Scammers see opportunity in aftermath of technical failure

As the world continues to recover from the disruptions to business and travel caused by a flawed software update from cybersecurity firm CrowdStrike, malicious actors are attempting to exploit the situation for their own gain.

Cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing scams in which malicious parties pose as CrowdStrike employees or other technical specialists offering help in resolving the outage.

“We know that adversaries and malicious actors will attempt to exploit these types of events,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure you contact official CrowdStrike representatives.”

The UK Cyber ​​Security Centre reports that it has noticed an increase in phishing attempts surrounding this event.

Microsoft said 8.5 million devices running its Windows operating system were affected by Friday’s flawed cybersecurity update that led to global disruptions. That’s less than 1% of all Windows-based machines, Microsoft cybersecurity director David Weston said in a blog post Saturday.

He also said such a significant disruption is rare, but “demonstrates the interconnectedness of our broad ecosystem.”

With their tightly timed, intertwined schedules and complex technological systems, many major airlines struggle to stay on time when everything is going well. Perhaps unsurprisingly, the sector was hit hardest by the disruption, with crews and aircraft sitting idle.

By mid-afternoon Saturday, airlines around the world had canceled more than 2,000 flights on the U.S. East Coast, according to tracking service FlightAware, down from 5,100-plus cancellations on Friday.

About 1,600 of Saturday’s canceled flights were in the United States, where airlines scrambled to get planes and crews back on track after disruptions the day before. U.S. airlines canceled about 3.5% of their scheduled flights for Saturday, according to travel data provider Cirium. Only Australia was hit harder.

Flight cancellations were about 1% in the UK, France and Brazil and about 2% in Canada, Italy and India, the main aviation markets.

Robert Mann, a former airline executive who now works as a consultant in the New York area, said it’s unclear why U.S. airlines are canceling flights disproportionately. Possible reasons include greater outsourcing of technology and greater exposure to Microsoft operating systems that received CrowdStrike’s flawed upgrade.

Delta Air Lines canceled more than 800 flights, or a quarter of its Saturday schedule, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which cut nearly 400 flights.

The worst airport to be in, for the second day in a row, was Hartsfield-Jackson Atlanta International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.

European airlines and airports appeared to be slowly recovering, although Lufthansa and its subsidiaries cancelled dozens of flights. Its budget subsidiary Eurowings said check-in, boarding, booking and rebooking of flights were all available again, although “isolated disruptions” were possible.

London’s Heathrow Airport reported that it was busy on Saturday but that operations were normal and that “all systems are operational again.” Flights at Berlin’s main airport were on or near schedule, German news agency dpa reported, citing an airport spokesman.

HEALTHCARE

Healthcare facilities affected by the outage were faced with closed clinics, canceled surgeries and appointments, and limited access to patient records.

Cedars-Sinai Medical Center in Los Angeles reported “steady progress” in bringing its servers back online and thanked patients for their flexibility during the crisis.

“Our teams will continue to work actively throughout the weekend to resolve any remaining issues in preparation for the start of the work week,” the hospital said in a statement.

In Austria, a leading doctors’ organization said the outage exposed the vulnerability of relying on digital systems. Harald Mayer, vice president of the Austrian Chamber of Physicians, said the outage showed that hospitals need analog backups to protect patient care.

The organization also calls on governments to impose high standards for the protection and security of patient data, and on healthcare providers to train their staff and implement systems to manage crises.

“Fortunately, the problems that occurred remained minor and short-lived, and many areas of care remained unaffected,” Mayer said in Austria.

The University Hospital of Schleswig-Holstein in northern Germany, which canceled all elective surgeries on Friday, reported Saturday that systems are gradually being restored and that elective surgery can resume from Monday.

TECHNICAL INDUSTRY

“I wasn’t that surprised that an accident caused serious global digital disruption. I was a little surprised that the cause of it was a software update from a highly respected cybersecurity company,” said Ciaran Martin, a professor of management at the University of Oxford and former CEO of the UK’s National Cyber ​​Security Centre.

“There are some very difficult questions for CrowdStrike. How on earth did this update pass quality control?” he said. “The testing regime, whatever it is, clearly failed.”

According to Martin, governments in the UK and the European Union are powerless to take action to prevent such disruptions, “because we have become dependent on a very American version of technology, and the power to do anything about that does not lie with this continent.”

Other analysts questioned whether the outage would lead to Washington or another administration imposing new requirements on technology companies.

“I don’t know what the mandate would be. Do better QA?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.

SCAM ARTISTS

Grenier expects most affected devices to be fixed in about a week. However, it will take longer to reach the laptops of employees who work far away, because the work can’t be done remotely. It’s a hands-on job.

In the meantime, there will be scammers trying to take advantage of companies that have reported being affected by the outage.

“The threat is very real,” Grenier said. “Adversaries have the information to send targeted phishing emails and calls. They know what endpoint security tools you use. They know you use CrowdStrike.”

Grenier said affected companies should make sure they use a solution that CrowdStrike provides. “Don’t accept help from someone who comes out of nowhere and says, ‘I’ll fix it for you,'” he said.

Information for this article came from Isabella O’Malley, Stephen Graham and Matt O’Brien of The Associated Press.

As seen from a United Airlines flight en route to Cincinnati, a plane taxis at Chicago O’Hare International Airport in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by a widespread technology outage. (AP Photo/Carolyn Kaster)

An IT field service technician works on software on an information screen at United Airlines gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by widespread technology outages. (AP Photo/Carolyn Kaster)

Planes line up at gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by a widespread technology outage. (AP Photo/Carolyn Kaster)

Jose Angel Saavedra, left, and his wife Sara, of Johnston, Iowa, look at their cellphones as they try to book a flight after their original flight was canceled, Friday, July 19, 2024, at Des Moines International Airport in Des Moines, Iowa. (AP Photo/Charlie Neibergall)

An IT field service technician works on software on an information screen at United Airlines gates at Chicago O’Hare International Airport, in Chicago, Friday, July 19, 2024. Transportation providers, businesses and governments are scrambling to get all their systems back online after extended outages caused by widespread technology outages. (AP Photo/Carolyn Kaster)

Passengers wait at Benito Juárez International Airport in Mexico City, Friday, July 19, 2024. Some flights were canceled and others were delayed due to a global technology outage. (AP Photo/Marco Ugarte)

American Airlines planes wait at gates at Phoenix Sky Harbor International Airport, Friday, July 19, 2024, in Phoenix. An overnight outage was blamed on a software update that cybersecurity firm CrowdStrike sent to Microsoft computers of its corporate customers, many of whom are airlines. (AP Photo/Ross D. Franklin)

Retired IT technician William Taylor stands in line to buy a four-day train ticket to Jackson, Mississippi, at Union Station in Los Angeles, Friday, July 19, 2024, as a widespread outage at Microsoft disrupted flights, banks, media and businesses worldwide. (AP Photo/Damian Dovarganes)