A faulty software update that caused the global IT outage likely skipped checks before being deployed, experts have said – as a warning was issued about malicious websites offering to fix devices.
An estimated 8.5 million Microsoft Windows PCs devices were affected worldwide by the update from cybersecurity firm CrowdStrike, causing delays for airports, broadcasters, hospitals and businesses.
Problems came to light quickly after the latest version of CrowdStrikes Falcon sensor software was rolled out on Friday.
The update was meant to make systems more secure against hacking, but instead caused devices to display a “blue screen of death” due to faulty code.
“What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through,” said Steve Cobb, chief security officer at Security Scorecard, as he considered the cause of the technical mishap.
Another expert, security researcher Patrick Wardle, put the problem with the update down to “a file that contains either configuration information or signatures [code that detects specific types of malicious code or malware]”.
“It’s very common that security products update their signatures, like once a day… because they’re continually
monitoring for new malware and because they want to make sure that their customers are protected from the latest threats,” Mr Wardle said.
He added that the frequency of updates “is probably the reason why [CrowdStrike] didn’t test it as much”.
‘Look out for possible scams’
Efforts by CrowdStrike to make clients more secure against hacking attempts further backfired as malicious websites have begun to use the incident to publish “unofficial code” claiming to fix any ongoing issues, Australia’s cyber intelligence agency has warned.
On its website, the Australian Signals Directorate said its cybersecurity centre “strongly encourages all consumers to source their technical information and updates from official CrowdStrike sources only”.
The country’s cybersecurity minister Clare O’Neil said on social media platform X that citizens should “be on the look out for possible scams and phishing attempts”.
The fallout from the outage continued to cause disruption to services in the UK into the weekend, despite CrowdStrike rolling out a fix.
NHS England warned of disruption to GP services into next week and pharmacy services were dealing with significant backlogs.
Meanwhile, travellers reported incidents of their baggage being lost at airports and delays of up to nine hours.
CrowdStrike chief executive George Kurtz said on Friday that it would be “some time” before all systems are returned to normal and industry expert Adam Leon Smith of BCS, the Chartered Institute for IT, warned it could take “weeks” for a full recovery.
Sky News has approached CrowdStrike for comment.
