Just this past week, a good friend of mine came back from a 2-week vacation in Scotland. He and his wife had a great time walking an old ancient trail along many lakes and mountains. He stayed at various BnB’s and hotels. One thing that bothered my friend is that almost all places of business in Scotland, including the airport in Glasgow, demanded payment with a credit card – another words, e-commerce transitions only. My friend took over 1,000 in British Pounds (cash) to pay for whatever he and his lovely wife needed during their trip in Scotland. Almost all businesses in Scotland never used cash, only credit card. There were signs everywhere – “We Do Not Accept Cash.” When he got back to the US, he and I discussed this and thought that was very, very strange – or is it? Enter Australia.
** An unprecedented recent IT outage this past week has affected major institutions in Australia and internationally, potentially one of the biggest global outages ever experienced. Outages were recorded in the US, Europe and in the Asia Pacific - New Zealand before the Australia-wide shut down. Reports of the Australian outage began flooding in about 3pm AEST.[1]
The global outage impacted a range of Australian companies and government agencies on Friday (19 July) afternoon. The outage hit telco providers, media websites, banks and airlines. Universities, law firms, Bunnings and blood donation services were also among the places where ABC (Australia media) readers reported experiencing outages. Payment systems caused major disruption at supermarkets and fuel stations. People were stuck at fuel pumps unable to pay for their gasoline. Supermarket customers sent the ABC photos of self-check-outs with error messages. And shops were forced to close their doors. Here's what we know.
What happened? The outage was quickly linked to the US-based CrowdStrike, one of the largest cybersecurity companies in the world. The company has software called CrowdStrike Falcon installed on Windows, Mac and Linux systems globally, advertising protection from attacks including credential theft. "Falcon is the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks," the company's website claims. CrowdStrike launched a software update earlier this week, but an overnight update caused Windows computers to attempt to restart and display a blue-screen error message. In a statement, the company clarified Mac and Linux hosts were not impacted. On X, Microsoft said it was investigating the incident.
See: https://redskyalliance.org/xindustry/fixing-the-blue-screen-of-death
A cybersecurity expert said any disruption within a CrowdStrike system could affect the whole computer system, impacting laptops, self-check-out terminals and smart devices all at once. "The bad guys are writing exploits and malware and viruses that get very deep inside your computer," he said. "So, for something like CrowdStrike to work it has to be very deep in your computer." He advised the public against removing CrowdStrike systems from their computers, saying the move could expose them to security threats.
Australia's National Cybersecurity coordinator, Lieutenant General Michelle McGuinness, posted a statement on social media saying she was aware of the outage. "Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies," she said. "There is no information to suggest it is a cybersecurity incident. We continue to engage across key stakeholders."
Australian cybersecurity company CyberCX said it was aware of the outage and was advising its customers in Australia and New Zealand. "We understand that this has been caused by an issue affecting organisations who have installed CrowdStrike Falcon in their IT environments," a CyberCX spokesperson said. "CrowdStrike is a global cybersecurity company who provide detection and monitoring tools to cyber and IT teams. "At this time, CyberCX is actively tracking the situation and are awaiting information detailing scope and recovery. "We will continue to support affected customers as this incident evolves."
The deputy secretary from the Australia’s Home Affairs Cyber and Infrastructure Security Centre, added on X he anticipated the outage to "self-resolve" in "the next hours and days." "There is no reason to panic, CrowdStrike are on it, it is not a cybersecurity incident and we're working as fast as we can to resolve the incident," he said. Although CrowdStrike implemented a fix to their software defect, some systems were unable to reboot to receive the update. In these cases, it needs to be manually applied — which will take some time.
A network engineering expert at RMIT University, expected the outage to resolved by 20 July. "Software like CrowdStrike's Falcon platform are typically rolled out from a central part of an organization," he said. "They have IT support teams … they should be able to quite quickly apply the patch." "As we've heard, a problem exists if a computer has been turned off after the blue screen occurred, the computer will need to be turned back on so the patch can be applied. "But generally, I would expect this type of problem should be resolved by tomorrow [Saturday] morning. "IT teams are going to be working late tonight because they'll need to apply the patch, then there'll be a lot of testing. "I would expect by about midday tomorrow things should be pretty well back to normal."
The Big Question - What has been impacted (in Australia)? The technical issue affected Windows PC users globally. Users reported seeing the "blue screen of death" error messages across banking institutions, supermarkets and media companies including the ABC. New South Wales government systems, including police and fire systems, were impacted. Some self-serve check-outs at supermarkets, including Coles, were also down in Canberra. The ACT government said its systems were unaffected.
The global outage earlier forced airlines in the US to ground flights. It also caused flight cancellations and delays in India, Japan and across Europe. Qantas check-in terminals have been confirmed to be hit by outages in airports across the country including in Sydney and Canberra. Virgin Australia also said it was aware of "a large-scale IT outage impacting multiple airlines and other businesses which is having an impact on our operations." These are the updates provided by airports so far. A Sydney Airport spokesperson said the outage had impacted some airline operations and terminal services. But flights were still arriving and departing. "However there may be some delays throughout the evening," the spokesperson said. "We have activated our contingency plans with our airline partners and deployed additional staff to our terminals to assist passengers." Melbourne's Tullamarine Airport said it was experiencing difficulties with check-in systems for select airlines. Passengers were advised to allow for extra time and monitor their respective flight updates. Both domestic and international flight operations could be impacted. Adelaide Airport said the outage was impacting check-in procedures for some airlines. It said a small number of bag drop facilities and flight information screens had been affected. The airport advised passengers flying on Friday evening to allow extra time for check-in. Aircraft were still departing Perth Airport, but some airlines reported problems with their systems and there were long queues. Check-in for some airlines at Brisbane Airport and some terminal services were impacted. Flights continued to operate. Qantas self-check-in screens at Canberra airport were affected, but planes were still taking off and landing.
The federal government said triple-0 services were not affected by the outage. And emergency services in several states told the ABC they were able to keep working. Emergency services also said they had not been affected by the outage. Ambulance Victoria, ESTA/Triple-0, Fire Rescue Victoria all said they were not having issues with internal or external communications. There were reports from Victoria Police staff that internal IT systems were down but the extent was not known. The Royal Women's Hospital and the Royal Children's also appeared to be unaffected. Western Health, which operates multiple hospitals in Melbourne's western suburbs, said it had "reverted to the use of paper-based patient records" as a result of the IT outage. The ambulance service, police and State Emergency Service said they were not affected by the IT outage. Queensland Health Hospitals were not affected by the outage. But several of the state's private hospitals were affected. Systems were down in some Uniting Care and Ramsay Health Care hospitals, including the Wesley Hospital and St Andrews Hospital in Brisbane. Ramsay Health has about 20 facilities across the state. "We are assessing the impacts at a local level across our hospitals and health services network to understand which systems are affected and developing contingency plans for patients," A Ramsay Health spokesperson said. "At this stage, we do not know how long the outage will last. During this time, if you have questions regarding current Ramsay patients, please contact your local hospital by phone." Queensland Health, the Queensland Fire Department, Queensland Police and Queensland Ambulance were unaffected by the outage. A WA Health spokesperson said no WA Health clinical systems were impacted and hospitals were continuing to operate as normal. Emergency services and hospitals in the nation's capital said their computer systems were not being impacted by the outage.
Cash - Some banks including NAB, Westpac, ANZ, Commonwealth Bank, Bendigo Bank and Suncorp were affected by the outage. Internal systems, excluding Eftpos, were also down. The Commonwealth Bank confirmed some customers' ability to make payments, but provided an update later on Friday evening to say all of its services were back up and working. "We are aware of a large-scale technical outage affecting a number of companies," a CBA spokesperson told the ABC. "CommBank services are still available including NetBank, the CommBank app, CommBiz, merchant payments and our ATMs." Westpac said its customer-facing applications were not affected.
South Australia's power operation company SA Power Networks said it had been impacted by the outage. "We are currently working to understand and resolve the issue," an SA Power Network statement said. In Victoria, Powercor and AEMO confirmed the electricity system was not affected by the IT outages. Powercor said its internal corporate IT system was impacted, but this had no flow-on effect to the grid. Telstra said there had been hold-ups for some of its customers, but there was "no impact to our fixed or mobile network which continue to operate." An NBN spokesperson said there had been no evident impact to the network.
In NSW, regional trains on the Hunter Line between Newcastle and Dungog/Sconeare were back up and running after earlier disruptions. There were no impacts to other modes of public transport and no impacts to the wider Sydney Trains network. And no adverse impacts to the road network or traffic lights were reported. There were reports of taxis in Queensland being affected. The managing director of Queensland company Black and White Cabs said they were unable to receive bookings or connect to drivers. Taxis were still operating from ranks as usual. Were they taking cash?
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.msn.com/en-au/travel/news/australians-have-been-hit-by-a-worldwide-tech-outage-heres-what-we-know/ar-BB1qg6hP/
Comments