This post is also available in:
עברית (Hebrew)
Microsoft estimates that 8.5 million computers worldwide were disabled by the outage, a number that indicates this could possibly be the worst cyber event in history. The issue apparently originated from the CrowdStrike security company that sent a corrupted software update to its huge customer base.
David Weston, vice president of Microsoft, said in a statement that this number is less than 1% of all Windows machines worldwide, but added that “the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services”.
Microsoft emphasized that this was not an issue with its software and stated the incident highlights how important it is for companies like CrowdStrike to use quality control checks on updates before sending them out. Weston himself said: “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist.”
The disastrous effects of the IT glitch and the enormous number Microsoft provided set it up to be the worst cyber incident in history, eclipsing all previous hacks and outages.
Many cybersecurity experts and agencies came out with warnings about a wave of opportunistic hacking attempts linked to the IT outage, warning people to be vigilant and expect fake emails, calls and websites that pretend to be official, with CrowdStrike head George Kurtz encouraging users to make sure they were speaking to official representatives from the company before downloading fixes.
According to BBC News, every major news event linked to technology prompts hackers and malicious actors to respond by changing their attack methods to consider the current fear and uncertainty of the public. Researchers at cybersecurity company Secureworks explain that there has already been a sharp rise in CrowdStrike-themed domain registrations in which hackers register new websites that are made to look official to trick IT managers or citizens into downloading malicious software or exposing private information.
Indeed, many cybersecurity agencies worldwide are urging IT responders to only use CrowdStrike’s website to source information and help as they try to get their organizations back online. However, some individuals might also be targeted, and so experts are advising to be hyper vigilant and only act on information from the official CrowdStrike channels.
