Warning issued following CrowdStrike incident

After Microsoft users across the globe experienced what it believed to be the largest IT outage in history on Friday (caused by a defect found in a Falcon content update from cyber security company CrowdStrike for Windows hosts), the clean-up continues to impact consumers*.

The issue impacted 8.5 million Windows devices on Friday afternoon AEST (or 1 per cent of all Windows machines, according to Microsoft).

However, the wider impact was felt across many businesses worldwide, with crashing PCs causing disruptions to banking/payment systems, airports to shut down, stores to close, as well as disruptions to some government services.

The Commonwealth Bank of Australia issued a statement on Friday evening saying it had been impacted by the outage, which largely impacted PayID payments.

“We are aware of a large-scale technical outage affecting a number of companies. This outage relates to a technical issue with a third-party software platform,” the bank said at the time.

“We are urgently investigating any impacts to our systems and services.

“We know some customers have been unable to make PayID payments. If you are unable to use PayID, you’re still able to make payments between your accounts or pay someone using their BSB and account number.

“We’re sorry for the inconvenience. Thanks for your patience while we work through the impacts.”

Some settlements delayed

As a result of payment issues, several lenders experienced issues with settlements on Friday, with some settlements needing to be deferred until Monday (22 July).

Speaking of the issue to The Adviser, a spokesperson for settlements platform PEXA said that while the exchange was unaffected by this incident – and the vast majority of property settlements processed – a small number were impacted.

The spokesperson said: “PEXA Group was made aware of a third-party incident on Friday afternoon.

“The incident impacted the ability of certain banks to process payments for a small number of settlements which resulted in those settlements needing to be deferred until Monday.

“PEXA is proud of our technical teams for ensuring the resilience and reliability of the Exchange platform. We commend their dedication to providing ongoing assistance to our customers during such incidents.”

However, some lenders – such as Westpac – told The Adviser that no settlements had been missed and no Westpac customer-facing applications were impacted by the outage.

Indeed, the Australian Banking Association said on Saturday (20 July) that impacts on banks and payments systems had been “relatively minor”, with any disruptions having already been remedied or “in the process of being gradually restored”.

Other providers, such as credit bureau illion were also impacted. However, a spokesperson told The Adviser on Monday (22 July) that, “based on information currently available, all illion client facing solutions have been up since Saturday, many on Friday”.

Similarly, property data and services provider CoreLogic said to The Adviser that while “there was a small disruption to PropertyHub as a result of the CrowdStrike incident on Friday”, there have been no observed issues since then.

Warning issued over increase in scam activity

While systems are returning to normal, the ABA has said “people should remain vigilant to the risks of scams at this time”, a call that has been echoed by several government bodies and banking institutions.

The warnings urge Microsoft users to be wary of scammers masquerading as their financial institutions and asking them to verify information following the CrowdStrike/Microsoft outage.

For example, the Australian Competition and Consumer Commission (ACCC) is urging users to be wary of “unsolicited requests from individuals claiming to be from their financial institutions or other businesses requesting they update or verify their personal or financial information due to the CrowdStrike/Microsoft outage”.

It has also warned Australians to be mindful of “unsolicited calls, emails or messages requesting they download a software patch or provide remote access to fix or protect their computer from the CrowdStrike/Microsoft outage”.

The watchdog said that downloading unsolicited software can give scammers access to computer systems, as well as online platforms, including bank accounts.

ACCC deputy chair Catriona Lowe said: “Criminals look to take advantage of incidents like this CrowdStrike outage, creating a sense of urgency that you need to do what they say to protect your computer and your financial information.

“Anyone can be scammed, so it is important to be wary of any unsolicited contact that purports to provide assistance in the aftermath of a major event like this.”

The ASD’s (Australian Signals Directorate) ACSC (Australian Cyber Security Centre) has also identified a number of malicious websites and unofficial codes being released claiming to help entities recover from the widespread outages caused by the CrowdStrike technical incident.

The ACCC is now urging borrowers to verify who they are talking to (by calling IT support or financial institution on an independently sourced number), not be rushed into downloading software or providing personal or financial information, and report any scam activity quickly/if banking details have been compromised (to scamwatch.gov.au) to help protect others.

How did the CrowdStrike issue happen?

According to the Minister for Cyber Security and Home Affairs Minister Clare O’Neil MP, the incident occurred just after 2pm AEST on Friday following “an error in an update provided by a company which provides cyber security software for most major economies around the world”.

Speaking on Saturday morning (20 July), the minister said: “That update had an error in it which caused, effectively, system outages for computers that it was pushed to, so computers that were online at that time.

“The fix for this, as I am advised by CrowdStrike, was provided not long after that event... so, not even an hour and a half after that event, CrowdStrike had found a remediation for the error and sent remediation instructions to customers. The issue here is just the breadth of people that were using this particular software and the time it is taking to build and bring major systems back online,” O’Neil said.

The minister noted that while most companies that use CrowdStrike are fully operational, there have been some “teething issues” with restoring services, particularly relating to “big organisations where parts of their IT system need to communicate with each other”.

For example, she said that while supermarkets are open, some of the checkouts might remain closed, while there may be issues with internal communications at airports (for example, baggage handler systems communicating with the front of the terminal).

*CrowdStrike has recommended a workaround to address this issue. Instructions to remedy the situation on Windows end points were posted on the Windows message center. 

[Related: How can brokers improve their cyber security?]

Written by Annie Kane

Last Updated: 22 July 2024

Published: 22 July 2024