Summary: Following a significant outage caused by a software update from CrowdStrike, malicious actors are exploiting the situation to launch phishing attacks and other scams. The U.S. cybersecurity agency CISA has warned individuals to be cautious of suspicious emails and links during this chaotic period.
Threat Actor: Malicious Actors | malicious actors
Victim: CrowdStrike | CrowdStrike
Key Point :
- CISA reported that threat actors are taking advantage of the CrowdStrike outage for phishing and other malicious activities.
- Phishing emails impersonating CrowdStrike are being sent, with some claiming to offer fixes for the outage in exchange for payment.
- Experts emphasize the importance of verifying identities before taking sensitive actions to prevent falling victim to scams.
- The outage was caused by a defective software update, leading to widespread computer crashes among users of CrowdStrike’s security software.
As much of the world slowly gets back online after an outage caused by cybersecurity giant CrowdStrike led to global travel and business gridlock, malicious actors are also trying to exploit the situation for their own gain.
U.S. cybersecurity agency CISA said in a statement Friday that though the CrowdStrike outage was not linked to a cyberattack or malicious activity, it has “observed threat actors taking advantage of this incident for phishing and other malicious activity.”
CISA warned individuals to “avoid clicking on phishing emails or suspicious links,” which can lead to email compromise and other scams.
It’s not uncommon for malicious actors to exploit chaotic situations to carry out cyberattacks, especially campaigns that can be easily created and customized at short notice, like email or text phishing.
One security researcher on X, formerly Twitter, said malicious actors were already sending phishing emails using a variety of domains that impersonate CrowdStrike. One of the emails posted falsely claimed it could “fix the CrowdStrike apocalypse” if the recipient paid a fee worth several hundred euros to a random crypto wallet.
In reality, the only working fixes are either to repeatedly restart affected computers in the hope that they stay on long enough for the newly fixed update to download and install, or manually removing the defective file from every bricked computer.
Social engineering expert Rachel Tobac, who founded and heads cybersecurity firm SocialProof Security, said in a series of posts on X that criminals will also use the outage as cover to trick victims into handing over passwords and other sensitive codes.
“Remember: verify people are who they say they are before taking sensitive actions,” Tobac said.
Early Friday morning, a defective software update released by CrowdStrike caused a countless number of Windows computers running the company’s anti-malware and security software to crash. CrowdStrike said the bug has been fixed, but warned that the need to manually remediate each affected computer could result in lasting outages.
CISA said it was “working closely with CrowdStrike and federal, state, local, tribal and territorial partners,” as well as critical infrastructure and its international partners to help with fixes.
“An interesting youtube video that may be related to the article above”