Cybercriminals have been taking advantage of the recent CrowdStrike outage to launch social engineering attacks against the security vendor’s customers.
Description
Following the CrowdStrike outage [3], attackers have been using phishing emails disguised as Microsoft recovery guides to steal sensitive information like passwords. They are posing as CrowdStrike or related technical support, promoting fake hotfixes through phishing sites and fake intranet portals. Malware is being distributed through domains like crowdstrikefix.com and crowdstrikeupdate.com [2], with tactics such as delivering a malware loader and remote access tool named ‘Crowdstrike.exe’. This executable extracts a “data wiper” to destroy data on the device [1]. To protect themselves [2], organizations should use blocklists, protective DNS tools [2], and only seek tech support from CrowdStrike’s official channels [2]. These targeted attacks are expected to decrease in the coming weeks.
Conclusion
The chaos following the outage has led to phishing attacks targeting users searching for solutions [3], with scammers creating fake websites offering assistance but actually aiming to scam users and harvest confidential information [3]. The incident impacted over 8.5 million Windows devices globally [3], caused by a faulty CrowdStrike software update [3]. Hackers quickly reacted [3], launching phishing campaigns and spreading malicious links through emails and social media [3]. Phishing kits like FishXProxy make it easy for hackers to carry out professional phishing attacks [3]. As malicious websites continue to rise, brand impersonation attacks are becoming more prevalent, with scammers exploiting various issues to deceive victims [3].
References
[1] https://www.hkcert.org/security-bulletin/malware-attacks-malicious-malware-activities-in-the-theme-of-crowdstrike-outage-event_20240725
[2] https://www.darkreading.com/threat-intelligence/crowdstrike-updates-malware-attacks-snowball
[3] https://www.itechpost.com/articles/123339/20240725/cybercriminals-are-phishing-for-victims-in-wake-of-crowdstrike-outage-chaos.htm