in short:
Regular updates to cybersecurity software widely used by CrowdStrike appear not to have been adequately quality-checked before being deployed, security experts say.
Microsoft estimates that Friday’s massive IT outage left around 8.5 million computers out of service around the world.
What’s next?
Microsoft said it has “hundreds of Microsoft engineers and experts” working directly with customers to resolve the issues.
Microsoft estimates that Friday’s massive IT outage left around 8.5 million computers out of service around the world.
A software update by global cybersecurity firm CrowdStrike, one of the largest telecommunications companies in the industry, caused system problems that led to flights being halted, broadcasters going off the air and customers being unable to access healthcare, banking and other services.
In a statement, Microsoft estimated that the error affected 1% of Windows computers worldwide.
This is the first time that a number has been put on the incident, which continues to cause problems around the world.
CrowdStrike sent corrupted software updates to its customers, crashing computer systems and causing chaos.
Businesses and consumers are now being warned that criminals may be taking advantage of the confusion, making false offers of so-called “fixes”.
The figures released by Microsoft mean that this is the biggest cyber incident in history, likely surpassing all previous hacks and outages.
The National Coordination Mechanism, made up of representatives from government agencies and affected sectors, is meeting to discuss next steps in Australia’s “recovery phase” from the blackout.
Deputy Energy Minister Jenny McAllister said work was ongoing between the government and industries affected by the outage to ensure they were back up and running.
“We are still in the recovery phase and there is still a lot of work to be done to ensure that we address the remaining issues that have been created by this outage,” she told Sky News on Sunday.
“There will be an opportunity in due course to reflect on what has happened over the past few days and whether it has exposed vulnerabilities that we can address.”
Most of the businesses affected by the outage had resumed operations by Saturday.
Calling for improved “national resilience”
Australia’s top cyber security official, CISO David Cullen, said the federal government should consider reviewing its cybersecurity and software systems in the wake of the outage.
Loading…
He said lessons needed to be learned to ensure similar vulnerabilities were prevented.
“As systems and services across the country return to normal, governments and the private sector should seize the opportunity to learn as much as they can to understand how to improve the nation’s resilience and reduce the risk of further disruptions like this one,” he said.
But Ciaran Martin, a professor of management at Oxford University and former chief executive of the UK’s National Cyber Security Centre, said many governments are too “reliant on very American technologies” to take steps to prevent such an outage.
“We have to always do our best.”
Shadow Treasurer Angus Taylor said the CrowdStrike debacle was a warning to businesses and governments to prepare to make cuts, and noted the consequences could have been far more dire if Australia’s adversaries had launched an attack on a similar scale.
“What this certainly shows us is that our challenges in this field, our adversaries and our challenges more broadly are difficult and we must always give our best,” Taylor said.
“Governments and businesses have to get smarter and more capable of dealing with these situations. That might mean building in redundancies, having alternatives and making sure no one organisation or company has too much market share.”
Home Secretary Claire O’Neill said yesterday that the technology outage was caused by an error but that bad actors had tried to exploit it to their advantage.
CrowdStrike CEO warns of ‘bad actors’
Government cybersecurity agencies around the world and CrowdStrike CEO George Kurtz are warning businesses and individuals about a new phishing scam by bad actors posing as CrowdStrike employees or other tech experts and offering to help recover from the outage.
CrowdStrike CEO George Kurtz. (Reuters: Mike Blake)
“We know that adversaries and bad actors will seek to exploit incidents like this,” Kurtz said in a statement.
“We encourage everyone to remain vigilant and get in touch with official CrowdStrike representatives.”
The UK Cyber Security Centre said it had noticed an increase in phishing attacks surrounding the incident.
Microsoft deploys “engineers and experts” to help customers
Microsoft cybersecurity chief David Weston said “hundreds of Microsoft engineers and experts” were working directly with customers to resolve the issues.
He added in the blog post that while such significant disruptions are rare, they “demonstrate the interconnectedness of our vast ecosystems.”
“As we’ve seen over the past two days, we learn, recover and move forward most effectively by working together,” he said.
Microsoft said CrowdStrike helped develop a solution to accelerate Microsoft’s remediation of its Azure infrastructure, adding that it was working with Amazon Web Services and Google Cloud Platform to share information about the impacts Microsoft is seeing across the industry.
The outage affected millions of users, including airlines, banks and supermarkets. (AAP Image: Lukas Koch)
The air travel industry was still recovering from an IT glitch that caused thousands of flight cancellations on Saturday, leaving passengers stranded or suffering hours of delays as airports and airlines were caught up in the glitch.
Security experts said regular updates to CrowdStrike’s widely used cybersecurity software appear not to have undergone sufficient quality checks before being deployed.
The latest version of the Falcon sensor software was intended to make CrowdStrike’s clients’ systems more secure against hacks by updating the threats it protects against.
“Maybe because of the vetting or sandboxing that we do when we look at code, this file wasn’t included or slipped through,” said Steve Cobb, chief security officer at Security Scorecard, some of whose systems were affected by the issue.
CrowdStrike has released information to repair affected systems, but experts said it will take time to bring them back online because the flawed code will need to be removed manually.
ABC/Wire
Posted 51 minutes ago51 minutes agoSunday, July 21, 2024 at 12:08 AM Updated 24 minutes agoSunday, July 21, 2024 at 12:35 AM