A cyber intelligence agency has warned that malicious websites are using the incident to spread “unofficial code” claiming to fix any ongoing issues.
Sunday 21 July 2024 08:37 UK Time
A faulty software update that caused a global IT outage likely bypassed checks before it was deployed, experts say, as a warning is issued about malicious websites offering to fix devices.
An estimated 8.5 million Microsoft Windows computers worldwide have been affected by the update from cybersecurity firm CrowdStrike, causing delays at airports, broadcast stations, hospitals and businesses.
Problems quickly emerged after the latest release of CrowdStrike’s Falcon sensor software. It was released on Friday..
The update was intended to make systems more secure against hacking, but instead it caused devices to display a “blue screen of death” due to faulty code.
“What it looks like is, most likely, the scan or sandbox that they do when they look at the code, maybe somehow that file wasn’t included in that or was snuck in,” said Steve Cobb, chief security officer at Security Scorecard, as he considered the technical cause of the glitch.
Another expert, security researcher Patrick Wardle, attributed the update issue to “a file that contains either configuration information or signatures.” [code that detects specific types of malicious code or malware]”
“It is very common for security products to update their signatures, say once a day… because it happens on a continuous basis.
“They are monitoring new malware and want to make sure their customers are protected from the latest threats,” Mr. Wardle said.
He added that the frequency of updates “is probably the reason.” [CrowdStrike] I haven’t tested it as much.”
“Beware of potential scams”
Australia’s cyber intelligence agency has warned that efforts by CrowdStrike to make customers more secure against hacking attempts have backfired as malicious websites have begun using the incident to publish “unofficial code” claiming to fix any ongoing issues.
The Australian Signals Directorate said on its website that its Cyber Security Centre “strongly encourages all consumers to obtain their technical information and updates only from official CrowdStrike sources.”
The country’s cybersecurity minister, Claire O’Neill, said on social media platform X that citizens should “be aware of potential scams and phishing attempts.”
The fallout from the outage continued to cause disruption to services in the UK. in the weekenddespite CrowdStrike rolling out a fix.
NHS England has warned of GP services being cut next week, and pharmacy services were dealing with a huge backlog.
Meanwhile, travelers have reported incidents of lost luggage at airports and delays of up to nine hours.
Read more:
What to do if your travel plans are disrupted
Who will pay for the worst IT outage the world has ever seen?
CrowdStrike CEO George Kurtz said Friday that it would take “some time” before all systems are back to normal, and industry expert Adam Leon Smith of BCS, the Chartered Institute for IT, warned of that. It may take “weeks” to fully recover..
Sky News has contacted CrowdStrike for comment.