The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws.
Prof Ciaran Martin told Sky News:
The worst of this is over because the nature of the crisis was such that it went very badly wrong, very quickly. It was spotted quite quickly, and essentially, it was turned off.”
Martin added:
Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.
Within countries like the UK and elsewhere in Europe, you can try and build up that national resilience to cope with this. But ultimately, a lot of this is going to be determined in the US.
If there’s going to be regulation to try and iron out these flaws, it’ll probably have to come from the US and there’s not a great deal that we can do about that.
So unless and until the structure of the way we do tech changes, we’re going to have to learn to cope with these things, rather than eliminate them.”
CrowdStrike have warned of a “likely eCrime actor” targeting Latin America based customers. On its blog, the cybersecurity company wrote:
CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos. Notably, Spanish filenames and instructions within the ZIP archive indicate this campaign is likely targeting Latin America-based (LATAM) CrowdStrike customers.
It recommends “that organizations ensure they are communicating with CrowdStrike representatives through official channels and adhere to technical guidance the CrowdStrike support teams have provided”.
Yesterday, George Kurtz, the founder and chief executive of the cybersecurity firm CrowdStrike, warned of “bad actors” exploiting the IT outage event:
We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.”
A GP said the global IT outage meant “everything went down” in her surgery and warned the disruption would cause “a lot more issues later on in the week”.
Asked about Friday’s outage, Dr Fari Ahmad told BBC Breakfast:
Everything went down. There are supposed to be some business continuity things that are supposed to help, but we couldn’t access some of them. I know some places lost all their phone lines as well.
People were struggling to get in. We were struggling to tell people what was going on. And if people did turn up, you had to see them without accessing their medical records. The doctors and the surgery went down to pen and paper.”
Ahmad added:
We had people who were supposed to come in for results, and we couldn’t see them. We said: ‘Sorry, we can’t help you.’ We were just trying to deal with the emergencies on the day that really couldn’t wait.
We couldn’t do our routine stuff, so the implications for us is a lot of that’s been bumped up. It’s all going to build up, so there’s going to be a lot more issues later on in the week.”
Travel expert, Simon Calder, said that at least 45 flights have been cancelled to or from UK airports so far today, affecting more than 7,000 passengers.
In a post on X, Calder added: “That’s on top of 350 grounded UK flights on Friday, which meant 50,000 people woke up this morning far from where they hoped to be.”
Calder also highlighted the scale of travel disruptions caused by the IT outage yesterday as he pointed out that Friday was “the busiest day for five years for flights from the UK”.
Indie rock band Bombay Bicycle Club have announced the rescheduled date of a music festival performance they missed due to the global IT outage.
The British group were due to play Poolbar festival in the Austrian town of Feldkirch on Friday but missed it due to a cancelled flight.
In a post to Instagram on Friday evening they said:
Unfortunately our flights to get to tonight’s Poolbar festival show were cancelled because of the IT outage. The show is now going to take place this Sunday 21 July.
It’s an early show: Doors at 7PM and we’re on at 8PM. All tickets remain valid! The combination tickets are valid today and on Sunday.
Ticket holders who are unable to attend on Sunday can return their tickets at any advance booking office. The show is sold out but any returns will be available at the box office.”
The statement added: “We apologise to all fans for this inconvenience and are still looking forward to a replacement Bombay Bicycle Club show on Sunday.”
The National Pharmacy Association has warned that patients collecting prescriptions could still face disruption this weekend after the global IT outage.
Nick Kaye, chairman of the National Pharmacy Association, which represents independent community pharmacies in the UK, said:
Systems are by and large back online and medicine deliveries have resumed in many community pharmacies today after the global IT outage.
However, yesterday’s outage will have caused backlogs and we expect services to continue to be disrupted this weekend as pharmacies recover.
We urge people to be patient when visiting their local pharmacy and some may be still prioritising those patients with emergency prescriptions from their GP surgery.”
Additionaly, the vice-chair of the National Pharmacy Association said the global IT outage had caused pharmacies “continuous problems”. Olivier Picard told BBC Breakfast:
I was in a pharmacy yesterday. In fact, I’m in a pharmacy this morning and we’ve had continuous problems.
What we couldn’t do was download new prescriptions on 19 July, but anything prior to that, that was downloaded on our computers, we were able to dispense.
Most pharmacies will have an office based or computer-based system rather than online. That’s not all, but that’s the majority of pharmacies, so we were able to continue working with what we already had.
What we couldn’t do is receive new prescriptions issued after the outage.”
There is a further update on the situation at the Port of Dover in England, which was mentioned earlier (see 9.41am BST).
Chief executive Doug Bannister told the PA news agency:
We operate a turn up and go system here. However, we do insist you have a book on busy days, even if people are doing this on the drive down. The greater visibility we have the better.
But we are here to service people who want to travel. So I would say to displaced airport passengers ‘come on down. We have the capacity’.”
Bannister said the Port of Dover was expecting more than 10,000 cars on Saturday, up from 8,000 the day before.
He added:
We start to get busy about 5 or 5:30 in the morning. We’ve opened new infrastructure today which is working really well. So far there is no congestion in the town of dover. Approach roads are busy but moving. Everything is running well.”
Bannister also confirmed the port remained unaffected by the IT outage, adding travellers were able to get to their destinations on time and without disruption throughout Friday.
The former chief executive of the National Cyber Security Centre said “the worst” of the global IT outage is over but warned that countries would “have to learn to cope” with future flaws.
Prof Ciaran Martin told Sky News:
The worst of this is over because the nature of the crisis was such that it went very badly wrong, very quickly. It was spotted quite quickly, and essentially, it was turned off.”
Martin added:
Until governments and the industry get together and work out how to design out some of these flaws, I’m afraid we are likely to see more of these again.
Within countries like the UK and elsewhere in Europe, you can try and build up that national resilience to cope with this. But ultimately, a lot of this is going to be determined in the US.
If there’s going to be regulation to try and iron out these flaws, it’ll probably have to come from the US and there’s not a great deal that we can do about that.
So unless and until the structure of the way we do tech changes, we’re going to have to learn to cope with these things, rather than eliminate them.”
Holidaymakers have been warned of potential travel disruption this weekend as UK transport networks continue to feel the impact of Friday’s global IT outage.
Flight delays and cancellations are among the disruption expected to continue into the weekend after the outage, with experts warning it could take weeks for systems to fully recover.
It comes as thousands of families in the UK start to embark on summer holidays amid the end of the academic year for many schools.
Travel association Abta urged holidaymakers to check with providers if there are “any extra steps” they may need to take.
A spokesperson said:
We’re at the start of one of the busiest periods of travel, with some schools finishing for the summer yesterday and many more next week.
Many people will be jetting off abroad – looking to escape the UK’s unseasonable weather of late.
With Spain, Turkey and Greece among the popular destinations for an overseas trip.
If you are heading off on holiday this weekend – by whatever means – it’s advisable to check with your travel provider if there are any extra steps you need to take, as some businesses are continuing to feel the impact of Friday’s IT outage.”
The Port of Dover said early on Saturday that it was dealing with “hundreds of displaced” airport passengers and urged customers to ensure they had a booking before arrival.
It also posted on X that approach roads were “slow moving”, with a 60-minute wait time in the buffer zone.
Ferry operator DFDS said on X that there were wait times of up to 120 minutes at Dover border controls and 30 minutes at check-in.
Scammers are attempting to use the global CrowdStrike outage on Microsoft Windows systems to steal from small businesses by offering fake fixes, the Australian government has warned.
The world has begun to recover from a global outage of Windows systems running the cybersecurity company Crowdstrike’s software, after the company issued a faulty update. But bad actors have seized upon the crisis to attempt to scam the public, the home affairs minister, Clare O’Neil, said on Saturday.
“What we are seeing some reporting of is attempts to conduct phishing through the incident that just occurred,” she said.
She said small businesses in particular were receiving emails from people pretending to be CrowdStrike or Microsoft and seeking bank details to access a reboot to fix the error.
“I ask Australians to be really cautious over the next few days about attempts to use this for scamming or phishing,” she said. “If you see an email, if you see a text message that looks a little bit funny, that indicates something about CrowdStrike or IT outages, just stop. Don’t put any details.”
She said if people receive calls along those lines they should hang up, and if people do hand over their banking information then to contact their bank immediately to report it.
You can read the full piece here:
In the UK, Saturday’s headlines are dominated by the fallout from an IT failure that grounded planes, took TV channels off air and played havoc with health services, banking and retail businesses around the world.
“Digital pandemic”, “havoc” and “meltdown” were some of the most common phrases in UK headlines after a botched CrowdStrike software update.
Here is the Guardian’s front page this Saturday:
You can see the rest of Saturday’s front pages here:
Thora, a pharmacist in Manchester, England, told the BBC’s Today programme that pharmacy backlogs would continue after Friday’s IT outage.
She said:
What we know at the moment is obviously we have been experiencing some heightened tensions in some pharmacies by patients but also people have been really understanding and have been really patient with us.
This backlog will continue because obviously there will have been patients who have been unable to access their prescription because it will be hand-written at the surgery, and we’ll get a bit of a backlog, or they will eventually come through to us. But it’s a bit of a concern.”
A chartered security professional said there would be “lingering effects” from the IT outage that has caused disruption around the world.
James Bore told Sky News:
There are definitely going to be lingering effects. The largest companies and the ones with most critical services, they are going to have thrown everything they can at fixing it.
But for other companies where they don’t have as many people to put hands on keyboard – because that’s the key thing – each fix requires a manual intervention with the computer, and we’re talking millions of computers.
If you’ve only got one IT person in the company and 2,000 employees – it’s not going to be fixed overnight.
That’s going to be weeks of work for that person just travelling around or getting everyone to come in and sort out their laptops.”
People should draw similar lessons from the global IT outage as they did from the pandemic, an academic has said.
Computer scientist Sir Nigel Shadbolt told the BBC’s Today programme:
Often these issues are left [to] technological elites. This impacts everyone and we need to understand how those effects ripple through society and think about how we all make ourselves more resilient.”
He added:
The resilience in general of these systems is something very special. We depend on these systems and by and large they are working to very high levels of quality.
But when they do go wrong, and it’s like a pandemic, literally we should draw similar lessons, what lessons do we draw?
As individuals, what should we be thinking? We should be thinking about a degree of resilience in our own lives. We should think about having perhaps multiple systems, not depending just on one.”
George Kurtz, the founder and chief executive of the cybersecurity firm CrowdStrike, has said the company “continues to work with customers and partners to resolve this incident”.
He added that the CrowdStrike team had written a technical overview of Friday’s events. In it, there is an explanation of what happened:
On 19 July 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.
The sensor configuration update that caused the system crash was remediated on Friday, 19 July 2024 05:27 UTC.
This issue is not the result of or related to a cyber-attack.”
Also, in the blog post was a brief section on the root cause analysis:
We understand how this issue occurred and we are doing a thorough root cause analysis to determine how this logic flaw occurred. This effort will be ongoing … We will update our findings in the root cause analysis as the investigation progresses.”
Services began to come back online overnight into Saturday after an IT failure that wreaked havoc worldwide. But full recovery could take weeks, experts have said, after airports, healthcare services and businesses were hit by the “largest outage in history”.
Flights and hospital appointments were cancelled, payroll systems seized up and TV channels went off air after a botched software upgrade hit Microsoft’s Windows operating system. It came from the US cybersecurity company CrowdStrike, and left workers facing a “blue screen of death” as their computers failed to start.
As recovery continues, experts say the outage underscored concerns that many organizations are not well prepared to implement contingency plans when a single point of failure such as an IT system, or a piece of software within it, goes down.
Here is a brief summary of how the IT outage has affected services:
Airports across the UK – including London Gatwick, Heathrow Airport, Manchester Airport and Belfast International Airport – stressed that passengers should check with airlines for any delays or cancellations before travelling over the weekend.
CrowdStrike’s stock tumbled in value when the US markets opened on Friday. Shares slid by more than 8% at the start of trading, knocking about $10bn (£7.8bn) off its market value.
Around the world, banks, supermarkets and other major institutions saw services disrupted, while many businesses were unable to take digital payments or access key databases.
NHS England said “the majority of GP practices” had experienced disruption and ambulance services reported increases in 999 and NHS 111 calls from patients who were unable to contact other NHS providers, while the National Pharmacy Association said pharmacies had seen issues “including the accessing of prescriptions from GPs and medicine deliveries”.