Microsoft says it estimates that 8.5m computers around the world were disabled by the global IT outage. It’s the first time a figure has been put on the incident and suggests it could be the worst cyber event in history.
The glitch came from a security company called CrowdStrike which sent out a corrupted software update to its huge number of customers. Microsoft, which is helping customers recover said in a blog post: “We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices.”
The post by David Weston, vice-president at the firm, says this number is less than 1% of all Windows machines worldwide, but that “the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services”.
The company can be very accurate on how many devices were disabled by the outage as it has performance telemetry to many by their internet connections.
The tech giant – which was keen to point out that this was not an issue with its software – says the incident highlights how important it is for companies such as CrowdStrike to use quality control checks on updates before sending them out.
“It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist,” Mr Weston said. The fall out from the IT glitch has been enormous and was already one of the worst cyber-incidents in history.
The number given by Microsoft means it is probably the largest ever cyber-event, eclipsing all previous hacks and outages. The closest to this is the WannaCry cyber-attack in 2017 that is estimated to have impacted around 300,000 computers in 150 countries. There was a similar costly and disruptive attack called NotPetya a month later.
There was also a major six-hour outage in 2021 at Meta, which runs Instagram, Facebook and WhatsApp. But that was largely contained to the social media giant and some linked partners. The massive outage has also prompted warnings by cyber-security experts and agencies around the world about a wave of opportunistic hacking attempts linked to the IT outage.
Cyber agencies in the UK and Australia are warning people to be vigilant to fake emails, calls and websites that pretend to be official. And CrowdStrike head George Kurtz encouraged users to make sure they were speaking to official representatives from the company before downloading fixes.
“We know that adversaries and bad actors will try to exploit events like this,” he said in a blog post. Whenever there is a major news event, especially one linked to technology, hackers respond by tweaking their existing methods to take into account the fear and uncertainty.
According to researchers at Secureworks, there has already been a sharp rise in CrowdStrike-themed domain registrations – hackers registering new websites made to look official and potentially trick IT managers or members of the public into downloading malicious software or handing over private details.
Cyber security agencies around the world have urged IT responders to only use CrowdStrike's website to source information and help. The advice is mainly for IT managers who are the ones being affected by this as they try to get their organisations back online.
But individuals too might be targeted, so experts are warning to be to be hyper vigilante and only act on information from the official CrowdStrike channels.
— CutC by bbc.com