Microsoft IT outage: criminals seeking to take advantage of global outage, CrowdStrike warns – as it happened | Microsoft IT outage
Summary of the day so far
It is 12.30pm here in London. Below is a summary of recent updates:
-
CrowdStrike have warned of a “likely eCrime actor” that could be targeting Latin America based customers. The cybersecurity firm recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels”.
-
Holidaymakers were warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage. Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take. The Port of Dover said early on Saturday that it was dealing with “hundreds of displaced” airport passengers and urged customers to ensure they had a booking before arrival.
-
Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers. Hundreds of people joined long check-in queues at Gatwick airport on Saturday.
-
Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.
-
Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned. The Australian home affairs minister, Clare O’Neil, said on Saturday: “I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.”
-
US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.
-
Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon.
-
By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays.
-
People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said. Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme that “we all make ourselves more resilient”.
-
The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws. Prof Ciaran Martin told Sky News: “Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.”
-
Millions of computers will need to be fixed individually, a chartered security professional warned, adding that the global IT outage would have “lingering effects”. Speaking to Sky News, James Bore said: “Each fix requires a manual intervention with the computer, and we’re talking millions of computers.”
-
The National Pharmacy Association has warned that UK patients collecting prescriptions could still face disruption this weekend. Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said: “Systems are by and large back online … However, yesterday’s outage will have caused backlogs.” A GP also warned that the disruption would cause “a lot more issues later on in the week”.
-
Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage. The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.
Key events
Closing summary
Thank you for following the global IT outage live blog today. It will be closing shortly, but you can keep up to date on the news here.
Here is a round up of recent key events :
-
CrowdStrike have warned of a “likely eCrime actor” that could be targeting Latin America based customers. The cybersecurity firm recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels”.
-
The UK transport secretary, Louise Haigh, said the IT systems of UK airports and train operators are “back up and working as normal”, but “some delays and a small number of cancelled flights” were expected.
-
Holidaymakers were warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage. Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take.
-
NHS England has reported that its systems are “coming back online in most areas” but “still running slightly slower than usual” and warned of “continued disruption” to GP services into next week.
-
Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers. Hundreds of people joined long check-in queues at Gatwick airport on Saturday.
-
People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said. Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme that “we all make ourselves more resilient”.
-
Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.
-
The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws. Prof Ciaran Martin told Sky News: “Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.”
-
Millions of computers will need to be fixed individually, a chartered security professional warned, adding that the global IT outage would have “lingering effects”. Speaking to Sky News, James Bore said: “Each fix requires a manual intervention with the computer, and we’re talking millions of computers.”
-
Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned. The Australian home affairs minister, Clare O’Neil, said on Saturday: “I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.”
-
US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.
-
Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon.
-
By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays. At Melbourne airport, travellers experienced delays at Terminal 4 – where Jetstar arrives and departs – with the airport confirming that baggage issues were slowing down check-in processes.
-
Australian supermarkets were back online on Saturday. Woolworths and Coles both said all stores were open and operational on Saturday but warned some check-outs were still unavailable. The majority of Dan Murphy’s and BWS stores were open as usual on Saturday but some had altered opening hours. Online and delivery services were still affected, a spokesperson told the Australian Associated Press (AAP).
-
The National Pharmacy Association has warned that UK patients collecting prescriptions could still face disruption this weekend. Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said: “Systems are by and large back online … However, yesterday’s outage will have caused backlogs.”
-
The chief executive of the Port of Dover, Doug Bannister, encouraged displaced airport passengers to use their ferry services on Saturday. He urged customers to ensure they had a booking before arrival though.
-
Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage. The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.
NHS England has reported that its systems are “coming back online in most areas” but “still running slightly slower than usual” and warned of “continued disruption” to GP services into next week.
An NHS spokesperson said:
The majority of systems including the EMIS appointment and patient record system, are now coming back online in most areas, however they are still running slightly slower than usual.
As practices recover from the loss of IT systems on Friday, there may be some continued disruption, particularly to GP services, in some areas into next week as practices work to rebook appointments.
The advice for Monday remains that patients should attend appointments as normal unless told otherwise.
You can contact your GP in the usual way, otherwise please use your local pharmacy, NHS 111 online or call 111 for urgent health advice as normal.
The 999 service has remained working over this period and so people should use this as they usually would in emergency situations.”
Edward Ongweso Jr has written an analysis piece on how the Microsoft/CrowdStrike outage shows the danger of monopolization. He writes:
Why does concentration, consolidation, and monopolization leave us at risk? It’s not simply that we homogenize a market, leaving everyone exposed to what should be an isolated service disruption. Concentration yields the power to restructure markets. Monopolists force firms out of a market and redesign the terms of engagement for competitors such that they don’t threaten incumbent juggernauts. A vendor ecosystem’s dependency on Microsoft might be rationalized as cost-cutting, just as the dependency that Microsoft will have on another company like CrowdStrike will be rationalized as cost-cutting.
The real cost is externalized: when these services shut down, who truly suffers? CrowdStrike’s chief executive, George Kurtz, has lost hundreds of millions of his fortune, but it will return. Microsoft and CrowdStrike have lost some clients and some business, but will undoubtedly gain more than it had within a year or two. That’s not just the case in this outage, but in any outage.
Is the same true for those who needed unavailable emergency services, hospitals, airports or government agencies?”
You can read the full piece here:
UK transport secretary says IT systems of UK airports and trains are ‘back up and working as normal’
The UK transport secretary, Louise Haigh, said the IT systems of UK airports and train operators are “back up and working as normal”, but “some delays and a small number of cancelled flights” were expected.
In a post on social media, Haigh wrote:
Pleased to report that UK airports and train operators have their IT systems back up and working as normal. We are in constant communication with industry.
There continues to be no known safety or security issues arising from the outage. Some delays and a small number of cancelled flights are expected today.
Train operators are no longer reporting cancellations and delays as a result of the IT failure.
Thank you to everyone who has worked so hard to get systems up and running again.”
The Guardian Communities team are keen to hear from those affected by the global IT outage.
If you are 18 or over, please share your story (anonymously if you wish) in the form at this link:
Here are some of the latest images related to the global IT outage coming in via the newswires:
In Australia, businesses are still working to minimise the disruption caused by the global IT outage, particularly Jetstar after thousands of people were left stranded by 150 flight cancellations, reports the Australian Associated Press (AAP).
Melbourne travellers suffered the brunt of delays on Saturday at Terminal 4 – where Jetstar arrives and departs – with the airport confirming that baggage issues were slowing down check-in processes.
Jetstar confirmed that while its IT systems had returned to normal, “there are some continued impacts which may affect some flights”. Other terminals and airports around Australia were operating normally with slight congestion.
The AAP reports that supermarkets were back online on Saturday. Woolworths and Coles both said all stores were open and operational on Saturday but warned some check-outs were still unavailable.
The majority of Dan Murphy’s and BWS stores have opened as usual on Saturday but some have altered opening hours. Online and delivery services are still affected with orders made on Friday likely to take some time to be completed, a spokesperson told the AAP.
The IT outage prompted federal politician Bob Katter to demand cash remains in circulation amid the “danger” of relying on digital technology. “This a wake-up call that the risk associated with a cashless society is too high for us to pay,” Katter said, according to the AAP.
A significant concern raised by the outage was the vulnerability of global IT systems. Cybersecurity Cooperative Research Centre CEO, Rachael Falk, told ABC Breakfast it should be a wake-up call for businesses and governments because the impacts would have been catastrophic if it had been a cyber-attack.
The financial costs are expected to be tallied by economists over coming days as they estimate the money lost to businesses. The Australian home affairs minister, Clare O’Neil, said there will be significant questions about how CrowdStrike handled the outage and the cost to the country and consumers.
Prime minister Anthony Albanese is on leave but will be briefed regularly on the outage, reports the AAP.
Chris Shaw, 61, who is a consultant based in London, boarded a replacement British Airways flight from Heathrow to Berlin at 8.45am on Saturday after his original afternoon flight to the German city was cancelled on Friday.
While at Heathrow airport, he took a video of several passengers standing in a long “seek assistance queue” as the British Airways app did not allow passengers to check in, nor did the automated check-in desk.
He told the PA news agency:
The queue was so long we would have missed the flight, which was clearly overbooked. So I pushed in and insisted to be dealt with. The flight was absolutely full, so if I’d not pushed in, we wouldn’t have even got seats.
We arrived at the Gate with 20 mins to spare. Security was excellent and swift, but my criticism of Heathrow was the lack of information and staff very poorly briefed.
There was no prioritisation of urgent flight needs nor even noticeboards telling passengers where to go or what to do.”
UK-based holidaymakers left stranded by cancelled flights have been encouraged to take a ferry from Dover as thousands of families start to embark on summer breaks.
Chief executive of the Port of Dover Doug Bannister has encouraged displaced airport passengers to use their ferry services.
He told the PA news agency:
We are seeing hundreds of displaced passengers trying to take a ferry. We operate a turn up and go system here. However, we do insist you have a book on busy days, even if people are doing this on the drive down.
The greater visibility we have the better. But we are here to service people who want to travel. So I would say to displaced airport passengers ‘come on down. We have the capacity’.
Bannister said the Port was expecting more than 10,000 cars on Saturday, up from 8,000 the day before.
Summary of the day so far
It is 12.30pm here in London. Below is a summary of recent updates:
-
CrowdStrike have warned of a “likely eCrime actor” that could be targeting Latin America based customers. The cybersecurity firm recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels”.
-
Holidaymakers were warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage. Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take. The Port of Dover said early on Saturday that it was dealing with “hundreds of displaced” airport passengers and urged customers to ensure they had a booking before arrival.
-
Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers. Hundreds of people joined long check-in queues at Gatwick airport on Saturday.
-
Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.
-
Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned. The Australian home affairs minister, Clare O’Neil, said on Saturday: “I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.”
-
US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.
-
Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon.
-
By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays.
-
People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said. Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme that “we all make ourselves more resilient”.
-
The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws. Prof Ciaran Martin told Sky News: “Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.”
-
Millions of computers will need to be fixed individually, a chartered security professional warned, adding that the global IT outage would have “lingering effects”. Speaking to Sky News, James Bore said: “Each fix requires a manual intervention with the computer, and we’re talking millions of computers.”
-
The National Pharmacy Association has warned that UK patients collecting prescriptions could still face disruption this weekend. Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said: “Systems are by and large back online … However, yesterday’s outage will have caused backlogs.” A GP also warned that the disruption would cause “a lot more issues later on in the week”.
-
Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage. The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.
Meta content moderation vendors were hit by global cyber outage
Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.
The social media company experienced a SEV1 as a result of the disruptions, a source familiar with the matter told Reuters, using Meta’s term for a “code red”-style alert involving high-stakes problems with its systems that require urgent attention.
In a statement, the Meta spokesperson acknowledged the issues and said they had been resolved earlier in the day.
“The global CrowdStrike outage earlier today temporarily impacted several of the tools used by some of our vendors. While this caused a small impact to some of our support operations, there was minimal to no impact on our content moderation efforts,” the spokesperson said.
Like most social media companies, Meta relies on a mix of artificial intelligence and human review to moderate the billions of posts made to its platforms, which also include Instagram, WhatsApp and Threads.
Some of that human review is performed by Meta staffers, but most is outsourced to business services vendors employing armies of low-paid workers who assess whether the posts contain hate speech, violence and other violations of the company’s rules, reports Reuters.
Friday’s alert involved vendor access to two of the systems Meta uses to route content flagged for review to moderators, called SRT and HumanOps, the source told Reuters. Key vendors affected were Teleperformance and Concentrix, the person said.
Teleperformance did not respond to a request for comment by Reuters and Concentrix said it had been monitoring and addressing impacts from the outage and that operations were continuing at expected levels.
While some airports halted all flights, in others airline staff resorted to manual check-ins for passengers, leading to long lines and frustrated travellers, reports Agence France-Presse (AFP).
The US Federal Aviation Administration (FAA) initially ordered all flights grounded “regardless of destination”, though airlines later said they were re-establishing their services and working through the backlog.
India’s largest airline Indigo said operations had been “resolved”, in a statement posted on X, according to AFP.
“While the outage has been resolved and our systems are back online, we are diligently working to resume normal operations, and we expect this process to extend into the weekend,” the carrier said on Saturday.
A passenger told AFP that the situation was returning to normal at Delhi airport by midnight on Saturday with only slight delays in international flights.
Low-cost carrier AirAsia said it was still trying to get back online, and had been “working around the clock towards recovering its departure control systems (DCS)” after the global outage. It recommended passengers arrive early at airports and be ready for “manual check-in” at airline counters.
Chinese state media said Beijing’s airports had not been affected.
In Europe, major airports including Berlin, which had suspended all flights earlier on Friday, said departures and arrivals were resuming.
Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon, reports Agence France-Presse (AFP).
“The check-in systems have come back to normal (at Thailand’s five major airports). There are no long queues at the airports as we experienced yesterday,” Airports of Thailand president, Keerati Kitmanawat, told reporters at Don Mueang airport in Bangkok.
US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.
“Our understanding is that flight operations have resumed across the country, although some congestion remains,” a senior US administration official said.
By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays, AFP reports.
Australian authorities warned of an increase in scam and phishing attempts after the outage (see 9.23am BST), including people offering to help reboot computers and asking for personal information or credit card details.
According to AFP, banks in Kenya and Ukraine reported issues with their digital services, while some mobile phone carriers were disrupted and customer services in a number of companies went down.
Hundreds of people have joined long check-in queues at Gatwick airport as airlines continue to deal with the fallout from the global IT outage, reports the PA news agency.
Charles, 50, from the Midlands, said he was glad he was in a queue to leave the country rather than arriving to the UK. “I’m glad it’s because we’re going out,” he said. “It’d be different if we were going back.”
He said his British Airways flight to Jamaica was in three hours, but he arrived early to get through the queues: “Because of the situation yesterday on the news we just took a bit more time just to get here. I’m glad we did, to be honest with you.”
He said he believed the long queues on Saturday morning had been caused by everyone on long haul flights arriving at the airport early. And he added: “So they’ve all just given themselves an extra hour or two.”
CrowdStrike warn of a ‘likely eCrime actor’ targeting Latin America based customers
CrowdStrike have warned of a “likely eCrime actor” targeting Latin America based customers. On its blog, the cybersecurity company wrote:
CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos. Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers.
It recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided”.
Yesterday, George Kurtz, the founder and chief executive of the cybersecurity firm CrowdStrike, warned of “bad actors” exploiting the IT outage event:
We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
GP warns that global IT outage disruption will cause ‘a lot more issues later on in the week’
A GP said the global IT outage meant “everything went down” in her surgery and warned the disruption would cause “a lot more issues later on in the week”.
Asked about Friday’s outage, Dr Fari Ahmad told BBC Breakfast:
Everything went down. There are supposed to be some business continuity things that are supposed to help, but we couldn’t access some of them. I know some places lost all their phone lines as well.
People were struggling to get in. We were struggling to tell people what was going on. And if people did turn up, you had to see them without accessing their medical records. The doctors and the surgery went down to pen and paper.”
Ahmad added:
We had people who were supposed to come in for results, and we couldn’t see them. We said: ‘Sorry, we can’t help you.’ We were just trying to deal with the emergencies on the day that really couldn’t wait.
We couldn’t do our routine stuff, so the implications for us is a lot of that’s been bumped up. It’s all going to build up, so there’s going to be a lot more issues later on in the week.”
More than 7,000 passengers affected by UK flight cancellations so far today, says travel expert
Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers.
In a post on X, Calder added: “That’s on top of 350 grounded UK flights on Friday, which meant 50,000 people woke up this morning far from where they hoped to be.”
Calder also highlighted the scale of travel disruptions caused by the IT outage yesterday as he pointed out that Friday was “the busiest day for five years for flights from the UK”.
Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage.
The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.
In a post to Instagram on Friday evening they said:
Unfortunately our flights to get to tonight’s Poolbar festival show were cancelled because of the IT outage. The show is now going to take place this Sunday 21 July.
It’s an early show: Doors at 7PM and we’re on at 8PM. All tickets remain valid! The combination tickets are valid today and on Sunday.
Ticket holders who are unable to attend on Sunday can return their tickets at any advance booking office. The show is sold out but any returns will be available at the box office.”
The statement added: “We apologise to all fans for this inconvenience and are still looking forward to a replacement Bombay Bicycle Club show on Sunday.”
UK patients collecting prescriptions face disruption this weekend, says National Pharmacy Association
The National Pharmacy Association has warned that patients collecting prescriptions could still face disruption this weekend after the global IT outage.
Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said:
Systems are by and large back online and medicine deliveries have resumed in many community pharmacies today after the global IT outage.
However, yesterday’s outage will have caused backlogs and we expect services to continue to be disrupted this weekend as pharmacies recover.
We urge people to be patient when visiting their local pharmacy and some may be still prioritising those patients with emergency prescriptions from their GP surgery.”
Additionaly, the vice-chair of the National Pharmacy Association said the global IT outage had caused pharmacies “continuous problems”. Olivier Picard told BBC Breakfast:
I was in a pharmacy yesterday. In fact, I’m in a pharmacy this morning and we’ve had continuous problems.
What we couldn’t do was download new prescriptions on 19 July, but anything prior to that, that was downloaded on our computers, we were able to dispense.
Most pharmacies will have an office based or computer-based system rather than online. That’s not all, but that’s the majority of pharmacies, so we were able to continue working with what we already had.
What we couldn’t do is receive new prescriptions issued after the outage.”
#Microsoft #outage #criminals #seeking #advantage #global #outage #CrowdStrike #warns #happened #Microsoft #outage