THE global IT meltdown shows how tech failures could be the chink in our armour to enemies like Russia and China.
In what has been branded the “largest IT outage in history“, major airport, airline, railway and supermarket services across the planet were crippled on Friday.
Major tech meltdowns can leave defence systems more vulnerable from attacks from countries like Putin’s Russia, expert claimsEPA
A Crowdstrike update is believed to be behind the outage
GettyFlights across the world have been plagued by the outages with many airlines announcing severe delays[/caption]
Many Microsoft users were facing a blue screen on their computers detailing the issue
Now experts have warned that tech outages can leave defence systems more vulnerable from attacks from Putin and his pals.
David Brumley, CEO of ForAllSecure and the firm’s head of developer advocacy, Josh Thorngren, said meltdowns posed great risks for data security.
Brumley said: “When things are down, that doesn’t necessarily mean that China and Russia are going to get access to information.
“But what we see happening in these sorts of situations is people will stand up temporary systems that are less secure, and those often get left behind.”
Brumley noted that the public saw effects of the outage in everyday services, but there would be a host of unseen problems caused for governments.
He said: “Medical services are down, flights are getting delayed and backed up. Planes can’t get in the air.
“Imagine how much is going on the defence side where they rely upon Windows just as much. And that’s internationally.”
“The security implications can’t really be underestimated here.”
Thorngren warned these consequences can be even more concerning.
He said: “Given the scope of what we’re hearing about just in publicly available information, the things you’re not hearing are even more worrisome to some degree.”
The boss said security companies like CrowdStrike are top targets for attacks.
That’s because security software runs with high privileges and doesn’t require user interaction.
Brumley identified three critical mistakes made by CrowdStrike: a latent bug that hadn’t been fixed, inadequate testing of updates, and the lack of an incremental rollout for the update.
The pair called for a shift in how security is integrated into product development.
What is CrowdStrike?
THE global cyber outage affecting TV channels, banks, hospitals, airports and emergency services appears to relate to an issue at cybersecurity firm CrowdStrike.
IT security firm CrowdStrike ran a recorded phone message on Friday – saying it was aware of reports of crashes on Microsoft’s Windows operating system relating to its Falcon sensor.
A prerecorded message said: “Thanks for contacting CrowdStrike support. CrowdStrike is aware of reports of crashes on Windows… related to the Falcon sensor.”
The Falcon system monitors the computers it is installed on and detects hacks and bugs before responding to them.
CrowdStrike, headquartered in Austin, Texas, says it is a global security leader which provides an advanced platform to protect data.
A CrowdStrike update on Friday is said to have caused a critical error in Microsoft operating systems, affecting millions worldwide.
The company regularly updates systems with new anti-virus software
Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia said: “If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons .
“One: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.
“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats.
“It is possible that today’s outage may have been caused by a buggy update to Falcon.”.
Cyber expert Troy Hunt told Australian TV network Seven: “It looks like they’ve pushed a bad update, which is presently nuking every machine that takes it.”
They want security features prioritised and product security roles to have the authority to implement necessary changes.
Thorngren said: “At the end of the day, security is as much a feature as something that a consumer sees, some shiny new button in the UI.
“Without an investment in that at the board level down, saying our security roadmap and being proactive and being preventative, that’s an investment we have to make just as much as new features.”
EPAStores have been forced to temporarily close due to the tech issues[/caption]
APHundreds of passengers wait in front of counters at BER Airport in Schoenefeld, Germany, after check-in was delayed due to a ‘technical fault’[/caption]
Airports have been hit with ‘Blue Screens of Death’ leaving passengers scrambling amid delays and cancellations
@akothari / XPaper boarding tickets have been used in India due to the outages[/caption]
GLOBAL CHAOS
The major tech outage has sparked mayhem – with flights grounded and TV channels and banks knocked offline.
The severe issues at Microsoft have crashed computer systems across the world as major businesses, newsrooms and television networks all plunged into chaos on Friday.
Cybersecurity software firm CrowdStrike say they have identified the issue behind the global outage as a flawed anti-viral update.
The firm are reportedly used by Microsoft to handle various updates to their systems.
The incident had far-reaching impacts, notably in airports where it led to widespread chaos.
Airlines were unable to check in passengers, and even basic airport terminal services were disrupted.
The disruption also extended to banks, healthcare services and other critical sectors, leading to a domino effect of failures.
Senad Aruc – who has has more than 25 years of experience in cybersecurity – said the financial impact of Friday’s “tech doomsday” will cost billions across the globe.
Cybersecurity software firm CrowdStrike say they have identified the issue behind the global outage as a flawed anti-viral update.
When things are down, that doesn’t necessarily mean that China and Russia are going to get access to information because those systems are down.
David Brumley
The firm is reportedly used by Microsoft to handle various updates to its systems.
Microsoft has since announced it is taking “mitigation actions” against the issues.
They said via X: “Our services are still seeing continuous improvements while we continue to take mitigation actions.
“We remain committed in treating this event with the highest priority and urgency while we continue to address the lingering impact for the remaining Microsoft 365 apps that are in a degraded state.”
A Microsoft spokesperson told Bloomberg that a “resolution is forthcoming”.
CrowdStrike said in a post on their website: “CrowdStrike is aware of reports of crashes on Windows related to the Falcon Sensor.”
It confirmed it isn’t a hack or a cyber attack that caused the issues.
Global services affected by IT outage
Trains
Govia Thameslink Railway (GTR) – urged passengers to expect disruption due to “widespread IT issues”
Gatwick Express – warned travellers they are “currently experiencing widespread IT issues”
South Western Railway – all ticket vending machines are currently non operational – buy tickets online
National Rail – some train operators are unable to access driver diagrams at certain locations, leading to potential short-notice train cancellations
TransPennine Express – some TPE stations and systems are having IT issues – buy tickets online
New York City’s MTA system affected
Washington D.C Metro trains – delayed
Airports and airlines
Manchester Airport – delays for those checking-in for Swissport flights
London Gatwick – passengers may experience some delays while checking in and passing through security but should still arrive for their normal check-in time
Ryanair – advise passengers to arrive at the airport three hours in advance of their flight to avoid any disruptions
Edinburgh Airport – wait times longer than usual
Stansted Airport – some airline check-in services reverted to being done manually, but main operational systems are unaffected and flights are still operating as normal
Luton Airport – running manual systems
Heathrow Airport – affected but flights operational – check with airline on latest journey information
American Airlines – all flights cancelled
United and Delta – no flights taking off
Allegiant Air and Spirit Airlines – flights grounded
Frontier and SunCountry – affected by outage
San Francisco Airport – passengers reporting suspended flights
Mumbai Airport – check-in desks shut down for IndiGo, Akasa and Spice Jet flights
Australian airline Qantas – flights grounded
Schipol Airport in Amsterdam – flights to and from the Netherlands affected
Spanish airport association AENA – reported issues at 42 airports
Rome’s Fiumicino Airport affected
Ibiza Airport – empty due to IT outage
Hamburg Airport in Germany affected
BER Berlin Airport – Long queues
The Hague Airport in Rotterdam – travellers experiencing longer wait times
Narita International Airport in Narita, east of Tokyo – check-in delays
Palma Mallorca Airport affected
Suvarnabhumi Airport in Bangkok – longer queues reported
Hong Kong Express Airways passengers delayed at Hong Kong International Airport
Television Networks
Sky News – Friday morning breakfast show unable to air but now back on screens with reporter reading from printed notes
Paramount Global channels including MTV, VH1, CMT and Pop TV – bumped offline.
Britain’s GPs
The Wilmslow Health Centre in Cheshire – without access to their IT systems
Solihull Healthcare Partnership in the West Midlands – affected ability to book/consult with patients this morning
Central Lakes Medical Group in Ambleside – stated there has been a “big effect” and delays on the phone expected
Pocklington Group Practice in the East Riding of Yorkshire – appointments needing to be cancelled and rearranged
Hulme Hall Medical Group, in Stockport – unable to offer any appointments
Windrush Medical Practice in Witney, Oxfordshire – continuing as normal for urgent enquiries but ask for routine concerns to wait until Monday
Grimethorpe Surgery in Barnsley – no access to the clinical system, EMIS Web
The National Pharmacy Association (NPA) confirmed the IT outage is disrupting community pharmacies
A surgery in Putney, southwest London – Displaying an error message online to patients who attempt to book
Global hospitals
Two German hospitals have been forced to cancel emergency operations
The hospitals, in the northern German cities of Luebeck and Kiel, cancelled all elective operations scheduled for today
Supermarkets and restaurants
Morrisons are affected
Some Waitrose and Co-op are now cash only
Gails and Waterstones experiencing some issues
Wetherspoons pubs – only accepting cash
Woolworths and Coles supermarkets in Australia – self service machines not working
Events
Manchester United ticket release postponed – morning’s ticket release will be postponed until midday and website will remain unavailable
Banks and supermarkets in Australia including Beyond Bank Australia have also been experiencing issues this morning.
Various Microsoft services in Japan and New Zealand are also battling tech issues.