Scammers are trying to exploit the global CrowdStrike outage for their own gain

As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity company CrowdStrike, malicious actors are trying to exploit the situation for their own gain.

Government cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning companies and individuals about new phishing schemes involving malicious actors posing as CrowdStrike employees or other technology specialists helping people recover from the outage.

“We know that adversaries and bad actors will try to exploit these types of events,” Kurtz said in a press statement rack. “I encourage everyone to remain vigilant and make sure you connect with official CrowdStrike representatives.”

The UK Cyber ​​Security Center said they noticed an increase in phishing attempts around this event.

Microsoft said 8.5 million Windows operating system devices were affected Friday by the faulty cybersecurity update that led to global disruptions. That’s less than 1% of all Windows-based machines, Microsoft cybersecurity manager David Weston said in a blog post on Saturday.

He also said that such a significant disruption is rare, but “demonstrates the interconnected nature of our broad ecosystem.”

With their tightly timed, intertwined schedules and complex technological systems, many major airlines struggle to stay on time when all goes well. Perhaps unsurprisingly, the sector was among the worst hit by the disruption, with crews and aircraft thrown out of position.

Airlines around the world had canceled more than 2,000 flights on the US East Coast by Saturday afternoon, according to tracking service FlightAware. That was a decrease from the more than 5,100 cancellations on Friday.

About 1,600 of Saturday’s canceled flights were in the United States, where airlines were scrambling to get planes and crews back into position after massive disruptions the day before. US airlines have canceled about 3.5% of their scheduled flights for Saturday, according to travel data provider Cirium. Only Australia was hit harder.

Flight cancellations were around 1% in the UK, France and Brazil and around 2% in Canada, Italy and India across key aviation markets.

Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear exactly why U.S. airlines were experiencing disproportionate cancellations, but possible causes include greater levels of technology outsourcing and greater exposure to Microsoft operating systems that failed to upgrade CrowdStrike.

Delta Air Lines canceled more than 800 flights, or a quarter of Saturday’s flight schedule, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which canceled nearly 400 flights.

The worst airport for the second day in a row was Hartsfield-Jackson Atlanta International Airport, where Delta is the dominant airline. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.

European airlines and airports appeared to be slowly recovering, although Lufthansa and its subsidiaries canceled dozens of flights. Its budget subsidiary Eurowings said check-in, boarding, booking and rebooking of flights were all available again, although “isolated disruptions” were possible.

London’s Heathrow Airport said it was busy on Saturday but operating normally and that “all systems are operational again.” Flights at Berlin’s main airport departed on or close to schedule, German news agency dpa reported, citing an airport spokesman.

Healthcare systems affected by the outage experienced clinic closures, canceled surgeries and appointments, and limited access to patient records.

Cedars-Sinai Medical Center in Los Angeles, California, said “steady progress has been made” to bring its servers back online and thanked its patients for their flexibility during the crisis.

“Our teams will be actively working throughout the weekend as we continue to resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a message. rack.

In Austria, a leading organization of doctors said the outage exposed the fragility of trust in digital systems. Harald Mayer, vice president of the Austrian Chamber of Doctors, said the outage showed that hospitals need analogue backups to protect patient care.

The organization also called on governments to impose high standards on the protection and security of patient data, and on healthcare providers to train staff and establish systems to manage crises.

“Fortunately, where there were problems, they were kept small and short-lived and many areas of concern remained unaffected” in Austria, Mayer said.

The Schleswig-Holstein University Hospital in northern Germany, which canceled all elective procedures on Friday, said on Saturday that its systems were being gradually restored and elective surgeries could resume on Monday.

“I wasn’t that surprised that an accident caused serious global digital disruption. I was a little surprised that the cause of this was a software update from a highly respected cybersecurity company,” said University of Oxford management professor Ciaran Martin, former CEO of the UK National Cyber ​​Security Center.

“There are some really tough questions for CrowdStrike. How on earth did this update pass quality control?” he said. “It is clear that the testing regime, whatever it is, has failed.”

Martin said governments in Britain and the European Union will be powerless to take steps to prevent such disruptions “because we have become dependent on a very American version of technology, and the power to do anything about that is beyond our control.” this continent. ”

Other analysts doubted the outage would prompt Washington or any other administration to propose new mandates for tech companies.

“I don’t know what the mandate would be. Do better QA?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.

Grenier expects the majority of affected machines to be repaired within about a week, with more time needed to reach laptops used by workers from distant countries because the work cannot be done remotely – it is a hands-on operation.

In the meantime, there will be scammers trying to take advantage of companies that have indicated that they have been affected by the outage.

“The threat is very real,” Grenier said. “Bad actors have the information to send targeted phishing emails and calls. They know what endpoint protection tools you use. They know you use CrowdStrike.”

Grenier said affected businesses should make sure they use a solution from CrowdStrike. “Don’t accept help from someone who comes out of nowhere and says, ‘I’ll fix that for you,’” he said.

Isabella O’Malley in Philadelphia, Stephen Graham in Berlin and technology writer Matt O’Brien contributed to this report.