Global cyber security watchdogs have raised the alarm over malicious websites claiming to fix glitches in the wake of one of the world’s biggest IT outages that was still causing disruption over the weekend.
US, UK and Australian cyberdefence agencies all issued separate warnings over the weekend against increased phishing activity exploiting the incident, as aftershocks continued to be felt from an unprecedented IT outage triggered by a faulty CrowdStrike software update.
Airlines and healthcare services were among those still grappling with the consequences.
“A number of malicious websites and unofficial code are being released claiming to help entities recover from the widespread outages caused by the CrowdStrike technical incident,” said the Australian Cyber Security Centre, a government agency.
The US Cybersecurity & Infrastructure Security Agency said that hackers were trying to “leverage” the outage to conduct malicious activity, including the distribution of a ZIP archive file that appeared to be targeting CrowdStrike users based in Latin America.
The UK’s National Cyber Security Centre said that “an increase in phishing referencing this outage has already been observed [ . . . ] aimed at both organisations and individuals”.
CrowdStrike, the cyber security group whose software patch caused problems for an estimated 8.5mn Microsoft PCs and servers, recommended on Sunday that “organisations verify they are communicating with CrowdStrike representatives through official channels”.
The Texas-based company said that it has issued a fix for the defect but the worst-affected industries, from global travel to healthcare, look set to feel the effects into next week — and potentially beyond.
The worldwide aviation sector was largely returning to normal on Sunday, although some carriers were still struggling to get their operations back on track.
In the US alone there were about 1,200 cancellations and 3,800 delays on Sunday, according to tracker FlightAware; down from nearly 3,400 cancellations and 13,000 delays on Friday.
Delta and United Airlines led in absolute numbers. A spokesperson for United Airlines said “our reliability is improving,” adding that most of its technology systems have been restored.
On Saturday, Delta said that “additional cancellations are expected” and added on Sunday that it “continued its operational recovery”. Spirit, a budget airline, has continued its travel advisory, reporting that the outage has affected its reservation and airport systems.
On the other side of the Atlantic, Tui, Europe’s largest travel group, said that its services were “heavily impacted”, as flights were still being cancelled because its airline’s crewing system had been affected.
The tour operator issued an apology to customers on Sunday, saying that “our flight programme has suffered continued delays that we have not been able to resolve”.
Its crewing system is now operational but the disruption has caused a knock-on effect to its flight programme with 32 outbound flights from the UK being cancelled on Friday and 11 more on Sunday.
In India, low-cost carrier IndiGo was responding to customer complaints about flight cancellations on X on Sunday, citing the “cascading effect of the worldwide travel system outage”.
More than 10,000 flights were cancelled globally on Friday and Saturday, according to Cirium, an aviation data company, but that dropped to 2,000 flights on Sunday, equivalent to 1.85 per cent of global flights.
By comparison, 1.98 per cent of flights were cancelled on Thursday before any IT disruption.
Other carriers such as British Airways and easyJet, as well as airports including London’s Heathrow and Gatwick reported a return to normality, citing bad weather in certain regions as the principal reason for cancellations on Sunday.
Train services are also grappling with residual effects. The UK’s South Western Railway said that ticket machines had been down but engineer visits have brought about two-thirds back to service as of Saturday night, and it was hoping to complete the rest over the next few days.
Healthcare services also look set to suffer from lingering fallout after the outage prevented appointment bookings, and blocked patient records from being accessed and prescriptions from being issued.
The British Medical Association said on Sunday that the temporary loss of patient records will lead to a “considerable backlog” of patients. The main medical union, which represents doctors and GPs, urged NHS England to be clear that surgeries would need time to resume normal service even if all of the IT issues are fully resolved on Monday.
“GPs have been pulling out all the stops this weekend to deal with the effects of Friday’s catastrophic loss of service,” said Dr David Wrigley, deputy chair of GPC England at the BMA.
An NHS spokesperson said “there still may be some delays as services recover”, although it hoped to keep disruption to a minimum and told patients to still attend appointments unless told otherwise.
Additional reporting by Daniel Thomas in London