Malicious websites offering to fix devices hit by global IT outage

A faulty software update that caused the global IT outage likely skipped checks before being deployed, experts have said – as a warning was issued about malicious websites offering to fix devices.
An estimated 8.5 million Microsoft Windows PCs devices were affected worldwide by the update from cybersecurity firm CrowdStrike, causing delays for airports, broadcasters, hospitals and businesses.

Problems came to light quickly after the latest version of CrowdStrikes Falcon sensor software was rolled out on Friday.
The update was meant to make systems more secure against hacking, but instead caused devices to display a “blue screen of death” due to faulty code.
“What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through,” said Steve Cobb, chief security officer at Security Scorecard, as he considered the cause of the technical mishap.

Image: Passengers at Gatwick Airport continued to face delays on Saturday
Another expert, security researcher Patrick Wardle, put the problem with the update down to “a file that contains either configuration information or signatures [code that detects specific types of malicious code or malware]”.
“It’s very common that security products update their signatures, like once a day… because they’re continuallymonitoring for new malware and because they want to make sure that their customers are protected from the latest threats,” Mr Wardle said.
He added that the frequency of updates “is probably the reason why [CrowdStrike] didn’t test it as much”.

Please use Chrome browser for a more accessible video player
1:10

IT outages: CrowdStrike CEO apologises

‘Look out for possible scams’

Advertisement

Efforts by CrowdStrike to make clients more secure against hacking attempts further backfired as malicious websites have begun to use the incident to publish “unofficial code” claiming to fix any ongoing issues, Australia’s cyber intelligence agency has warned.
On its website, the Australian Signals Directorate said its cybersecurity centre “strongly encourages all consumers to source their technical information and updates from official CrowdStrike sources only”.

X This content is provided by X, which may be using cookies and other technologies. To show you this content, we need your permission to use cookies. You can use the buttons below to amend your preferences to enable X cookies or to allow those cookies just once. You can change your settings at any time via the Privacy Options. Unfortunately we have been unable to verify if you have consented to X cookies. To view this content you can use the button below to allow X cookies for this session only.
Enable Cookies Allow Cookies Once

The country’s cybersecurity minister Clare O’Neil said on social media platform X that citizens should “be on the look out for possible scams and phishing attempts”.
The fallout from the outage continued to cause disruption to services in the UK into the weekend, despite CrowdStrike rolling out a fix.

Please use Chrome browser for a more accessible video player
1:05

How to fix a ‘blue screen of death’

NHS England warned of disruption to GP services into next week and pharmacy services were dealing with significant backlogs.
Meanwhile, travellers reported incidents of their baggage being lost at airports and delays of up to nine hours.
Read more:What to do if your travel plans are disruptedWho will pay for worst IT outage the world has seen

Follow Sky News on WhatsApp
Keep up with all the latest news from the UK and around the world by following Sky News
Tap here

CrowdStrike chief executive George Kurtz said on Friday that it would be “some time” before all systems are returned to normal and industry expert Adam Leon Smith of BCS, the Chartered Institute for IT, warned it could take “weeks” for a full recovery.
Sky News has approached CrowdStrike for comment.

Source : Sky News