Cybercriminals are exploiting the recent global IT outage caused by a faulty software update from CrowdStrike [2] [6], impacting 8.5 million Microsoft Windows PCs worldwide [3].
Description
Threat actors are engaging in phishing campaigns, impersonating CrowdStrike support and staff [4], creating fake websites with malicious software [6], and selling counterfeit remediation solutions. Malicious ZIP archives containing RemCos malware [4], like crowdstrike-hotfix.zip [6], are being distributed [4]. The Department of Homeland Security and the UK’s NCSC have issued warnings about the surge in phishing attacks. Reports of impersonation of CrowdStrike employees in scam emails and phone calls have surfaced [6]. Domains impersonating the brand [4], such as crowdfalcon-immed-update[. [1]]com, have been identified. Impacted customers are advised to communicate through official channels and adhere to technical guidance [4]. CrowdStrike CEO George Kurtz and government cybersecurity agencies are cautioning businesses to remain vigilant and only interact with authorized representatives [2]. Affected businesses are urged to utilize fixes provided by CrowdStrike and avoid assistance from unfamiliar sources. CISA has also warned of threat actors using phishing emails and malicious activity [5]. Social engineering tactics are being used to trick victims into handing over sensitive information [5]. The incident has caused disruptions in various sectors [3], with systems expected to take time to return to normal.
Conclusion
The fallout from the incident highlights the importance of cybersecurity vigilance and adherence to official channels for communication and support. Businesses must implement fixes provided by CrowdStrike and avoid engaging with unauthorized sources. The incident serves as a reminder of the risks posed by cybercriminals and the need for proactive measures to mitigate future threats.
References
[1] https://uk.pcmag.com/security/153475/dont-fall-for-it-hackers-pounce-on-crowdstrike-outage-with-phishing-emails
[2] https://fortune.com/2024/07/20/crowdstrike-outage-phishing-attempts-scam-artists-microsoft-windows-cybersecurity/
[3] https://news.sky.com/story/global-it-outage-warning-over-malicious-websites-offering-to-fix-devices-as-experts-reveal-likely-cause-of-crowdstrike-issue-13182593
[4] https://www.infosecurity-magazine.com/news/cybercriminals-exploit-crowdstrike/
[5] https://techcrunch.com/2024/07/19/us-cyber-agency-cisa-says-malicious-hackers-are-taking-advantage-of-crowdstrike-outage/
[6] https://www.cnn.com/2024/07/22/tech/hackers-crowdstrike-outage-scams/index.html