Attackers are trying to exploit the global technology shutdown for their own purposes

As the world continues to recover from massive travel and business disruptions caused by a botched software update from cybersecurity company CrowdStrike, attackers are looking to exploit the situation for their own gain.

Government cybersecurity agencies around the world and even CrowdStrike CEO George Kurtz are warning businesses and individuals around the world about new phishing scams involving attackers posing as CrowdStrike employees or other technology experts offering to help users recover from disasters.

“We know that attackers and bad actors will try to take advantage of events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and engage with CrowdStrike officials.”

The UK’s Cyber ​​Security Centre said it had seen an increase in phishing attempts around the event.

Microsoft said 8.5 million devices running its Windows operating system were affected by Friday’s cybersecurity update, which caused outages around the world. That’s less than 1% of all Windows terminals, Microsoft’s chief cybersecurity officer David Weston said in a blog post Saturday.

Weston added that such a significant impact is rare, but “demonstrates the interconnected nature of our vast ecosystem.”

What’s happening with air transport?

With tight schedules, intertwined timetables and complex technology systems, many major airlines struggle to make it on time when everything is going smoothly. Unsurprisingly, the sector was one of the hardest hit by the power outages, leaving crews and aircraft disoriented.

By midday on the U.S. East Coast on Saturday, airlines around the world had canceled more than 2,000 flights, compared with more than 5,100 cancellations on Friday, according to tracking service FlightAware.

About 1,600 of the flights cancelled Saturday were in the United States, where airlines were scrambling to move planes and crews after widespread disruptions the day before. According to travel data provider Cirium, U.S. carriers canceled about 3.5% of flights scheduled for Saturday. Only Australia was hit harder.

Among major aviation markets, flight cancellations accounted for about 1% in the UK, France and Brazil, and 2% in Canada, Italy and India.

Robert Mann, a former airline executive and now a consultant in the New York area, said it’s unclear why U.S. airlines are suffering a disproportionate number of cancellations, but possible reasons include greater technology outsourcing and greater exposure to Microsoft operating systems that received the flawed CrowdStrike update.

Which airlines were hit the hardest?

Delta Air Lines canceled more than 800 flights, or a quarter of its Saturday schedule, not including Delta Connection regional flights. United Airlines followed suit, canceling nearly 400 flights.

The worst airport for the second day in a row was Atlanta’s Hartsfield-Jackson International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floor.

European airlines and airports appear to be slowly recovering, although Lufthansa and its subsidiaries have cancelled dozens of flights. Its low-cost subsidiary Eurowings said check-in, boarding, booking and rebooking operations were back on track, although there may be “some interruptions.”

London’s Heathrow Airport said it was overloaded on Saturday but operating normally and that “all systems are back to normal.” Flights at Berlin’s main airport were on or close to schedule, German news agency dpa reported, citing an airport spokesman.

How are health systems responding?

Health systems affected by the outage faced clinic closures, cancelled surgeries and appointments, and restricted access to patient records.

Cedars-Sinai Medical Center in Los Angeles, California, said it had made “steady progress” in getting its servers back online and thanked its patients for their flexibility during the crisis.

“Our teams will be working hard over the weekend as we continue to address outstanding issues to prepare for the start of the work week,” the hospital said in a statement.

In Austria, a leading doctors’ organization said the power outage exposed the vulnerability of digital systems. Harald Mayer, vice president of the Austrian Chamber of Doctors, said the outage showed that hospitals needed analog backups to protect patient care.

The organization also called on governments to introduce strict standards for the protection and security of patient data, and urged health care providers to train staff and implement systems for crisis management.

“Fortunately, where problems did occur, they were small and short-lived, and many areas of health care were not affected” in Austria, Mayer said.

The University Hospital of Schleswig-Holstein in northern Germany, which cancelled all elective procedures on Friday, said on Saturday that systems were gradually being restored and that elective surgeries could resume on Monday.

Will the tech industry face a reckoning?

“I was not surprised that the outage caused a major global digital disruption. “I was a little surprised that it was caused by a software update from a respected cybersecurity company,” said Oxford University management professor Ciaran Martin, former chief executive of the UK’s National Cyber ​​Security Centre.

“CrowdStrike is asking itself some very tough questions. How could this update possibly pass quality control?” he asked. “Clearly the testing regime, whatever it was, failed.”

Martin said the UK and EU governments would be powerless to take action to prevent these failures “because we have become dependent on a very American version of the technology and the capacity to do anything about it is not on this continent”.

Other analysts doubt that the blackout will prompt Washington or any other government to offer new mandates to tech companies.

“I don’t know what the mandate will be. Improve quality control?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.

What have scammers learned from the power outage?

Grenier expects most of the affected machines to be repaired within about a week, although laptops for workers in remote locations will take longer to repair because the work cannot be done remotely.

Meanwhile, scammers will try to take advantage of businesses that have reported being affected by the outage.

“The threat is real,” Grenier says. “The attackers have the information they need to send spear-phishing emails and calls. They know what endpoint security tools you use. They know you use CrowdStrike.”

Grenier said affected businesses should ensure they are using the solution provided by CrowdStrike.

“Don’t accept help from someone who comes out of nowhere and says, ‘I’ll take care of everything for you,'” he said.

___

Isabella O’Malley in Philadelphia, Stephen Graham in Berlin and Matt O’Brien contributed to this report.