Friday’s global tech outage has prompted cybercriminals to try to take advantage of the situation, according to growing warnings online.
The impact of Friday’s outage, triggered by a faulty software update by cybersecurity firm CrowdStrike, had eased by Saturday morning. Still, criminals were already trying to exploit services that were still recovering, according to the warnings.
“Malicious websites and unofficial code are being released claiming to help entities recover,” the Australian agency in charge of cybersecurity said on Saturday. Customers should get technical information and updates only from CrowdStrike sources, it added.
CrowdStrike itself also issued a warning in a blog post on Saturday about actors trying to capitalize on the situation to “distribute” a malicious ZIP file. The campaign was “likely targeting” CrowdStrike customers in Latin America, it said.
The U.K.’s National Cyber Security Center already warned on Friday that “opportunistic malicious actors seek to take advantage of the situation.” It said the outage was increasingly being referenced in phishing attempts.
Phishing occurs when cybercriminals impersonate an official organization to trick consumers into handing over sensitive information, such as user data or passwords. CrowdStrike also warned of such phishing attempts in a separate blog post on Friday. It said cybercriminals had already impersonated CrowdStrike support teams in emails and phone calls.
Operations at European airports resumed mainly as usual on Saturday after they were heavily affected on Friday.
“U.K. airports and train operators have their IT systems back up and working as normal,” U.K. Transport Secretary Louise Haigh posted, adding that only a “small number of cancelled flights” were expected.
But airports had to cope with a backlog of passengers that saw their flights cancelled on Friday.
On Saturday morning, the port of Dover in the U.K. said that it saw “hundreds of displaced airport passengers” arriving.