Scam risk in global glitch
A major global IT outage affecting CrowdStrike’s cybersecurity software has triggered a surge in scam activities, targeting consumers and small businesses.
The CrowdStrike outage, which caused widespread disruptions, stemmed from a faulty update to the company's Falcon software.
This cybersecurity tool, which is deeply integrated into systems running Microsoft Windows, encountered a critical error after the update.
The malfunction triggered a ‘blue screen of death’ on affected machines, rendering them unable to reboot properly.
The extensive permissions granted to Falcon for detecting and responding to cybersecurity threats exacerbated the issue, as the malfunction effectively disabled essential computer functions across millions of devices globally.
Australia’s National Anti-Scam Centre says a wave of unsolicited calls, emails, and messages are seeking to exploit the crisis to steal sensitive information.
The recent global IT outage affecting CrowdStrike’s Falcon software, which caused significant disruptions in systems running Microsoft Windows, has been used to deceive individuals into providing sensitive data.
“Criminals look to take advantage of incidents like this CrowdStrike outage, creating a sense of urgency that you need to do what they say to protect your computer and your financial information,” says ACCC Deputy Chair, Catriona Lowe.
Home Affairs Minister Clare O’Neil has also raised concerns about the increased phishing attempts targeting small businesses.
She noted that bad actors are posing as CrowdStrike or Microsoft representatives, seeking bank details under the guise of offering a fix.
“If you see an email or a text message that looks a little bit funny, that indicates something about CrowdStrike or IT outages, just stop. Don’t put any details,” O’Neil said over the weekend.
The Australian Cyber Security Centre has detected several malicious websites and “unofficial code” purporting to aid in recovery from the outage.
The impact of the outage has been widespread, disrupting services across various sectors. CrowdStrike has assured the Australian government that it is close to deploying an automatic fix, but the repercussions continue to ripple through the economy.
Business groups have indicated that full recovery might take several days, with smaller businesses particularly affected.
Andrew McKellar, CEO of the Australian Chamber of Commerce and Industry, says it has caused a serious financial strain on affected businesses.
“Across the board, there’s been a wide impact, that’s cost a lot of businesses time, money, lost sales … it’s very hard to put a dollar figure on that. [The losses] are material, they are significant,” he told reporters.
Experts say there are lessons to be learned from the outage.
“Businesses have centralised the management of their systems so they can reduce costs and more speedily implement software updates. They then outsource these updates to third parties. When these third parties fail, it causes a cascade of IT failures,” said Dr Michael Axelsen from the University of Queensland.
Dr Shumi Akhtar from the University of Sydney has called for a strategic overhaul of critical infrastructures to enhance resilience, highlighting the event as a “resounding wake-up call” for the digital age.