CrowdStrike itself also issued a warning in a blog post on Saturday about actors trying to capitalize on the situation to “distribute” a malicious ZIP file. The campaign was “likely targeting” CrowdStrike customers in Latin America, it said.
The U.K.’s National Cyber Security Center already warned on Friday that “opportunistic malicious actors seek to take advantage of the situation.” It said the outage was increasingly being referenced in phishing attempts.
Phishing occurs when cybercriminals impersonate an official organization to trick consumers into handing over sensitive information, such as user data or passwords. CrowdStrike also warned of such phishing attempts in a separate blog post on Friday. It said cybercriminals had already impersonated CrowdStrike support teams in emails and phone calls.
Microsoft said on Saturday that an estimated 8.5 million Windows devices were affected by the outage. That is less than 1 percent of all Windows machines, the company said in a blog post. “While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” it said.
Operations at European airports resumed mainly as usual on Saturday after they were heavily affected on Friday.
“U.K. airports and train operators have their IT systems back up and working as normal,” U.K. Transport Secretary Louise Haigh posted, adding that only a “small number of cancelled flights” were expected.
But airports had to cope with a backlog of passengers that saw their flights cancelled on Friday.
On Saturday morning, the port of Dover in the U.K. said that it saw “hundreds of displaced airport passengers” arriving.
