North Florida – As our global community continues to navigate the aftereffects of significant business and travel disruptions instigated by a faulty software update from cybersecurity heavyweight, CrowdStrike, opportunistic malicious actors are seizing the chance to manipulate the situation for their own benefit.
Various government cybersecurity agencies worldwide alongside George Kurtz, the CEO of CrowdStrike, are alerting businesses and individuals about emerging phishing scams. These scams involve harmful individuals posing as CrowdStrike employees or other tech professionals, offering their services to those still recovering from the recent outage.
“We are aware that adversaries and bad actors will attempt to exploit situations like this,” Kurtz mentioned in an official statement. He further encouraged everyone to stay alert and ensure interactions are only with authorized CrowdStrike representatives.
The UK Cyber Security Center also reported an uptick in phishing attempts related to this event.
The Impact on Microsoft
Microsoft disclosed that approximately 8.5 million devices running its Windows operating system were affected by the flawed cybersecurity update last Friday. This resulted in widespread disruptions worldwide. Nonetheless, this figure represents less than 1% of all Windows-based machines, according to Microsoft cybersecurity executive David Weston.
In a blog post published on Saturday, Weston further elaborated that significant disturbances of this nature are uncommon but highlight “the interconnected nature of our broad ecosystem.”
Effects on Air Travel
Given their tightly timed schedules and intricate technological systems, it wasn’t surprising to see major airlines struggling to maintain their schedules following the disruption. According to tracking service FlightAware, airlines worldwide had canceled over 2,000 flights by mid-afternoon on Saturday. This figure was a decrease from over 5,100 cancellations on Friday.
- About 1,600 of Saturday’s canceled flights were in the United States.
- Only Australia was hit harder than the U.S, with U.S. carriers cancelling about 3.5% of their scheduled flights for Saturday.
- In the United Kingdom, France, and Brazil, cancellations stood at about 1%.
- Canada, Italy, and India among major air-travel markets reported about 2% cancellations.
Robert Mann, a former airline executive and current consultant in the New York area, suggested that the disproportionate cancellations in U.S. airlines could be due to a greater degree of outsourcing of technology and more exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike.
Airlines Suffering the Most
Delta Air Lines and United Airlines were among the airlines hit the hardest, with Delta cancelling over 800 flights and United nearly 400.
For two consecutive days, Hartsfield–Jackson Atlanta International Airport, where Delta is the primary carrier, was the most affected airport. Thousands of people reportedly spent the night at the airport, many of them sleeping on the floors.
European airlines and airports seemed to be slowly recovering, despite Lufthansa and its affiliates cancelling dozens of flights.
Impact on Healthcare Systems
Healthcare systems affected by the outage experienced clinic closures, cancelled surgeries, appointments, and restricted access to patient records.
Cedars-Sinai Medical Center in Los Angeles, Calif., reported making “steady progress” in restoring their servers. The Austrian Chamber of Doctors warned that the outage exposed the vulnerability of relying solely on digital systems, and called for the implementation of analog backups to safeguard patient care.
Potential Repercussions for the Tech Industry
Former chief executive of the U.K.’s National Cyber Security Center and current Oxford University management professor, Ciaran Martin, raised concerns about how the software update got through CrowdStrike’s quality control. He suggested there are some hard questions that CrowdStrike needs to address.
Scam Artists Capitalizing on the Outage
Gartner analyst Eric Grenier anticipates that most affected machines will be fixed within a week, but warned of scammers trying to exploit businesses that have indicated they were affected by the outage.
Grenier stressed the importance of using a fix supplied by CrowdStrike, advising businesses not to accept help from unknown sources offering to rectify the issue.
