News in English

Hackers could shut down world using ‘global IT outage’ attack as experts warn ‘we must learn’ before it’s too late

HACKERS could shut down systems across the world with an attack that replicates today’s global IT outage.

That’s the warning from cybersecurity experts who say “we must learn” from today’s worldwide computer bungle.

Reuters
Travelers walk past a monitor displaying a blue error screen, also known as the “Blue Screen of Death” inside Newark International Airport[/caption]

Computers booting up on Friday, July 19 were faced with a “Blue Screen of Death”.

It’s impacted airlines, broadcasters, supermarkets, banks, and more around the world – and a rogue update has been blamed.

The outage has been linked to CrowdStrike, which provides security tech for businesses.

And experts have told The U.S. Sun how hackers could exploit a similar trick to cause mass IT chaos.

“This is similar to a supply chain attack,” said Martin Jartelius, Chief Security Officer at Outpost24.

“If an attacker had backdoored such an update to open systems to attacks or to encrypt them, the exact same systems would have been impacted.

“This is why supply chain attacks and defence has been increasingly important.”

The update affected Windows machines around the world, preventing PCs from booting up and even turning servers off.

This has had knock-on effects on systems around the world.

The outage first showed up in Australia as the country woke up to the faulty update.

“This incident serves as a crucial reminder of the importance of the robustness of our security and availability, which hinge on the reliability of our service providers,” Martin said.

In the UK, Sky News went off air completely – and summer flights were delayed.

We woke up to see IT issues essentially spreading across the globe, almost in the same way as COVID-19

Adam PiltonSecurity expert

CROWDSTRIKE BLAMED – CEO'S FULL REPLY

Here's an official statement from CrowdStrike CEO George Kurtz...

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.

“Mac and Linux hosts are not impacted.

“This is not a security incident or cyberattack.

“The issue has been identified, isolated and a fix has been deployed.

“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.

“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.

“Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”

US airlines also experienced communications issues as a result of the outage.

Security expert Adam Pilton told us that the bungled update is like a virus spreading across the world.

This morning, we woke up to see IT issues essentially spreading across the globe, almost in the same way as COVID-19,” Adam said.

He said there’s “no reason to be fearful” because it’s just an update this time – but that might not be the case next time.

Reuters
People wait at Los Angeles International Airport (LAX) amid a global IT outage, in Los Angeles, California[/caption]

“We must learn from this,” Adam said.

“Now today’s issue appears to be a technical issue coming from poor practice and ultimately an erroneous update.

“But we must also consider if a cyber-criminal had taken down CrowdStrike or any other large player within the supply chain, what would the consequences be? Today’s event has demonstrated this.”

CrowdStrike has admitted responsibility for the mass outage.

What is CrowdStrike?

THE global cyber outage affecting TV channels, banks, hospitals, airports and emergency services appears to relate to an issue at cybersecurity firm CrowdStrike.

IT security firm CrowdStrike ran a recorded phone message on Friday – saying it was aware of reports of crashes on Microsoft’s Windows operating system relating to its Falcon sensor.

A prerecorded message said: “Thanks for contacting CrowdStrike support. CrowdStrike is aware of reports of crashes on Windows… related to the Falcon sensor.”

The Falcon system monitors the computers it is installed on and detects hacks and bugs before responding to them.

CrowdStrike, headquartered in Austin, Texas, says it is a global security leader which provides an advanced platform to protect data.

A CrowdStrike update on Friday is said to have caused a critical error in Microsoft operating systems, affecting millions worldwide.

The company regularly updates systems with new anti-virus software

Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia said: “If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons .

“One: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.

“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats.

“It is possible that today’s outage may have been caused by a buggy update to Falcon.”.

Cyber expert Troy Hunt told Australian TV network Seven: “It looks like they’ve pushed a bad update, which is presently nuking every machine that takes it.”

In a post to X, formerly Twitter, CEO George Kurtz said: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.”

He added that a fix has been deployed to prevent more computers going offline.

The U.S. Sun has asked CrowdStrike and Microsoft for comment and will update this story with any response.

Читайте на 123ru.net