Efforts to deal with a global tech outage that caused chaos for travellers, hospitals and banks are underway, but it may not be the end of your computer woes: Phishing schemes trying to reel in businesses and individuals are now coming to light.
Security specialists are warning to be aware of malicious actors purporting to be tech specialists offering help to recover from the outage, which was caused by a faulty software update from the cybersecurity firm CrowdStrike.
Some of the scammers may even be posing as employees of Texas-based CrowdStrike, which has offices around the world.
CrowdStrike said it’s not believed a hack or cyberattack was behind the outage and it has delivered a fix to address it. The company has apologized and vows to be as transparent as possible in assessing what happened, while warning some may be trying to take advantage of the situation.
For instance, in Latin America, there have been attempts by scammers trying to trick people and the U.K.’s National Cyber Security Centre said it has noticed an increase in phishing attempts related to the outage.
On Friday, CrowdStrike CEO George Kurtz told NBC’s Today Show that the company is working with its customers globally to ensure they get back online safely.
“It could be some time for some systems that just automatically won’t recover,” he said. “But it is our mission … to make sure every customer is fully recovered, and we’re not going to relent until we get every customer back to where they were, and we continue to protect them and keep the bad guys out of their systems.”
Outage prime pickings for scammers, Canadian analyst says
Microsoft said Saturday about 8.5 million devices running its Windows operating system were affected in the IT crash that left some stuck on what’s known as the “blue screen of death” — signalling computers have been knocked offline in a full system failure without the ability to restart.
That’s less than one per cent of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post Saturday.
He also said such a significant disturbance is rare but “demonstrates the interconnected nature of our broad ecosystem.”
Canadians woke up Friday to a global tech outage disrupting operations in multiple industries. Cybersecurity firm Crowdstrike’s Falcon Sensor software caused Microsoft Windows to crash and display a blue error screen. Cybersecurity and tech analyst Ritesh Kotak explains how the outage impacted subscribed to Crowdstrike and what mitigation actions Microsoft might be taking.
Still, said Carmi Levy, a technology analyst in Canada, scammers are always scanning news headlines to jump on opportunities to go phishing.
Typically, they’ll reach out by email or social media instant messaging, he said. Some will even call and say they’re from a support department, a way to “look for opportunities to hit us when they least expect it.”
“We tend to think of scammers, cybercriminals, fraudsters as these James Bond-like masterminds — these super-villains who use incredible technology and incredible knowledge — when in reality, they’re lazy,” Levy told CBC on Saturday from London, Ont.
“They go after us when we’re at our most vulnerable … they’ll target us in the wake of a natural disaster or a human-caused disaster like this one when there’s lots of chaos and lots of uncertainty.”
Residual fallout from outage
The repercussions of the outage continued Saturday. Some airline passengers were being told it could take three days to get to their destinations, while some pharmacy prescription and bank services were still impacted.
By late Saturday morning, airlines around the world had cancelled more than 1,500 flights, far fewer than the 5,100-plus cancellations on Friday, according to figures from tracking service FlightAware.
Two-thirds of Saturday’s cancelled flights occurred in the United States, where carriers scrambled to get planes and crews back into position after Friday’s massive disruptions. According to travel data provider Cirium, U.S. carriers cancelled about 3.5 per cent of their scheduled flights for Saturday. Only Australia was hit harder.
Cancelled flights were running at about one per cent in the United Kingdom, France and Brazil, and about two per cent in Canada, Italy and India among major air-travel markets, Cirium says.
David Shipley, CEO of Beauceron Security, a New Brunswick-based cybersecurity software firm, says Canadians frustrated by the CrowdStrike outage should ‘get mad’ and make sure federal party leaders know about their frustration to mitigate future incidences.
Robert Mann, a former airline executive and consultant in the New York area, said it was unclear exactly why U.S. airlines were suffering disproportionate cancellations. Possible causes include a greater degree of outsourcing of technology and more exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike, he said.
Health-care systems globally reported widespread problems — including closures, cancelled surgeries and appointments and restricted access to patient records — due to Friday’s outage.
On Friday, British Columbia health authorities said the disruption affected its networks and computers across all systems, while hospitals in Toronto and Hamilton also dealt with some issues related to the outage. Some health-care services in Newfoundland and Labrador were also affected.
In the U.S., Cedars-Sinai Medical Center in Los Angeles said Saturday that “steady progress has been made” to bring its servers back online and thanked its patients for being flexible during the crisis.
In Austria, a leading organization of doctors said the outage exposed the vulnerability of relying on digital systems.
Harald Mayer, vice-president of the Austrian Chamber of Doctors, said the outage showed that hospitals need to have analog backups to protect patient care. The organization also called on governments to impose high standards in patient data protection and security, and on health providers to train staff and put systems in place to manage crises.
The Schleswig-Holstein University Hospital in northern Germany had cancelled all elective procedures Friday, but said systems were gradually being restored and elective surgery could resume by Monday.
How to tech-protect yourself
While this week’s outage may have been rare, Levy warns not to be complacent and offers these tips for screening out the fakes:
- Big tech companies don’t spontaneously reach out to people to say they have a problem and offer to fix it. “Microsoft’s customer support department doesn’t operate in that way. No one’s does. … our first inclination should be fraud.”
- If you receive an email or other message, get out of the message and go to the company website to see if there are any messages or updates.
- If you click on a phishing link or give remote access to your machine, act swiftly to secure your email and other accounts, changing passwords and contacting the vendors of the platform being used in the scam.
- To make yourself less vulnerable to scammers, “toughen up” your individual profile and don’t “put all your eggs in one basket.” For instance, for banking, ensure you have a manual method of engaging with your bank aside from an app on your phone. “Make sure you’re following smart password protocol across all your accounts — you need different passwords for each account and change them regularly. Use difficult-to-guess passwords,” Levy urged, because cybercriminals are known to harvest information from your online profiles.
