Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Technology
Amy Sedghi

Microsoft IT outage: criminals seeking to take advantage of global outage, CrowdStrike warns – as it happened

People are moving past screens displaying error messages amid a global Microsoft outage.
People are moving past screens displaying error messages amid a global Microsoft outage. Photograph: Kabir Jhangiani/NurPhoto/REX/Shutterstock

Closing summary

Thank you for following the global IT outage live blog today. It will be closing shortly, but you can keep up to date on the news here.

Here is a round up of recent key events :

  • CrowdStrike have warned of a “likely eCrime actor” that could be targeting Latin America based customers. The cybersecurity firm recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels”.

  • The UK transport secretary, Louise Haigh, said the IT systems of UK airports and train operators are “back up and working as normal”, but “some delays and a small number of cancelled flights” were expected.

  • Holidaymakers were warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage. Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take.

  • NHS England has reported that its systems are “coming back online in most areas” but “still running slightly slower than usual” and warned of “continued disruption” to GP services into next week.

  • Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers. Hundreds of people joined long check-in queues at Gatwick airport on Saturday.

  • People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said. Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme that “we all make ourselves more resilient”.

  • Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.

  • The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws. Prof Ciaran Martin told Sky News: “Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.”

  • Millions of computers will need to be fixed individually, a chartered security professional warned, adding that the global IT outage would have “lingering effects”. Speaking to Sky News, James Bore said: “Each fix requires a manual intervention with the computer, and we’re talking millions of computers.”

  • Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned. The Australian home affairs minister, Clare O’Neil, said on Saturday: “I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.”

  • US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.

  • Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon.

  • By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays. At Melbourne airport, travellers experienced delays at Terminal 4 – where Jetstar arrives and departs – with the airport confirming that baggage issues were slowing down check-in processes.

  • Australian supermarkets were back online on Saturday. Woolworths and Coles both said all stores were open and operational on Saturday but warned some check-outs were still unavailable. The majority of Dan Murphy’s and BWS stores were open as usual on Saturday but some had altered opening hours. Online and delivery services were still affected, a spokesperson told the Australian Associated Press (AAP).

  • The National Pharmacy Association has warned that UK patients collecting prescriptions could still face disruption this weekend. Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said: “Systems are by and large back online … However, yesterday’s outage will have caused backlogs.”

  • The chief executive of the Port of Dover, Doug Bannister, encouraged displaced airport passengers to use their ferry services on Saturday. He urged customers to ensure they had a booking before arrival though.

  • Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage. The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.

NHS England has reported that its systems are “coming back online in most areas” but “still running slightly slower than usual” and warned of “continued disruption” to GP services into next week.

An NHS spokesperson said:

The majority of systems including the EMIS appointment and patient record system, are now coming back online in most areas, however they are still running slightly slower than usual.

As practices recover from the loss of IT systems on Friday, there may be some continued disruption, particularly to GP services, in some areas into next week as practices work to rebook appointments.

The advice for Monday remains that patients should attend appointments as normal unless told otherwise.

You can contact your GP in the usual way, otherwise please use your local pharmacy, NHS 111 online or call 111 for urgent health advice as normal.

The 999 service has remained working over this period and so people should use this as they usually would in emergency situations.”

Edward Ongweso Jr has written an analysis piece on how the Microsoft/CrowdStrike outage shows the danger of monopolization. He writes:

Why does concentration, consolidation, and monopolization leave us at risk? It’s not simply that we homogenize a market, leaving everyone exposed to what should be an isolated service disruption. Concentration yields the power to restructure markets. Monopolists force firms out of a market and redesign the terms of engagement for competitors such that they don’t threaten incumbent juggernauts. A vendor ecosystem’s dependency on Microsoft might be rationalized as cost-cutting, just as the dependency that Microsoft will have on another company like CrowdStrike will be rationalized as cost-cutting.

The real cost is externalized: when these services shut down, who truly suffers? CrowdStrike’s chief executive, George Kurtz, has lost hundreds of millions of his fortune, but it will return. Microsoft and CrowdStrike have lost some clients and some business, but will undoubtedly gain more than it had within a year or two. That’s not just the case in this outage, but in any outage.

Is the same true for those who needed unavailable emergency services, hospitals, airports or government agencies?”

You can read the full piece here:

Updated

UK transport secretary says IT systems of UK airports and trains are 'back up and working as normal'

The UK transport secretary, Louise Haigh, said the IT systems of UK airports and train operators are “back up and working as normal”, but “some delays and a small number of cancelled flights” were expected.

In a post on social media, Haigh wrote:

Pleased to report that UK airports and train operators have their IT systems back up and working as normal. We are in constant communication with industry.

There continues to be no known safety or security issues arising from the outage. Some delays and a small number of cancelled flights are expected today.

Train operators are no longer reporting cancellations and delays as a result of the IT failure.

Thank you to everyone who has worked so hard to get systems up and running again.”

Updated

The Guardian Communities team are keen to hear from those affected by the global IT outage.

If you are 18 or over, please share your story (anonymously if you wish) in the form at this link:

Here are some of the latest images related to the global IT outage coming in via the newswires:

In Australia, businesses are still working to minimise the disruption caused by the global IT outage, particularly Jetstar after thousands of people were left stranded by 150 flight cancellations, reports the Australian Associated Press (AAP).

Melbourne travellers suffered the brunt of delays on Saturday at Terminal 4 – where Jetstar arrives and departs – with the airport confirming that baggage issues were slowing down check-in processes.

Jetstar confirmed that while its IT systems had returned to normal, “there are some continued impacts which may affect some flights”. Other terminals and airports around Australia were operating normally with slight congestion.

The AAP reports that supermarkets were back online on Saturday. Woolworths and Coles both said all stores were open and operational on Saturday but warned some check-outs were still unavailable.

The majority of Dan Murphy’s and BWS stores have opened as usual on Saturday but some have altered opening hours. Online and delivery services are still affected with orders made on Friday likely to take some time to be completed, a spokesperson told the AAP.

The IT outage prompted federal politician Bob Katter to demand cash remains in circulation amid the “danger” of relying on digital technology. “This a wake-up call that the risk associated with a cashless society is too high for us to pay,” Katter said, according to the AAP.

A significant concern raised by the outage was the vulnerability of global IT systems. Cybersecurity Cooperative Research Centre CEO, Rachael Falk, told ABC Breakfast it should be a wake-up call for businesses and governments because the impacts would have been catastrophic if it had been a cyber-attack.

The financial costs are expected to be tallied by economists over coming days as they estimate the money lost to businesses. The Australian home affairs minister, Clare O’Neil, said there will be significant questions about how CrowdStrike handled the outage and the cost to the country and consumers.

Prime minister Anthony Albanese is on leave but will be briefed regularly on the outage, reports the AAP.

Updated

Chris Shaw, 61, who is a consultant based in London, boarded a replacement British Airways flight from Heathrow to Berlin at 8.45am on Saturday after his original afternoon flight to the German city was cancelled on Friday.

While at Heathrow airport, he took a video of several passengers standing in a long “seek assistance queue” as the British Airways app did not allow passengers to check in, nor did the automated check-in desk.

He told the PA news agency:

The queue was so long we would have missed the flight, which was clearly overbooked. So I pushed in and insisted to be dealt with. The flight was absolutely full, so if I’d not pushed in, we wouldn’t have even got seats.

We arrived at the Gate with 20 mins to spare. Security was excellent and swift, but my criticism of Heathrow was the lack of information and staff very poorly briefed.

There was no prioritisation of urgent flight needs nor even noticeboards telling passengers where to go or what to do.”

UK-based holidaymakers left stranded by cancelled flights have been encouraged to take a ferry from Dover as thousands of families start to embark on summer breaks.

Chief executive of the Port of Dover Doug Bannister has encouraged displaced airport passengers to use their ferry services.

He told the PA news agency:

We are seeing hundreds of displaced passengers trying to take a ferry. We operate a turn up and go system here. However, we do insist you have a book on busy days, even if people are doing this on the drive down.

The greater visibility we have the better. But we are here to service people who want to travel. So I would say to displaced airport passengers ‘come on down. We have the capacity’.

Bannister said the Port was expecting more than 10,000 cars on Saturday, up from 8,000 the day before.

Updated

Summary of the day so far

It is 12.30pm here in London. Below is a summary of recent updates:

  • CrowdStrike have warned of a “likely eCrime actor” that could be targeting Latin America based customers. The cybersecurity firm recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels”.

  • Holidaymakers were warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage. Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take. The Port of Dover said early on Saturday that it was dealing with “hundreds of displaced” airport passengers and urged customers to ensure they had a booking before arrival.

  • Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers. Hundreds of people joined long check-in queues at Gatwick airport on Saturday.

  • Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.

  • Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned. The Australian home affairs minister, Clare O’Neil, said on Saturday: “I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing.”

  • US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.

  • Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon.

  • By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays.

  • People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said. Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme that “we all make ourselves more resilient”.

  • The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws. Prof Ciaran Martin told Sky News: “Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.”

  • Millions of computers will need to be fixed individually, a chartered security professional warned, adding that the global IT outage would have “lingering effects”. Speaking to Sky News, James Bore said: “Each fix requires a manual intervention with the computer, and we’re talking millions of computers.”

  • The National Pharmacy Association has warned that UK patients collecting prescriptions could still face disruption this weekend. Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said: “Systems are by and large back online … However, yesterday’s outage will have caused backlogs.” A GP also warned that the disruption would cause “a lot more issues later on in the week”.

  • Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage. The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.

Updated

Meta content moderation vendors were hit by global cyber outage

Some external vendors that police content on Facebook owner Meta’s platforms were affected by the global tech outage that crippled airports, banks and hospitals on Friday, a Meta spokesperson said in response to a Reuters query.

The social media company experienced a SEV1 as a result of the disruptions, a source familiar with the matter told Reuters, using Meta’s term for a “code red”-style alert involving high-stakes problems with its systems that require urgent attention.

In a statement, the Meta spokesperson acknowledged the issues and said they had been resolved earlier in the day.

“The global CrowdStrike outage earlier today temporarily impacted several of the tools used by some of our vendors. While this caused a small impact to some of our support operations, there was minimal to no impact on our content moderation efforts,” the spokesperson said.

Like most social media companies, Meta relies on a mix of artificial intelligence and human review to moderate the billions of posts made to its platforms, which also include Instagram, WhatsApp and Threads.

Some of that human review is performed by Meta staffers, but most is outsourced to business services vendors employing armies of low-paid workers who assess whether the posts contain hate speech, violence and other violations of the company’s rules, reports Reuters.

Friday’s alert involved vendor access to two of the systems Meta uses to route content flagged for review to moderators, called SRT and HumanOps, the source told Reuters. Key vendors affected were Teleperformance and Concentrix, the person said.

Teleperformance did not respond to a request for comment by Reuters and Concentrix said it had been monitoring and addressing impacts from the outage and that operations were continuing at expected levels.

While some airports halted all flights, in others airline staff resorted to manual check-ins for passengers, leading to long lines and frustrated travellers, reports Agence France-Presse (AFP).

The US Federal Aviation Administration (FAA) initially ordered all flights grounded “regardless of destination”, though airlines later said they were re-establishing their services and working through the backlog.

India’s largest airline Indigo said operations had been “resolved”, in a statement posted on X, according to AFP.

“While the outage has been resolved and our systems are back online, we are diligently working to resume normal operations, and we expect this process to extend into the weekend,” the carrier said on Saturday.

A passenger told AFP that the situation was returning to normal at Delhi airport by midnight on Saturday with only slight delays in international flights.

Low-cost carrier AirAsia said it was still trying to get back online, and had been “working around the clock towards recovering its departure control systems (DCS)” after the global outage. It recommended passengers arrive early at airports and be ready for “manual check-in” at airline counters.

Chinese state media said Beijing’s airports had not been affected.

In Europe, major airports including Berlin, which had suspended all flights earlier on Friday, said departures and arrivals were resuming.

Multiple US airlines and airports across Asia said they were now resuming operations, with check-in services restored in Hong Kong, South Korea and Thailand, and mostly back to normal in India, Indonesia and at Singapore’s Changi airport as of Saturday afternoon, reports Agence France-Presse (AFP).

“The check-in systems have come back to normal (at Thailand’s five major airports). There are no long queues at the airports as we experienced yesterday,” Airports of Thailand president, Keerati Kitmanawat, told reporters at Don Mueang airport in Bangkok.

US president Joe Biden’s team was talking to CrowdStrike and those affected by the glitch “and is standing by to provide assistance as needed”, the White House said in a statement.

“Our understanding is that flight operations have resumed across the country, although some congestion remains,” a senior US administration official said.

By Saturday, services in Australia had mostly returned to normal, but Sydney airport was still reporting flight delays, AFP reports.

Australian authorities warned of an increase in scam and phishing attempts after the outage (see 9.23am BST), including people offering to help reboot computers and asking for personal information or credit card details.

According to AFP, banks in Kenya and Ukraine reported issues with their digital services, while some mobile phone carriers were disrupted and customer services in a number of companies went down.

Updated

Hundreds of people have joined long check-in queues at Gatwick airport as airlines continue to deal with the fallout from the global IT outage, reports the PA news agency.

Charles, 50, from the Midlands, said he was glad he was in a queue to leave the country rather than arriving to the UK. “I’m glad it’s because we’re going out,” he said. “It’d be different if we were going back.”

He said his British Airways flight to Jamaica was in three hours, but he arrived early to get through the queues: “Because of the situation yesterday on the news we just took a bit more time just to get here. I’m glad we did, to be honest with you.”

He said he believed the long queues on Saturday morning had been caused by everyone on long haul flights arriving at the airport early. And he added: “So they’ve all just given themselves an extra hour or two.”

CrowdStrike warn of a 'likely eCrime actor' targeting Latin America based customers

CrowdStrike have warned of a “likely eCrime actor” targeting Latin America based customers. On its blog, the cybersecurity company wrote:

CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos. Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers.

It recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided”.

Yesterday, George Kurtz, the founder and chief executive of the cybersecurity firm CrowdStrike, warned of “bad actors” exploiting the IT outage event:

We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”

Updated

GP warns that global IT outage disruption will cause 'a lot more issues later on in the week'

A GP said the global IT outage meant “everything went down” in her surgery and warned the disruption would cause “a lot more issues later on in the week”.

Asked about Friday’s outage, Dr Fari Ahmad told BBC Breakfast:

Everything went down. There are supposed to be some business continuity things that are supposed to help, but we couldn’t access some of them. I know some places lost all their phone lines as well.

People were struggling to get in. We were struggling to tell people what was going on. And if people did turn up, you had to see them without accessing their medical records. The doctors and the surgery went down to pen and paper.”

Ahmad added:

We had people who were supposed to come in for results, and we couldn’t see them. We said: ‘Sorry, we can’t help you.’ We were just trying to deal with the emergencies on the day that really couldn’t wait.

We couldn’t do our routine stuff, so the implications for us is a lot of that’s been bumped up. It’s all going to build up, so there’s going to be a lot more issues later on in the week.”

More than 7,000 passengers affected by UK flight cancellations so far today, says travel expert

Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers.

In a post on X, Calder added: “That’s on top of 350 grounded UK flights on Friday, which meant 50,000 people woke up this morning far from where they hoped to be.”

Calder also highlighted the scale of travel disruptions caused by the IT outage yesterday as he pointed out that Friday was “the busiest day for five years for flights from the UK”.

Updated

Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage.

The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.

In a post to Instagram on Friday evening they said:

Unfortunately our flights to get to tonight’s Poolbar festival show were cancelled because of the IT outage. The show is now going to take place this Sunday 21 July.

It’s an early show: Doors at 7PM and we’re on at 8PM. All tickets remain valid! The combination tickets are valid today and on Sunday.

Ticket holders who are unable to attend on Sunday can return their tickets at any advance booking office. The show is sold out but any returns will be available at the box office.”

The statement added: “We apologise to all fans for this inconvenience and are still looking forward to a replacement Bombay Bicycle Club show on Sunday.”

UK patients collecting prescriptions face disruption this weekend, says National Pharmacy Association

The National Pharmacy Association has warned that patients collecting prescriptions could still face disruption this weekend after the global IT outage.

Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said:

Systems are by and large back online and medicine deliveries have resumed in many community pharmacies today after the global IT outage.

However, yesterday’s outage will have caused backlogs and we expect services to continue to be disrupted this weekend as pharmacies recover.

We urge people to be patient when visiting their local pharmacy and some may be still prioritising those patients with emergency prescriptions from their GP surgery.”

Additionaly, the vice-chair of the National Pharmacy Association said the global IT outage had caused pharmacies “continuous problems”. Olivier Picard told BBC Breakfast:

I was in a pharmacy yesterday. In fact, I’m in a pharmacy this morning and we’ve had continuous problems.

What we couldn’t do was download new prescriptions on 19 July, but anything prior to that, that was downloaded on our computers, we were able to dispense.

Most pharmacies will have an office based or computer-based system rather than online. That’s not all, but that’s the majority of pharmacies, so we were able to continue working with what we already had.

What we couldn’t do is receive new prescriptions issued after the outage.”

Updated

There is a further update on the situation at the Port of Dover in England, which was mentioned earlier (see 9.41am BST).

Chief executive Doug Bannister told the PA news agency:

We operate a turn up and go system here. However, we do insist you have a book on busy days, even if people are doing this on the drive down. The greater visibility we have the better.

But we are here to service people who want to travel. So I would say to displaced airport passengers ‘come on down. We have the capacity’.”

Bannister said the Port of Dover was expecting more than 10,000 cars on Saturday, up from 8,000 the day before.

He added:

We start to get busy about 5 or 5:30 in the morning. We’ve opened new infrastructure today which is working really well. So far there is no congestion in the town of dover. Approach roads are busy but moving. Everything is running well.”

Bannister also confirmed the port remained unaffected by the IT outage, adding travellers were able to get to their destinations on time and without disruption throughout Friday.

World 'likely to see more of these', says expert

The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws.

Prof Ciaran Martin told Sky News:

The worst of this is over because the nature of the crisis was such that it went very badly wrong, very quickly. It was spotted quite quickly, and essentially, it was turned off.”

Martin added:

Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.

Within countries like the UK and elsewhere in Europe, you can try and build up that national resilience to cope with this. But ultimately, a lot of this is going to be determined in the US.

If there’s going to be regulation to try and iron out these flaws, it’ll probably have to come from the US and there’s not a great deal that we can do about that.

So unless and until the structure of the way we do tech changes, we’re going to have to learn to cope with these things, rather than eliminate them.”

Updated

UK holidaymakers warned of potential travel disruption this weekend

Holidaymakers have been warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage.

Flight delays and cancellations are among the disruption expected to continue into the weekend after the outage, with experts warning it could take weeks for systems to fully recover.

It comes as thousands of families in the UK start to embark on summer holidays amid the end of the academic year for many schools.

Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take.

A spokesperson said:

We’re at the start of one of the busiest periods of travel, with some schools finishing for the summer yesterday and many more next week.

Many people will be jetting off abroad – looking to escape the UK’s unseasonable weather of late.

With Spain, Turkey and Greece among the popular destinations for an overseas trip.

If you are heading off on holiday this weekend – by whatever means – it’s advisable to check with your travel provider if there are any extra steps you need to take, as some businesses are continuing to feel the impact of Friday’s IT outage.”

The Port of Dover said early on Saturday that it was dealing with “hundreds of displaced” airport passengers and urged customers to ensure they had a booking before arrival.

It also posted on X that approach roads were “slow moving”, with a 60-minute wait time in the buffer zone.

Ferry operator DFDS said on X that there were wait times of up to 120 minutes at Dover border controls and 30 minutes at check-in.

Updated

Bad actors seizing on Microsoft IT outage to scam public, Australian government warns

Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned.

The world has begun to recover from a global outage of Windows systems running the cybersecurity company Crowdstrike’s software, after the company issued a faulty update. But bad actors have seized upon the crisis to attempt to scam the public, the home affairs minister, Clare O’Neil, said on Saturday.

“What we are seeing some reporting of is attempts to conduct phishing through the incident that just occurred,” she said.

She said small businesses in particular were receiving emails from people pretending to be CrowdStrike or Microsoft and seeking bank details to access a reboot to fix the error.

“I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing,” she said. “If you see an email, if you see a text message that looks a little bit funny, that indicates something about CrowdStrike or IT outages, just stop. Don’t put any details.”

She said if people receive calls along those lines they should hang up, and if people do hand over their banking information then to contact their bank immediately to report it.

You can read the full piece here:

In the UK, Saturday’s headlines are dominated by the fallout from an IT failure that grounded planes, took TV channels off air and played havoc with health services, banking and retail businesses around the world.

“Digital pandemic”, “havoc” and “meltdown” were some of the most common phrases in UK headlines after a botched CrowdStrike software update.

Here is the Guardian’s front page this Saturday:

You can see the rest of Saturday’s front pages here:

Updated

Thora, a pharmacist in Manchester, England, told the BBC’s Today programme that pharmacy backlogs would continue after Friday’s IT outage.

She said:

What we know at the moment is obviously we have been experiencing some heightened tensions in some pharmacies by patients but also people have been really understanding and have been really patient with us.

This backlog will continue because obviously there will have been patients who have been unable to access their prescription because it will be hand-written at the surgery, and we’ll get a bit of a backlog, or they will eventually come through to us. But it’s a bit of a concern.”

Millions of computers will need to be fixed individually, expert warns

A chartered security professional said there would be “lingering effects” from the IT outage that has caused disruption around the world.

James Bore told Sky News:

There are definitely going to be lingering effects. The largest companies and the ones with most critical services, they are going to have thrown everything they can at fixing it.

But for other companies where they don’t have as many people to put hands on keyboard – because that’s the key thing – each fix requires a manual intervention with the computer, and we’re talking millions of computers.

If you’ve only got one IT person in the company and 2,000 employees – it’s not going to be fixed overnight.

That’s going to be weeks of work for that person just travelling around or getting everyone to come in and sort out their laptops.”

Updated

'Similar lessons' should be drawn from global IT outage as from the pandemic, says academic

People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said.

Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme:

Often these issues are left [to] technological elites. This impacts everyone and we need to understand how those effects ripple through society and think about how we all make ourselves more resilient.”

He added:

The resilience in general of these systems is something very special. We depend on these systems and by and large they are working to very high levels of quality.

But when they do go wrong, and it’s like a pandemic, literally we should draw similar lessons, what lessons do we draw?

As individuals, what should we be thinking? We should be thinking about a degree of resilience in our own lives. We should think about having perhaps multiple systems, not depending just on one.”

Updated

George Kurtz, the founder and chief executive of the cybersecurity firm CrowdStrike, has said the company “continues to work with customers and partners to resolve this incident”.

He added that the CrowdStrike team had written a technical overview of Friday’s events. In it, there is an explanation of what happened:

On 19 July 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.

The sensor configuration update that caused the system crash was remediated on Friday, 19 July 2024 05:27 UTC.

This issue is not the result of or related to a cyber-attack.”

Also, in the blog post was a brief section on the root cause analysis:

We understand how this issue occurred and we are doing a thorough root cause analysis to determine how this logic flaw occurred. This effort will be ongoing … We will update our findings in the root cause analysis as the investigation progresses.”

Opening summary

Services began to come back online overnight into Saturday after an IT failure that wreaked havoc worldwide. But full recovery could take weeks, experts have said, after airports, healthcare services and businesses were hit by the “largest outage in history”.

Flights and hospital appointments were cancelled, payroll systems seized up and TV channels went off air after a botched software upgrade hit Microsoft’s Windows operating system. It came from the US cybersecurity company CrowdStrike, and left workers facing a “blue screen of death” as their computers failed to start.

As recovery continues, experts say the outage underscored concerns that many organizations are not well prepared to implement contingency plans when a single point of failure such as an IT system, or a piece of software within it, goes down.

Here is a brief summary of how the IT outage has affected services:

  • Airports across the UK – including London Gatwick, Heathrow Airport, Manchester Airport and Belfast International Airport – stressed that passengers should check with airlines for any delays or cancellations before travelling over the weekend.

  • CrowdStrike’s stock tumbled in value when the US markets opened on Friday. Shares slid by more than 8% at the start of trading, knocking about $10bn (£7.8bn) off its market value.

  • Around the world, banks, supermarkets and other major institutions saw services disrupted, while many businesses were unable to take digital payments or access key databases.

  • NHS England said “the majority of GP practices” had experienced disruption and ambulance services reported increases in 999 and NHS 111 calls from patients who were unable to contact other NHS providers, while the National Pharmacy Association said pharmacies had seen issues “including the accessing of prescriptions from GPs and medicine deliveries”.

Updated

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.