Global cybersecurity watchdogs have sounded the alarm over malicious websites claiming to fix issues following one of the The world’s biggest computer failures which continued to cause disruption over the weekend.
US, UK and Australian cyber defence agencies all issued separate warnings over the weekend against increased phishing activity exploiting the incident, as aftershocks continued to be felt of an unprecedented computer outage triggered by a faulty CrowdStrike software update.
Airlines and health services are among those still suffering the consequences of this situation.
“A number of malicious websites and unofficial code are being published, claiming to help entities recover from the widespread outages caused by the CrowdStrike technical incident,” the Australian Cyber Security Centre, a government agency, said.
The U.S. Cybersecurity and Infrastructure Security Agency said hackers were trying to “leverage” the outage to conduct malicious activities, including distributing a ZIP archive file that appeared to target CrowdStrike users based in Latin America.
The UK’s National Cyber Security Centre said that “an increase in phishing referencing this outage has already been observed”. [ . . . ] intended for both organizations and individuals.”
CrowdStrike, the cybersecurity group Microsoft Corp., whose software patch caused problems on about 8.5 million PCs and servers, recommended Sunday that “organizations ensure they communicate with CrowdStrike representatives through official channels.”
The Texas-based company said it had released a patch for the flaw and that a “significant number” of affected devices were back online and operational.
But the hardest-hit sectors, from international travel to health care, appear poised to feel the effects next week — and perhaps beyond.
The global airline industry was largely returning to normal on Sunday, although some carriers were still struggling to get operations back on track.
In the United States alone, there were about 1,200 cancellations and 3,800 delays on Sunday, according to tracking site FlightAware, compared to nearly 3,400 cancellations and 13,000 delays on Friday.
In absolute numbers, Delta and United Airlines lead the way. A United Airlines spokesman said “our reliability is improving,” adding that most of its technology systems have been restored.
On Saturday, Delta said “additional cancellations are expected” and added Sunday that it was “continuing its operational recovery.” Spirit, a budget airline, maintained its travel advisory, saying the outage affected its reservation and airport systems.
On the other side of the Atlantic, Tui, Europe’s largest travel groupsaid its services were “heavily impacted” as flights continued to be cancelled due to its airline’s crew system.
The tour operator apologized to customers on Sunday, saying “our flight schedule has suffered ongoing delays that we have been unable to resolve.”
Its crew system is now operational, but the disruption has impacted its flight schedule, with 32 flights from the UK cancelled on Friday and another 11 on Sunday.
In India, budget airline IndiGo responded Sunday to customer complaints about flight cancellations on X, citing “the cascading effect of the global travel system outage.”
More than 10,000 flights were canceled worldwide on Friday and Saturday, according to Cirium, an aviation data company, but that figure fell to 2,000 flights on Sunday, equivalent to 1.85% of global flights.
By comparison, 1.98% of flights were cancelled on Thursday before any IT disruption.
Other carriers including British Airways and easyJet, as well as airports including London’s Heathrow and Gatwick, reported a return to normal, citing poor weather in some areas as the main reason for Sunday’s cancellations.
Rail services are also struggling with residual effects. South Western Railway said ticket machines were out of service but that engineers had returned about two-thirds of trains to service by Saturday night, and it hoped to complete the rest in the coming days.
Health services are also likely to suffer lingering impacts from the outage, which has prevented appointments from being booked, patient records from being accessed and prescriptions from being dispensed.
The British Medical Association said on Sunday that the temporary loss of medical records would cause a “significant delay” in treating patients. The main medical union, which represents doctors and GPs, urged NHS England to make clear that practices will need time to resume normal service, even if all IT issues are fully resolved by Monday.
“GPs have been working hard this weekend to cope with the effects of Friday’s catastrophic service loss,” Dr David Wrigley, vice-chair of GPC England, told the BMA.
An NHS spokesperson said there may still be delays as services resume, although it hopes to keep disruption to a minimum and has asked patients to continue to attend their appointments unless otherwise advised.
Additional reporting by Daniel Thomas in London