Australians have been warned about opportunistic scammers attempting to take advantage of a widespread IT outage.
It comes after a botched update from caused global chaos on Friday, with banks, media outlets, supermarkets, retailers, and airports among those impacted.
Home Affairs Minister Claire O’Neil confirmed on Saturday morning that the outage was not caused by a cybersecurity breach, and said most Australian systems impacted were now operational.
But she also issued a warning about criminals conducting phishing scams in the wake of the outage.
“What we are seeing some reporting of is attempts to conduct phishing through the incident that’s just occurred,” she told reporters in Melbourne.
“Some individuals are receiving emails from people who are pretending to be CrowdStrike or who are pretending to be Microsoft and are indicating that you need to put in bank details to get access to a reboot, that you need to pay money, that you need to put your personal details in so that your systems can be brought back online.”
O’Neil said any emails claiming to be from CrowdStrike or offering to reboot your system should be treated as suspicious.
She said any phone calls from strangers offering to talk you through a reboot of your system could be scammers.
“The trick that scammers are always trying to use here is trying to find ways to keep you talking, and keep you giving out your personal information,” she said.
“So the first piece of advice is stop; don’t give any personal information and certainly don’t put in any bank details or money.
“I would hang up the phone.”
The nation’s cyber-intelligence organisation, the Australian Signals Directorate, has also warned people to beware of hackers releasing malicious websites and code purporting to help fix the outage.
If you suspect you have been scammed, you should contact your bank and report the incident to Scamwatch.
What caused the Crowdstrike outage?
The outage was caused by a software update by US cybersecurity firm Crowdstrike and hit companies and services around the country just after 3pm AEST on Friday.
“What has happened here is an IT outage that has been caused by an error in an update provided by a company which provides cybersecurity software for most major economies around the world,” O’Neil said.
“And that’s why for Australians, you would have seen on the news yesterday that the sort of outages and issues that we’ve seen here in Australia are being felt in most major economies around the world.”
Companies in Australia and around the world were impacted by the major IT outage. Source: AAP / Jono Searle
O’Neil said she had spoken with CrowdStrike multiple times, and said the company was doing everything they could to bring systems back online “as fast as possible”.
She confirmed most Australian systems impacted were now operational and in a “recovery phase”.
While many breathed a sigh of relief that malicious actors were not responsible, cybersecurity experts warned the incident exposed a soft and exposed belly of the country’s IT systems.
And not just in Australia, but the world, with companies affected globally in the same way.
“It’s not just a mistake or just an error; this is the worst sort of thing that can happen,” cybercrime professor Richard Buckland, from UNSW’s School of Computer Science and Engineering, said.
“This is more serious than a cyber attack because it shows our systems aren’t even proofed against randomness.”
IT outage reveals vulnerability of systems
Monash University cybersecurity professor Nigel Phair described the incident as “unprecedented in scale” and said the outage highlighted the dependencies organisations had on the internet and related online technologies.
The system failure forced the federal government to convene a snap crisis National Co-ordination Mechanism meeting on Friday evening.
The company said it had issued a fix for the problem, allowing affected companies and organisations to reboot their systems.
Prime Minister Anthony Albanese said there had been no impact on critical infrastructure, government services or Triple-Zero services as of 7pm AEST on Friday.
However, numerous flights were cancelled around the country with hundreds of people left stranded at airports while shoppers were forced to leave trolleys full of goods abandoned at supermarket registers.
Melbourne airport was experiencing delays with passengers unable to check in. Source: SBS News
Crowd-sourced website Downdetector listed services like Telstra, Microsoft, Google, National Australia Bank, ABC, Uber, ANZ, and Aldi are back up and running.
Qantas, Virgin Australia, Jetstar, Rex, United Airlines, as well as police forces across much of the country and the federal and NSW governments were also hit.
All airports around the nation have returned to normal operations, including Mebourne, where travellers suffered the most delays on Saturday morning
“We will continue to work closely with our airlines and airport community to monitor and support recovery over the coming days,” Melbourne Airport general manager of operations Scott Dullard said.
Other services impacted on Friday like supermarkets where shoppers were forced to abandon trolleys full of goods are back online too.
Woolworths and Coles said all stores were open and operational on Saturday but warned some check-outs were still unavailable.
The majority of Dan Murphy’s and BWS stores have opened as usual but some have altered opening hours.
Online and delivery services are still impacted with orders made on Friday likely to take some time to be completed, a spokesperson said.
Ms O’Neil asked Australians to be patient as services come back to normal.
“Don’t take this out on the staff at your supermarkets if you have to wait a little bit longer, it is absolutely not their fault,” she said.
The financial costs are expected to be tallied by economists over the weekend as they estimate the money lost to businesses.
CrowdStrike CEO George Kurtz said the company was continuing the work with customers “impacted by a defect found in a single content update for Windows hosts”.
“This is not a security incident or cyberattack,” he said in a statement.
“The issue has been identified, isolated and a fix has been deployed.”
Additional reporting by the Australian Associated Press