centre.

“There are some very difficult questions for CrowdStrike. How on earth did this update pass quality control?” he said. “The testing regime, whatever it is, clearly failed.”

Martin said governments in the UK and the European Union would be powerless to take action to prevent such disruptions, “because we have become reliant on a very American version of technology, and the power to do anything about that does not lie with this continent.”

Other analysts questioned whether the outage would lead to Washington or another administration imposing new requirements on technology companies.

“I don’t know what the mandate would be. Do better QA?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.

What have scammers learned from the outage?

Grenier expects most affected devices to be repaired in about a week. However, it will take longer to reach the laptops of employees who work far away, because the work can’t be done remotely. It’s a hands-on operation.

In the meantime, there will be scammers trying to take advantage of companies that have reported being affected by the outage.

“The threat is very real,” Grenier said. “Adversaries have the information to send targeted phishing emails and calls. They know what endpoint security tools you use. They know you use CrowdStrike.”

Grenier said affected companies should make sure they use a solution that CrowdStrike provides. “Don’t accept help from someone who comes out of nowhere and says, ‘I’ll fix it for you,'” he said.

Isabella O’Malley in Philadelphia, Stephen Graham in Berlin and technology writer Matt O’Brien contributed to this report.

An IT field service technician works on software on an information screen at United Airlines gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by widespread technology outages. (AP Photo/Carolyn Kaster)

Passengers wait at Benito Juárez International Airport in Mexico City, Friday, July 19, 2024. Some flights were canceled and others were delayed due to a global technology outage. (AP Photo/Marco Ugarte)

American Airlines planes wait at gates at Phoenix Sky Harbor International Airport, Friday, July 19, 2024, in Phoenix. An overnight outage was blamed on a software update that cybersecurity firm CrowdStrike sent to Microsoft computers of its corporate customers, many of whom are airlines. (AP Photo/Ross D. Franklin)

Retired IT technician William Taylor stands in line to buy a four-day train ticket to Jackson, Mississippi, at Union Station in Los Angeles, Friday, July 19, 2024, as a widespread outage at Microsoft disrupted flights, banks, media and businesses worldwide. (AP Photo/Damian Dovarganes)

A customer walks out of a Starbucks at Phoenix Sky Harbor International Airport in Phoenix, Friday, July 19, 2024. A global technology outage grounded flights, knocked banks offline and took media outlets offline after a faulty software update disrupted businesses and services around the world and highlighted their reliance on just a handful of providers. (AP Photo/Ross D. Franklin)

As seen from a United Airlines flight en route to Cincinnati, a plane taxis at Chicago O’Hare International Airport in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by a widespread technology outage. (AP Photo/Carolyn Kaster)

An IT field service technician works on software on an information screen at United Airlines gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by widespread technology outages. (AP Photo/Carolyn Kaster)

Planes line up at gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by a widespread technology outage. (AP Photo/Carolyn Kaster)