CrowdStrike Outage: Scam Alert Issued

Australians have been warned of opportunistic scammers trying to profit from a large-scale IT outage.
This follows a botched update from US cybersecurity firm CrowdStrike, which caused global chaos on Friday, affecting banks, media, supermarkets, retailers and airports, among others.
Minister for Home Affairs Claire O’Neil confirmed on Saturday morning that the outage was not the result of a cybersecurity breach, saying most of the affected Australian systems were now operational.
But she also warned of criminals launching phishing attacks in the wake of the outage.
“We are seeing reports of phishing attempts through the incident that just occurred,” she told reporters in Melbourne.

“Some people are receiving emails from people pretending to be CrowdStrike or Microsoft, saying that you need to enter your bank details to access a reboot, that you need to pay money, that you need to enter your personal details so that your systems can be brought back online.”

According to O’Neil, any emails claiming to come from CrowdStrike or offering to reboot your system should be considered suspicious.
She said that any calls from strangers wanting to help you reboot your system could be from scammers.
“The trick that scammers always try to use here is to find ways to keep you talking and get you to keep giving away your personal information,” she said.
“So the first piece of advice is: stop; don’t give any personal information and certainly no bank details or money.”

If you suspect you have been scammed, contact your bank and report the incident to Scamwatch.

What caused the outage at Crowdstrike?

The outage was caused by a software update from US cybersecurity firm Crowdstrike and affected businesses and services across the country just after 3pm AEST on Friday.
“What happened here was an IT outage caused by a bug in an update from a company that supplies cybersecurity software to most of the world’s major economies,” O’Neil said.

“And that’s why Australians saw on the news yesterday that the power outages and the problems that we’ve seen here in Australia are also being felt in most major economies around the world.”

An error sign at a Big W store in Brisbane

Businesses in Australia and around the world were hit by the major IT outage. Source: MONKEY / Jono Searle

O’Neil said she had spoken to CrowdStrike several times and that the company was doing everything it could to get its systems back online “as quickly as possible.”

She confirmed that most of the affected Australian systems are now operational and in a ‘recovery phase’.
While many were relieved that malicious actors were not to blame, cybersecurity experts warned that the incident exposed the soft and vulnerable core of the country’s IT systems.
And not just in Australia, but all over the world businesses are being hit in the same way.
“It’s not just a mistake or an oversight; this is the worst thing that can happen,” said Richard Buckland, professor of cybercrime in the School of Computer Science and Engineering at UNSW.

“This is more serious than a cyber attack because it shows that our systems are not even resilient to arbitrariness.”

IT outage exposes system vulnerability

Nigel Phair, a professor of cybersecurity at Monash University, described the incident as “unprecedented in scale” and said the outage showed how reliant organisations are on the internet and related online technologies.

Due to the system failure, the federal government had to convene an emergency meeting of the National Coordination Mechanism on Friday evening.

The company said it had released a fix for the issue, allowing affected businesses and organizations to reboot their systems.
Prime Minister Anthony Albanese said there was no impact to critical infrastructure, government services or Triple-Zero services as of 7pm AEST on Friday.

However, numerous flights were cancelled in the country and hundreds of people were stranded at airports, while shoppers were forced to abandon their shopping carts full of produce at supermarket checkouts.

A crowd of people are standing in line at the airport

There were delays at Melbourne Airport, resulting in passengers being unable to check in. Source: SBS News

According to crowdsourced website Downdetector, services including Telstra, Microsoft, Google, National Australia Bank, ABC, Uber, ANZ and Aldi are operational again.

Qantas, Virgin Australia and Jetstar, as well as police forces across much of the country and the federal and New South Wales governments, were also affected.

Other services that were affected on Friday, such as supermarkets where customers had to leave their shopping carts full of goods, are back online.

Economists are expected to tally the financial costs this weekend and estimate how much money companies are losing as a result.
CrowdStrike CEO George Kurtz said the company continues to work with customers “impacted by a defect found in a single content update for Windows hosts.”
“This is not a security incident or cyberattack,” he said in a statement.
“The problem has been identified, isolated and a solution has been implemented.”

Additional reporting by the Australian Associated Press